SlideShare a Scribd company logo

best_practices_for_preventing_and_recovering_from_ransomeware_240612 (1).pptx

Download as PPTX, PDF
Precisely
Precisely

Best Practices for Preventing and Recovering from Ransomware You need to implement a ransomware prevention strategy to protect your IBM i. While prevention is the first and potentially most effective step, what happens if you do get compromised? What if you could restore back to a point before the ransomware attack occurred? Join us to learn more about how a Prevent-Detect-Recover strategy can be a powerful solution by using a combination of storage and replication technologies to effectively recover in the event of a malware attack. During this webinar, we will explore key topics such as: • Understanding ransomware prevention strategies • Preventing most common ransomware vulnerabilities • How to get back to a point before the ransomware attack

1 of 51
Download to read offline
Ransomware Defense Prevention, Detection and Recovery Gavriel Meir-Levi | Sales Director - Security Products Barry Kirksey | Principal Sales Engineer
Session Overview 1. Prevention 2. Detection 3. Recovery 2
Session Overview 1. Prevention: Keep it Off The IBM i 2. Detection: Limit The Blast Radius 3. Recovery: Continuous Data Protection (CDP) 3
Prevention 1. What? 2. Why? 3. How? Keep it off the IBM i
Prevention 1. What are we securing? 2. Why are we securing it? 3. How are we securing it? What are we securing?
You can’t secure what you don’t understand We’re securing the IBM i against ransomware... Prevention What are we securing? Meaning what?
Prevention How does ransomware reach the IBM i? Ingress Command and Control Encryption Compromise ! Tunneling Burrowing Anatomy of a Ransomware Attack
Ransomware Business Model Ransomware Target 3rd Party Partners Ransomware Software Developer 10-30% 70% 70% Raa$ Business model
Ransomware Business Model Ransomware Target 3rd Party Partners Ransomware Software Developer 10-30% 70% 70% Raa$ Business model Point of Network Ingress Ingress happens when the network is compromised by 3rd Party Ransomware partners. It’s the partner’s job to get the ransomware software onto the network.
Most Common Point of Ingress Internet Router Domain Controller NAS/Backup Storage Telephony Devices Firewall/ VPN Gateway Managed Laptops Managed Workstations Managed Servers End-of-life (EOL) Products “Under the Radar” Exploitation Source: CrowdStrike 2024 Threat Report Unmanaged network appliances – particularly edge gateway devices – remained the most routinely observed initial access vector for exploitation during 2023 Target/Unmanaged Asset Sensor Managed Asset
1. Classic Wintel Ransomware Contamination 2. Advanced Threats that Specifically Target the IBM i Prevention What are we securing?
Keeping It Off The IBM i • The IBM i OS ‘proper’ – is generally not the target • IBM i can be affected by malware in the IFS in two ways: • An infected object is stored in the IFS • Malware enters the system from an infected workstation to a mapped drive (that is, IBM i) via a file share on the IFS Integrated File System The integrated file system is a part of the IBM i operating system that supports stream input/output and storage management similar to personal computer and UNIX operating systems, while providing an integrating structure over all information stored in the system.
The Case of the Contaminated Network Ingress Command and Control Encryption Compromise ! Tunneling Burrowing IFS Classic mapped drive ransomware scenario
Network Contamination A tale of betrayal and redemption The Human Element Security Sue Admin Andy Malicious Maxine End User Ellen THE USUAL SUSPECTS:
The Case of the Contaminated Network An AI tale of betrayal and redemption THE USUAL SUSPECTS: The Human and AI Element Security Sue Admin Andy Malicious Maxine End User Ellen WITH SPECIAL GUEST: AI Artemus
The Contaminated Network Point of ingress Malicious Maxine End User Ellen Security Sue Admin Andy
The Contaminated Network Lateral movement Malicious Maxine End User Ellen Security Sue Admin Andy
Malicious Maxine End User Ellen Security Sue Admin Andy The Contaminated Network RED ALERT: IBM i is in danger Network Share
The Contaminated Network RED ALERT: IBM i is in danger Malicious Maxine End User Ellen Security Sue Admin Andy
The Contaminated Network Rewind prewind: Planning starts before contamination Security Sue Admin Andy End User Ellen Collaboration IFS Access Network Segmentation Exit Point IFS Security MFA
Don’t Forget The “Why” Here comes the “how” End User Ellen IFS Access Network Segmentation Exit Point IFS Security MFA Don’t Forget The “Why” – Because End User Ellen’s access to the IFS is critical to the business. And if it isn’t… Security Sue Admin Andy Collaboration
Lots of Great Tools Some of which your organization already uses End User Ellen IFS Access Network Segmentation Exit Point IFS Security MFA Security Sue Admin Andy Collaboration Segmentation Illumio Guardicore Etc.
Zero Trust Adaptive MFA End User Ellen IFS Access Network Segmentation Exit Point IFS Security Security Sue Admin Andy Collaboration Segmentation Illumio Guardicore Etc. Zero Trust Microsoft365 Okta Etc. MFA
Next Gen Tools API calls are your friend End User Ellen IFS Access Network Segmentation Exit Point IFS Security Security Sue Admin Andy Collaboration Segmentation Illumio Guardicore Etc. Zero Trust Microsoft365 Okta Etc. MFA API Calls CrowdStrike SentinelOne Pal Alto Networks, Qradar, Etc.
Tried And True IFS Security No external tool can replace good native IFS security End User Ellen IFS Access Network Segmentation Exit Point IFS Security Security Sue Admin Andy Collaboration Segmentation Illumio Guardicore Etc. Zero Trust Microsoft365 Okta Etc. MFA API Calls CrowdStrike SentinelOne Pal Alto Networks, Qradar, Etc. Best Practices Journal IFS Objects Restrict QSYS.LIB Change to *Public *Exclude No Shares to Root Directory Etc.
Congratulations Sue and Andy! They kept the ransomware off the IBM i… or did they? End User Ellen IFS Access Security Sue Admin Andy Collaboration Malicious Maxine Rats!
1. Audit: Security Must Be Demonstrable 2. Test For Failure 3. Limit The Blast Radius Detection Limiting the blast radius
On The Audit Trail Demonstrate success… and test for failure End User Ellen IFS Access Network Segmentation Exit Point IFS Security MFA Security Sue Admin Andy Collaboration Welcome to the Audit Layer Endpoint Telemetry | Network Activity | MFA Logs | Exit Point Traffic | IFS Object Changes QAUDJRN | IFS Object Journals
