230 likes | 275 Views
Safe as houses – how safe are we?. A presentation to socitm east midlands @Loughborough university By Kerry davies, ceo Abatis (UK) Ltd Greg dwyer, ict manager, Rushcliffe borough council 22 march 2019. Kerry davies – CEO, Abatis (UK) Ltd.
E N D
Safe as houses – how safe are we? A presentation to socitm east midlands @Loughborough university By Kerry davies, ceo Abatis (UK) Ltd Greg dwyer, ict manager, Rushcliffe borough council 22 march 2019
Kerry davies – CEO, Abatis (UK) Ltd. • 32 years experience in Information Security • Former ITSEC Evaluator, LRQA ISO27001 Lead Auditor and MSc Infosec • Certified CISO, Chartered Engineer and Chartered Director • Fellow of BCS and IOD • Company Director for 26 years
What’s wrong with current cyber defences? • Traditional Defences are REACTIVE not PROACTIVE • Volume of Attacks is Overwhelming • Heuristic and Behavioural Systems have False Positives and False Negatives • Too Slow and Processor Intensive • Often Need Network Access / Internet Access • Need Constant Maintenance (Expensive in Manpower and Processor Resource) • Don’t Work Seamlessly with Other Defences
A new, proven, patented, proactive solutionabatis a.k.a. L3-SOTERIA Payload: implementation of specific actions such as opening backdoors, Botnet, spyware, keylogger, rootkit … Scanning Engine: scanning across the network Target Selection Algorithm: looking for potential new victims to attack Warhead: gains access to the victim’s machine Propagation Engine: transfers the body to the victim
Abatis HDF / L3 Soteria • Kernel level filter driver of less than 100 KB • Prevents malware from becoming persistent on a Windows or Linux device • 3 Modes – Learn, Block, Audit • Blocks the writing of binary executable files to permanent storage • Policy driven so can be configured to allow or block any file type • Granular policy allows safe, automatic updating of selected files as required • Logs stored locally and transferred to Central Management Console (CMC) • Proven safe for use in Safety-Critical, SCADA, IoT, CNI, etc.
SOFTWARE SOLUTION TINY FOOTPRINT • Less than 100KB Kernel Level Proactive Protection • Preserves integrity of the device • Protects All Windows and Red Hat Linux • REAL, VIRTUAL and EMBEDDED forms protected
SECURITY “Effective at stopping all attempts to write malware to the permanent storage of the device regardless of system privilege” “Abatis Stopped 100% of all malware in comparative tests where 8 well-known Anti-Virus tools scored between 30% and 55%” Provides an APT HUNTER-KILLER ability not seen in any other tool
Zeroperformance degradationUp to 40% performance (speed) improvement compared to traditional Anti-Virus tools Massiveimprovement in laptop battery duration: Abatis 80% AVG 20% Comparative test by Technology Strategy Ltd
Safe to use in safety-critical real-time systems and SCADA environments Total Control over USB Devices
“Saves 7% of the energy consumed by the device……….servers run 8°C cooler…………..saving £35/ US$60 per server per annum”
NO SIGNATURE FILE UPDATES OR WHITELIST MAINTENANCE • CAN BE A “FIT & FORGET” SOLUTION IN SOME ENVIRONMENTS“The time taken to clean up our environment after an infection has gone from 3 days to just 2 hours – a 90% improvement” “Abatis allows us to choose when to do patching. It buys us time to properly test patches before we roll them out” Virtual Patch Management
Less than 100KB, no performance degradation and no update requirement makes Abatis suitable for most IT and OT environments (SCADA and embedded real-time systems) IDEAL for the Works on all Windows from NT4 to latest versionsthereby preserving investmentin legacy equipment • BUYS YOU TIME to do a controlled migration to newer platforms when YOU choose Sweat Your Assets
Highly Commended – Cyber Security Category Highly Commended – Sustainability Category @ IET Innovation Awards 2016 Winner Most Innovative Product Finalist
Existing customers and evaluators • High Integrity Customers Evaluators Abatis acknowledges the logos are property of their respective owners
Greg dwyer – ict manager, Rushcliffe borough council • HDF was commonly used in environments where change rarely took place, and where ICT assets need to be managed on an individual basis. • Protect against human error, and Zero Day Attacks! • Rushcliffe have worked alongside Moorbridge and Abatis to help in the development of HDF. • Approach to Deployment • Operational management • Central management for medium to large environments
Approach to Deployment • Whenever making changes, small or large, there is always a fear of impact to the organisation. • Two approaches to choose from • Learn Mode • Block Mode • Phased approach – Test, Pilot, Wide deployment • Pilot group consisted of two users from each sector of the organisation. • Identify the top 5 high risk applications • Java • PowerShell / VB scripts • Adobe Flash / Reader • Internet Explorer / Outlook
Operational Management • Inherently wants to stop change, lock down your device. It is a very powerful tool, but you need to find your own balance between security and functionality • Prevent impact on users • Ensure that the management of this product didn’t impact on day-to-day operations for the ICT team. • Custom policies created from day one to allow • Windows Updates • Central management deployment tool (SCCM) • Removes the need to update policies for every change
Central Management for Enterprise Environments • Central Management Console (CMC) • Monitor your deployment of HDF • Monitor and manage the deployment of policies • Monitor the health of your assets – alerts and real-time status • Multi-purpose – example to instantly identify level of impact to the organisation
What has been achieved • Careful introduction of Abatis to allow thorough testing before full rollout • Generation of Security Policy to allow updates with minimal human intervention • Easy to install using our existing provisioning tools (SCCM) • Central Management of assets • Tiny footprint and no performance degradation
conclusions • Don’t think that your house is safe • Don’t rely on out-of-date and old fashioned defences – they are not good enough • Implement the Abatis solution across your estate in a phased approach • Sleep Easier At night
Questions and Contact Details Abatis (UK) Ltd. Enterprise Centre Royal Holloway University of London Egham, Surrey TW20 0EX England Web: www.abatis-hdf.com Rushcliffe Borough Council Rushcliffe Arena Rugby Road West Bridgford Nottingham NG2 7YG Greg Dwyer T: +44 (0) 115 914 8411 E: Gdwyer@Rushcliffe.gov.uk Kerry Davies T: +44 (0) 7767 240799 E: kerry@abatis-hdf.com