The Case of the Contaminated Network An AI tale of betrayal and redemption THE USUAL SUSPECTS: The Human and AI Element Security Sue Admin Andy Malicious Maxine End User Ellen WITH SPECIAL GUEST: AI Artemus
The AI Layer Use your audit data to train the AI End User Ellen IFS Access Network Segmentation Exit Point IFS Security MFA Security Sue Admin Andy Collaboration The Audit Layer Becomes The AI Layer Endpoint Telemetry | Network Activity | MFA Logs | Exit Point Traffic IFS Object Changes | QAUDJRN | IFS Object Journals AI Artemus
Andy is losing it Yet another job?!?! Admin Andy I already have a day job, managing the IBM i. Now they want me to become the CISO for the i AND the AI engineer for the i ?!?
Sue’s Got It She’s already ai-ready Admin Andy Thank God Sue is here!!! Security Sue Hey Andy, we’re looking at some cool AI tools for security and I want IBM i data in the mix… Collaboration
ALL AI-READY Sue’s AI-Ready And now so is Andy Admin Andy I have waited for this day!!! Security Sue I want your input! Collaboration
Advanced Detection Limit the blast radius Security Sue Admin Andy AI Artemus Collaboration Red Team Ruby End User Ellen PROD HA FTP Endpoint Scanning CDP Recovery Prevention Cloud Scanner Storage The AI SecOps Layer Endpoint Telemetry | Network Activity | MFA Logs | Exit Point Traffic | IFS Object Changes | CIS Benchmarks| I/O Activity QAUDJRN | IFS Object Journals | Cloud Scanning | FTP Endpoint File Scans | Red Team Activity | Remote CDP Journals | Pen Testing
1. Malware Written for The IBM i • Rare • Insider Threats 2. Advanced Persistent Threats that Target the IBM i • Live Off The Land (LOTL) • Insider-Like • Example: Involved SSH Keys accessed via AIX Advanced Threats Limiting the blast radius
Recovery
The system is corrupt! What now? • You must have a Continuous Data Protection (CDP) recovery plan! • Execute the plan • Recover to an acceptable point prior to the corruption
Planning: Maintain known good starting points Regular SAVEs Pros: • Allows for the most granularity (file, library) Cons: • Restore time • Not suitable for IFS Directories Flash copy/Snapshot image Pros: • May be faster than restore • Suitable for IFS Directories and Stream files Cons: • Quality of snapshot questionable • Requires restore of Journal Receivers Journal Receivers • Needed for rolling forward from start point • Immutable • Must be retained (protected from deletion)
Planning: Requirements for CDP Apply Journal Change: Method to roll forward (apply) the journal entries from the known good point. Logical Replication Software: Software to roll forward (apply) the journal entries from the known good point. Start Point: Point in the journal receiver chain of the chosen known good point to Roll Forward from. Recovery Point: Point in the journal receiver chain where logical replication should stop. This is typically before the point of corruption. Final Readiness Process: • Typical Unplanned Switch Procedure to prepare the Database for normal operations (i.e. commitment control, triggers referential constraints, etc). • Final User validation
Planning: Snapshot Quality State of Production LPAR at Time of Flash Open Commits All user data written to storage Known Transaction Point Quality of snapshot Requires outage Powered down No Yes Yes ⭐⭐⭐⭐⭐ Yes Restricted State No Yes Yes ⭐⭐⭐⭐ Yes Applications down No Yes Yes ⭐⭐⭐⭐ Yes Quiesced applications No Yes Yes ⭐⭐⭐⭐ Yes Application running with FORCE WRITE action performed No In doubt No ⭐⭐ No Application running with FORCE WRITE action performed Yes Unlikely No ⭐ No Application running No In doubt No ⭐ No Application running Yes Highly unlikely No ⭐ No
Known Recovery Point IBM I Vol 01 IBM I Vol .. IBM I Vol .. IBM I Vol .. IBM I Vol 88 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 Production Data Immutable Snapshots – Every Hour GOOD WARNING FAIL Validated Immutable Snapshots Known Recovery Point and Recovery Times
“Be Prepared” for CDP Recovery -168 HR -144 HR -120 HR -96 HR -72 HR -48 HR -24 HR Snapshots Full Backup Incremental Backup Known Good Points High Quality snapshot Low Quality snapshot Journal Receivers System Corrupt Normal LPAR A: !
CDP Recovery: from SAVE -168 HR -144 HR -120 HR -96 HR -72 HR -48 HR -24 HR Full Backup Incremental Backup Known Good Points Journal Receivers System Corrupt LPAR A: Recovery Operations Recovery Point Start Point • System restore • Libraries • Files • Objects Normal LPAR B: Roll Forward Restore offers granularity to the object level, but will be slower to complete
CDP Recovery: from SNAPSHOT -168 HR -144 HR -120 HR -96 HR -72 HR -48 HR -24 HR Journal Receivers System Corrupt Recovery Operations Recovery Point Start Point • IPL Snapshot Normal LPAR B: Roll Forward Snapshots Known Good Points LPAR A: High Quality snapshot Low Quality snapshot
CDP Recovery at the LPAR level A A Roll forward Restore Roll forward IPL Snapshot Recovery Point Recovery Point Roll Forward Recovery: from SAVE Roll Forward Recovery: from SNAPSHOT
Multi-LPAR CDP Readiness Topology A - Primary B - Backup Real-time HA/DR A - Recovery B - Recovery Journal Receivers Journal Receivers Journal Receivers must be retained. Protect them from deletion by replicating them to another separate LPAR
Example Event Timeline - NORMAL Timestamp Event LPAR Comments Sunday 0100 Database SAVE A or B Media should be available to B system Regularly Remote Journal Receiver SAVEs B Receivers are required for roll forward recovery - should be changed regularly and saved expeditiously
Example Event Timeline – Cyber Attack Timestamp Event LPAR Comments Thursday 1400 Cyber attack – Rogue database changes occur A Rogue record changes are replicated to B Thursday 1415 Production isolated and offline A B is online, but not available to users. Thursday 1700 Decision to perform a roll forward recovery
Example Event Timeline - Recovery Timestamp Event LPAR Comments Thursday 1730 CLRLIB completed, RESTORE started B Affected libraries Friday 1300 RESTORE completed B Affected libraries Friday 1315 Initialize Data Groups for restart B Set Data Group Recovery Point Friday 1330 Replay forward from SAVE Point B Start Data Groups from SAVE point in journal receivers. Recovery Point – 1 Reach Recovery Point B Stop Data Groups Recovery Point – 2 Perform final readiness B Switch Procedure to close commit control cycles, prepare database Recovery Point – 3 Present recovered database B
Questions
Thank You
Ad

Recommended

Best Practices for Preventing and Recovering from Ransomware
Best Practices for Preventing and Recovering from RansomwareBest Practices for Preventing and Recovering from Ransomware
Best Practices for Preventing and Recovering from Ransomware
Precisely
 
Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015
SLBdiensten
 
Post Wannacry Update
Post Wannacry UpdatePost Wannacry Update
Post Wannacry Update
Thomas Springer
 
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
lior mazor
 
MIT-6-determina-vps.ppt
MIT-6-determina-vps.pptMIT-6-determina-vps.ppt
MIT-6-determina-vps.ppt
webhostingguy
 
Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOps
IBM Security
 
Make Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorMake Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your Favor
David Perkins
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security Presentation
Simplex
 
Serverless Security: What's Left to Protect?
Serverless Security: What's Left to Protect?Serverless Security: What's Left to Protect?
Serverless Security: What's Left to Protect?
Guy Podjarny
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
Splunk
 
Managing privileged account security
Managing privileged account securityManaging privileged account security
Managing privileged account security
Raleigh ISSA
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
Harish Chaudhary
 
Information Security
Information SecurityInformation Security
Information Security
Mohit8780
 
Ivanti Security Control asd asd asd asd asd
Ivanti Security Control asd asd asd asd asdIvanti Security Control asd asd asd asd asd
Ivanti Security Control asd asd asd asd asd
bulshit7
 
OSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint SecurityOSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint Security
Ivanti
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
Precisely
 
Behind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced ThreatsBehind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced Threats
Cisco Canada
 
Defending Your IBM i Against Malware
Defending Your IBM i Against MalwareDefending Your IBM i Against Malware
Defending Your IBM i Against Malware
Precisely
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?
MenloSecurity
 
Security Solution - IBM Business Connect Qatar Defend your company against cy...
Security Solution - IBM Business Connect Qatar Defend your company against cy...Security Solution - IBM Business Connect Qatar Defend your company against cy...
Security Solution - IBM Business Connect Qatar Defend your company against cy...
Dalia Reda
 
Presentation defend your company against cyber threats with security solutions
Presentation defend your company against cyber threats with security solutionsPresentation defend your company against cyber threats with security solutions
Presentation defend your company against cyber threats with security solutions
xKinAnx
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
Precisely
 
NIS Unit-1(PPT)jbdjjdcbjbchdhbchbjch.pdf
NIS Unit-1(PPT)jbdjjdcbjbchdhbchbjch.pdfNIS Unit-1(PPT)jbdjjdcbjbchdhbchbjch.pdf
NIS Unit-1(PPT)jbdjjdcbjbchdhbchbjch.pdf
MohdKhalidShaikh2
 
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP
 
Malware Analysis
Malware AnalysisMalware Analysis
Malware Analysis
Ramin Farajpour Cami
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
Priyanka Aash
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Lastline, Inc.
 
Serverless Security: What's Left To Protect
Serverless Security: What's Left To ProtectServerless Security: What's Left To Protect
Serverless Security: What's Left To Protect
Guy Podjarny
 
Outdated Tech, Invisible Expenses: The Hidden Cost of Poor Data Integration o...
Outdated Tech, Invisible Expenses: The Hidden Cost of Poor Data Integration o...Outdated Tech, Invisible Expenses: The Hidden Cost of Poor Data Integration o...
Outdated Tech, Invisible Expenses: The Hidden Cost of Poor Data Integration o...
Precisely
 
The Changing Compliance Landscape in 2025.pdf
The Changing Compliance Landscape in 2025.pdfThe Changing Compliance Landscape in 2025.pdf
The Changing Compliance Landscape in 2025.pdf
Precisely
 
Ad

More Related Content

Similar to best_practices_for_preventing_and_recovering_from_ransomeware_240612 (1).pptx (20)

Serverless Security: What's Left to Protect?
Serverless Security: What's Left to Protect?Serverless Security: What's Left to Protect?
Serverless Security: What's Left to Protect?
Guy Podjarny
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
Splunk
 
Managing privileged account security
Managing privileged account securityManaging privileged account security
Managing privileged account security
Raleigh ISSA
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
Harish Chaudhary
 
Information Security
Information SecurityInformation Security
Information Security
Mohit8780
 
Ivanti Security Control asd asd asd asd asd
Ivanti Security Control asd asd asd asd asdIvanti Security Control asd asd asd asd asd
Ivanti Security Control asd asd asd asd asd
bulshit7
 
OSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint SecurityOSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint Security
Ivanti
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
Precisely
 
Behind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced ThreatsBehind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced Threats
Cisco Canada
 
Defending Your IBM i Against Malware
Defending Your IBM i Against MalwareDefending Your IBM i Against Malware
Defending Your IBM i Against Malware
Precisely
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?
MenloSecurity
 
Security Solution - IBM Business Connect Qatar Defend your company against cy...
Security Solution - IBM Business Connect Qatar Defend your company against cy...Security Solution - IBM Business Connect Qatar Defend your company against cy...
Security Solution - IBM Business Connect Qatar Defend your company against cy...
Dalia Reda
 
Presentation defend your company against cyber threats with security solutions
Presentation defend your company against cyber threats with security solutionsPresentation defend your company against cyber threats with security solutions
Presentation defend your company against cyber threats with security solutions
xKinAnx
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
Precisely
 
NIS Unit-1(PPT)jbdjjdcbjbchdhbchbjch.pdf
NIS Unit-1(PPT)jbdjjdcbjbchdhbchbjch.pdfNIS Unit-1(PPT)jbdjjdcbjbchdhbchbjch.pdf
NIS Unit-1(PPT)jbdjjdcbjbchdhbchbjch.pdf
MohdKhalidShaikh2
 
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP
 
Malware Analysis
Malware AnalysisMalware Analysis
Malware Analysis
Ramin Farajpour Cami
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
Priyanka Aash
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Lastline, Inc.
 
Serverless Security: What's Left To Protect
Serverless Security: What's Left To ProtectServerless Security: What's Left To Protect
Serverless Security: What's Left To Protect
Guy Podjarny
 
Serverless Security: What's Left to Protect?
Serverless Security: What's Left to Protect?Serverless Security: What's Left to Protect?
Serverless Security: What's Left to Protect?
Guy Podjarny
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
Splunk
 
Managing privileged account security
Managing privileged account securityManaging privileged account security
Managing privileged account security
Raleigh ISSA
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
Harish Chaudhary
 
Information Security
Information SecurityInformation Security
Information Security
Mohit8780
 
Ivanti Security Control asd asd asd asd asd
Ivanti Security Control asd asd asd asd asdIvanti Security Control asd asd asd asd asd
Ivanti Security Control asd asd asd asd asd
bulshit7
 
OSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint SecurityOSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint Security
Ivanti
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
Precisely
 
Behind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced ThreatsBehind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced Threats
Cisco Canada
 
Defending Your IBM i Against Malware
Defending Your IBM i Against MalwareDefending Your IBM i Against Malware
Defending Your IBM i Against Malware
Precisely
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?
MenloSecurity
 
Security Solution - IBM Business Connect Qatar Defend your company against cy...
Security Solution - IBM Business Connect Qatar Defend your company against cy...Security Solution - IBM Business Connect Qatar Defend your company against cy...
Security Solution - IBM Business Connect Qatar Defend your company against cy...
Dalia Reda
 
Presentation defend your company against cyber threats with security solutions
Presentation defend your company against cyber threats with security solutionsPresentation defend your company against cyber threats with security solutions
Presentation defend your company against cyber threats with security solutions
xKinAnx
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
Precisely
 
NIS Unit-1(PPT)jbdjjdcbjbchdhbchbjch.pdf
NIS Unit-1(PPT)jbdjjdcbjbchdhbchbjch.pdfNIS Unit-1(PPT)jbdjjdcbjbchdhbchbjch.pdf
NIS Unit-1(PPT)jbdjjdcbjbchdhbchbjch.pdf
MohdKhalidShaikh2
 
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP
 
Malware Analysis
Malware AnalysisMalware Analysis
Malware Analysis
Ramin Farajpour Cami
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
Priyanka Aash
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Lastline, Inc.
 
Serverless Security: What's Left To Protect
Serverless Security: What's Left To ProtectServerless Security: What's Left To Protect
Serverless Security: What's Left To Protect
Guy Podjarny
 

More from Precisely (20)

Outdated Tech, Invisible Expenses: The Hidden Cost of Poor Data Integration o...
Outdated Tech, Invisible Expenses: The Hidden Cost of Poor Data Integration o...Outdated Tech, Invisible Expenses: The Hidden Cost of Poor Data Integration o...
Outdated Tech, Invisible Expenses: The Hidden Cost of Poor Data Integration o...
Precisely
 
The Changing Compliance Landscape in 2025.pdf
The Changing Compliance Landscape in 2025.pdfThe Changing Compliance Landscape in 2025.pdf
The Changing Compliance Landscape in 2025.pdf
Precisely
 
AI You Can Trust: The Critical Role of Governance and Quality.pdf
AI You Can Trust: The Critical Role of Governance and Quality.pdfAI You Can Trust: The Critical Role of Governance and Quality.pdf
AI You Can Trust: The Critical Role of Governance and Quality.pdf
Precisely
 
Automate Studio Training: Building Scripts for SAP Fiori and GUI for HTML.pdf
Automate Studio Training: Building Scripts for SAP Fiori and GUI for HTML.pdfAutomate Studio Training: Building Scripts for SAP Fiori and GUI for HTML.pdf
Automate Studio Training: Building Scripts for SAP Fiori and GUI for HTML.pdf
Precisely
 
Unlocking the Power of Trusted Data for AI, Analytics, and Business Growth.pdf
Unlocking the Power of Trusted Data for AI, Analytics, and Business Growth.pdfUnlocking the Power of Trusted Data for AI, Analytics, and Business Growth.pdf
Unlocking the Power of Trusted Data for AI, Analytics, and Business Growth.pdf
Precisely
 
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfSAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
Precisely
 
End-to-end process automation: Simplifying SAP master data with low-code/no-c...
End-to-end process automation: Simplifying SAP master data with low-code/no-c...End-to-end process automation: Simplifying SAP master data with low-code/no-c...
End-to-end process automation: Simplifying SAP master data with low-code/no-c...
Precisely
 
Optimizing Your IBM i Availability: Storage vs. Software Replication.pdf
Optimizing Your IBM i Availability: Storage vs. Software Replication.pdfOptimizing Your IBM i Availability: Storage vs. Software Replication.pdf
Optimizing Your IBM i Availability: Storage vs. Software Replication.pdf
Precisely
 
AI You Can Trust - The Role of Data Integrity in AI-Readiness.pdf
AI You Can Trust - The Role of Data Integrity in AI-Readiness.pdfAI You Can Trust - The Role of Data Integrity in AI-Readiness.pdf
AI You Can Trust - The Role of Data Integrity in AI-Readiness.pdf
Precisely
 
Top Tips to Get Your Data AI-Ready‎ ‎ ‎‎ ‎
Top Tips to Get Your Data AI-Ready‎ ‎ ‎‎ ‎Top Tips to Get Your Data AI-Ready‎ ‎ ‎‎ ‎
Top Tips to Get Your Data AI-Ready‎ ‎ ‎‎ ‎
Precisely
 
Transform your IBM i and IBM Z data for proactive IT Operations.pdf
Transform your IBM i and IBM Z data for proactive IT Operations.pdfTransform your IBM i and IBM Z data for proactive IT Operations.pdf
Transform your IBM i and IBM Z data for proactive IT Operations.pdf
Precisely
 
Precisely Demo Showcase - The Future of Location Data Management and Analytic...
Precisely Demo Showcase - The Future of Location Data Management and Analytic...Precisely Demo Showcase - The Future of Location Data Management and Analytic...
Precisely Demo Showcase - The Future of Location Data Management and Analytic...
Precisely
 
Precisely Automate Evolve vs SAP MDG : L'Automatisation SAP, quel que soit l...
Precisely Automate Evolve vs SAP MDG : L'Automatisation SAP, quel que soit l...Precisely Automate Evolve vs SAP MDG : L'Automatisation SAP, quel que soit l...
Precisely Automate Evolve vs SAP MDG : L'Automatisation SAP, quel que soit l...
Precisely
 
Taking Your Legacy Data Beyond Modernization with AWS.pdf
Taking Your Legacy Data Beyond Modernization with AWS.pdfTaking Your Legacy Data Beyond Modernization with AWS.pdf
Taking Your Legacy Data Beyond Modernization with AWS.pdf
Precisely
 
Precisely Showcase - Data Governance, Quality & MDM.pdf
Precisely Showcase - Data Governance, Quality & MDM.pdfPrecisely Showcase - Data Governance, Quality & MDM.pdf
Precisely Showcase - Data Governance, Quality & MDM.pdf
Precisely
 
Stronger Together: Combining Data Quality and Governance for Confident AI & A...
Stronger Together: Combining Data Quality and Governance for Confident AI & A...Stronger Together: Combining Data Quality and Governance for Confident AI & A...
Stronger Together: Combining Data Quality and Governance for Confident AI & A...
Precisely
 
WBN_Securing Your IBM i_E_250300003.pptx
WBN_Securing Your IBM i_E_250300003.pptxWBN_Securing Your IBM i_E_250300003.pptx
WBN_Securing Your IBM i_E_250300003.pptx
Precisely
 
pp__international_ai_with_precisely_and_aws_final_240919.pptx
pp__international_ai_with_precisely_and_aws_final_240919.pptxpp__international_ai_with_precisely_and_aws_final_240919.pptx
pp__international_ai_with_precisely_and_aws_final_240919.pptx
Precisely
 
WBN_Eliminate AIX Downtime_E_DRAFT1.pptx
WBN_Eliminate AIX Downtime_E_DRAFT1.pptxWBN_Eliminate AIX Downtime_E_DRAFT1.pptx
WBN_Eliminate AIX Downtime_E_DRAFT1.pptx
Precisely
 
Automating Data Integrity: Ensuring Trust in an Era of Complexity.pdf
Automating Data Integrity: Ensuring Trust in an Era of Complexity.pdfAutomating Data Integrity: Ensuring Trust in an Era of Complexity.pdf
Automating Data Integrity: Ensuring Trust in an Era of Complexity.pdf
Precisely
 
Outdated Tech, Invisible Expenses: The Hidden Cost of Poor Data Integration o...
Outdated Tech, Invisible Expenses: The Hidden Cost of Poor Data Integration o...Outdated Tech, Invisible Expenses: The Hidden Cost of Poor Data Integration o...
Outdated Tech, Invisible Expenses: The Hidden Cost of Poor Data Integration o...
Precisely
 
The Changing Compliance Landscape in 2025.pdf
The Changing Compliance Landscape in 2025.pdfThe Changing Compliance Landscape in 2025.pdf
The Changing Compliance Landscape in 2025.pdf
Precisely
 
AI You Can Trust: The Critical Role of Governance and Quality.pdf
AI You Can Trust: The Critical Role of Governance and Quality.pdfAI You Can Trust: The Critical Role of Governance and Quality.pdf
AI You Can Trust: The Critical Role of Governance and Quality.pdf
Precisely
 
Automate Studio Training: Building Scripts for SAP Fiori and GUI for HTML.pdf
Automate Studio Training: Building Scripts for SAP Fiori and GUI for HTML.pdfAutomate Studio Training: Building Scripts for SAP Fiori and GUI for HTML.pdf
Automate Studio Training: Building Scripts for SAP Fiori and GUI for HTML.pdf
Precisely
 
Unlocking the Power of Trusted Data for AI, Analytics, and Business Growth.pdf
Unlocking the Power of Trusted Data for AI, Analytics, and Business Growth.pdfUnlocking the Power of Trusted Data for AI, Analytics, and Business Growth.pdf
Unlocking the Power of Trusted Data for AI, Analytics, and Business Growth.pdf
Precisely
 
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfSAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
Precisely
 
End-to-end process automation: Simplifying SAP master data with low-code/no-c...
End-to-end process automation: Simplifying SAP master data with low-code/no-c...End-to-end process automation: Simplifying SAP master data with low-code/no-c...
End-to-end process automation: Simplifying SAP master data with low-code/no-c...
Precisely
 
Optimizing Your IBM i Availability: Storage vs. Software Replication.pdf
Optimizing Your IBM i Availability: Storage vs. Software Replication.pdfOptimizing Your IBM i Availability: Storage vs. Software Replication.pdf
Optimizing Your IBM i Availability: Storage vs. Software Replication.pdf
Precisely
 
AI You Can Trust - The Role of Data Integrity in AI-Readiness.pdf
AI You Can Trust - The Role of Data Integrity in AI-Readiness.pdfAI You Can Trust - The Role of Data Integrity in AI-Readiness.pdf
AI You Can Trust - The Role of Data Integrity in AI-Readiness.pdf
Precisely
 
Top Tips to Get Your Data AI-Ready‎ ‎ ‎‎ ‎
Top Tips to Get Your Data AI-Ready‎ ‎ ‎‎ ‎Top Tips to Get Your Data AI-Ready‎ ‎ ‎‎ ‎
Top Tips to Get Your Data AI-Ready‎ ‎ ‎‎ ‎
Precisely
 
Transform your IBM i and IBM Z data for proactive IT Operations.pdf
Transform your IBM i and IBM Z data for proactive IT Operations.pdfTransform your IBM i and IBM Z data for proactive IT Operations.pdf
Transform your IBM i and IBM Z data for proactive IT Operations.pdf
Precisely
 
Precisely Demo Showcase - The Future of Location Data Management and Analytic...
Precisely Demo Showcase - The Future of Location Data Management and Analytic...Precisely Demo Showcase - The Future of Location Data Management and Analytic...
Precisely Demo Showcase - The Future of Location Data Management and Analytic...
Precisely
 
Precisely Automate Evolve vs SAP MDG : L'Automatisation SAP, quel que soit l...
Precisely Automate Evolve vs SAP MDG : L'Automatisation SAP, quel que soit l...Precisely Automate Evolve vs SAP MDG : L'Automatisation SAP, quel que soit l...
Precisely Automate Evolve vs SAP MDG : L'Automatisation SAP, quel que soit l...
Precisely
 
Taking Your Legacy Data Beyond Modernization with AWS.pdf
Taking Your Legacy Data Beyond Modernization with AWS.pdfTaking Your Legacy Data Beyond Modernization with AWS.pdf
Taking Your Legacy Data Beyond Modernization with AWS.pdf
Precisely
 
Precisely Showcase - Data Governance, Quality & MDM.pdf
Precisely Showcase - Data Governance, Quality & MDM.pdfPrecisely Showcase - Data Governance, Quality & MDM.pdf
Precisely Showcase - Data Governance, Quality & MDM.pdf
Precisely
 
Stronger Together: Combining Data Quality and Governance for Confident AI & A...
Stronger Together: Combining Data Quality and Governance for Confident AI & A...Stronger Together: Combining Data Quality and Governance for Confident AI & A...
Stronger Together: Combining Data Quality and Governance for Confident AI & A...
Precisely
 
WBN_Securing Your IBM i_E_250300003.pptx
WBN_Securing Your IBM i_E_250300003.pptxWBN_Securing Your IBM i_E_250300003.pptx
WBN_Securing Your IBM i_E_250300003.pptx
Precisely
 
pp__international_ai_with_precisely_and_aws_final_240919.pptx
pp__international_ai_with_precisely_and_aws_final_240919.pptxpp__international_ai_with_precisely_and_aws_final_240919.pptx
pp__international_ai_with_precisely_and_aws_final_240919.pptx
Precisely
 
WBN_Eliminate AIX Downtime_E_DRAFT1.pptx
WBN_Eliminate AIX Downtime_E_DRAFT1.pptxWBN_Eliminate AIX Downtime_E_DRAFT1.pptx
WBN_Eliminate AIX Downtime_E_DRAFT1.pptx
Precisely
 
Automating Data Integrity: Ensuring Trust in an Era of Complexity.pdf
Automating Data Integrity: Ensuring Trust in an Era of Complexity.pdfAutomating Data Integrity: Ensuring Trust in an Era of Complexity.pdf
Automating Data Integrity: Ensuring Trust in an Era of Complexity.pdf
Precisely
 
Ad

Recently uploaded (20)

Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes
 
Procurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptxProcurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptx
Jon Hansen
 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
Quantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur MorganQuantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxIncreasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Anoop Ashok
 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
 
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath MaestroDev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
UiPathCommunity
 
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
SOFTTECHHUB
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
 
Cybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure ADCybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure AD
VICTOR MAESTRE RAMIREZ
 
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven InsightsAndrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell
 
Big Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur MorganBig Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur Morgan
Arthur Morgan
 
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc
 
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Impelsys Inc.
 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
 
Mobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi ArabiaMobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi Arabia
Steve Jonas
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes
 
Procurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptxProcurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptx
Jon Hansen
 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
Quantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur MorganQuantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxIncreasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Anoop Ashok
 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
 
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath MaestroDev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
UiPathCommunity
 
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
SOFTTECHHUB
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
 
Cybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure ADCybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure AD
VICTOR MAESTRE RAMIREZ
 
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven InsightsAndrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell
 
Big Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur MorganBig Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur Morgan
Arthur Morgan
 
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc
 
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Impelsys Inc.
 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
 
Mobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi ArabiaMobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi Arabia
Steve Jonas
 
Ad

best_practices_for_preventing_and_recovering_from_ransomeware_240612 (1).pptx

  • 1. Ransomware Defense Prevention, Detection and Recovery Gavriel Meir-Levi | Sales Director - Security Products Barry Kirksey | Principal Sales Engineer
  • 2. Session Overview 1. Prevention 2. Detection 3. Recovery 2
  • 3. Session Overview 1. Prevention: Keep it Off The IBM i 2. Detection: Limit The Blast Radius 3. Recovery: Continuous Data Protection (CDP) 3
  • 4. Prevention 1. What? 2. Why? 3. How? Keep it off the IBM i
  • 5. Prevention 1. What are we securing? 2. Why are we securing it? 3. How are we securing it? What are we securing?
  • 6. You can’t secure what you don’t understand We’re securing the IBM i against ransomware... Prevention What are we securing? Meaning what?
  • 7. Prevention How does ransomware reach the IBM i? Ingress Command and Control Encryption Compromise ! Tunneling Burrowing Anatomy of a Ransomware Attack
  • 8. Ransomware Business Model Ransomware Target 3rd Party Partners Ransomware Software Developer 10-30% 70% 70% Raa$ Business model
  • 9. Ransomware Business Model Ransomware Target 3rd Party Partners Ransomware Software Developer 10-30% 70% 70% Raa$ Business model Point of Network Ingress Ingress happens when the network is compromised by 3rd Party Ransomware partners. It’s the partner’s job to get the ransomware software onto the network.
  • 10. Most Common Point of Ingress Internet Router Domain Controller NAS/Backup Storage Telephony Devices Firewall/ VPN Gateway Managed Laptops Managed Workstations Managed Servers End-of-life (EOL) Products “Under the Radar” Exploitation Source: CrowdStrike 2024 Threat Report Unmanaged network appliances – particularly edge gateway devices – remained the most routinely observed initial access vector for exploitation during 2023 Target/Unmanaged Asset Sensor Managed Asset
  • 11. 1. Classic Wintel Ransomware Contamination 2. Advanced Threats that Specifically Target the IBM i Prevention What are we securing?
  • 12. Keeping It Off The IBM i • The IBM i OS ‘proper’ – is generally not the target • IBM i can be affected by malware in the IFS in two ways: • An infected object is stored in the IFS • Malware enters the system from an infected workstation to a mapped drive (that is, IBM i) via a file share on the IFS Integrated File System The integrated file system is a part of the IBM i operating system that supports stream input/output and storage management similar to personal computer and UNIX operating systems, while providing an integrating structure over all information stored in the system.
  • 13. The Case of the Contaminated Network Ingress Command and Control Encryption Compromise ! Tunneling Burrowing IFS Classic mapped drive ransomware scenario
  • 14. Network Contamination A tale of betrayal and redemption The Human Element Security Sue Admin Andy Malicious Maxine End User Ellen THE USUAL SUSPECTS:
  • 15. The Case of the Contaminated Network An AI tale of betrayal and redemption THE USUAL SUSPECTS: The Human and AI Element Security Sue Admin Andy Malicious Maxine End User Ellen WITH SPECIAL GUEST: AI Artemus
  • 16. The Contaminated Network Point of ingress Malicious Maxine End User Ellen Security Sue Admin Andy
  • 17. The Contaminated Network Lateral movement Malicious Maxine End User Ellen Security Sue Admin Andy
  • 18. Malicious Maxine End User Ellen Security Sue Admin Andy The Contaminated Network RED ALERT: IBM i is in danger Network Share
  • 19. The Contaminated Network RED ALERT: IBM i is in danger Malicious Maxine End User Ellen Security Sue Admin Andy
  • 20. The Contaminated Network Rewind prewind: Planning starts before contamination Security Sue Admin Andy End User Ellen Collaboration IFS Access Network Segmentation Exit Point IFS Security MFA
  • 21. Don’t Forget The “Why” Here comes the “how” End User Ellen IFS Access Network Segmentation Exit Point IFS Security MFA Don’t Forget The “Why” – Because End User Ellen’s access to the IFS is critical to the business. And if it isn’t… Security Sue Admin Andy Collaboration
  • 22. Lots of Great Tools Some of which your organization already uses End User Ellen IFS Access Network Segmentation Exit Point IFS Security MFA Security Sue Admin Andy Collaboration Segmentation Illumio Guardicore Etc.
  • 23. Zero Trust Adaptive MFA End User Ellen IFS Access Network Segmentation Exit Point IFS Security Security Sue Admin Andy Collaboration Segmentation Illumio Guardicore Etc. Zero Trust Microsoft365 Okta Etc. MFA
  • 24. Next Gen Tools API calls are your friend End User Ellen IFS Access Network Segmentation Exit Point IFS Security Security Sue Admin Andy Collaboration Segmentation Illumio Guardicore Etc. Zero Trust Microsoft365 Okta Etc. MFA API Calls CrowdStrike SentinelOne Pal Alto Networks, Qradar, Etc.
  • 25. Tried And True IFS Security No external tool can replace good native IFS security End User Ellen IFS Access Network Segmentation Exit Point IFS Security Security Sue Admin Andy Collaboration Segmentation Illumio Guardicore Etc. Zero Trust Microsoft365 Okta Etc. MFA API Calls CrowdStrike SentinelOne Pal Alto Networks, Qradar, Etc. Best Practices Journal IFS Objects Restrict QSYS.LIB Change to *Public *Exclude No Shares to Root Directory Etc.
  • 26. Congratulations Sue and Andy! They kept the ransomware off the IBM i… or did they? End User Ellen IFS Access Security Sue Admin Andy Collaboration Malicious Maxine Rats!
  • 27. 1. Audit: Security Must Be Demonstrable 2. Test For Failure 3. Limit The Blast Radius Detection Limiting the blast radius
  • 28. On The Audit Trail Demonstrate success… and test for failure End User Ellen IFS Access Network Segmentation Exit Point IFS Security MFA Security Sue Admin Andy Collaboration Welcome to the Audit Layer Endpoint Telemetry | Network Activity | MFA Logs | Exit Point Traffic | IFS Object Changes QAUDJRN | IFS Object Journals
  • 29. The Case of the Contaminated Network An AI tale of betrayal and redemption THE USUAL SUSPECTS: The Human and AI Element Security Sue Admin Andy Malicious Maxine End User Ellen WITH SPECIAL GUEST: AI Artemus
  • 30. The AI Layer Use your audit data to train the AI End User Ellen IFS Access Network Segmentation Exit Point IFS Security MFA Security Sue Admin Andy Collaboration The Audit Layer Becomes The AI Layer Endpoint Telemetry | Network Activity | MFA Logs | Exit Point Traffic IFS Object Changes | QAUDJRN | IFS Object Journals AI Artemus
  • 31. Andy is losing it Yet another job?!?! Admin Andy I already have a day job, managing the IBM i. Now they want me to become the CISO for the i AND the AI engineer for the i ?!?
  • 32. Sue’s Got It She’s already ai-ready Admin Andy Thank God Sue is here!!! Security Sue Hey Andy, we’re looking at some cool AI tools for security and I want IBM i data in the mix… Collaboration
  • 33. ALL AI-READY Sue’s AI-Ready And now so is Andy Admin Andy I have waited for this day!!! Security Sue I want your input! Collaboration
  • 34. Advanced Detection Limit the blast radius Security Sue Admin Andy AI Artemus Collaboration Red Team Ruby End User Ellen PROD HA FTP Endpoint Scanning CDP Recovery Prevention Cloud Scanner Storage The AI SecOps Layer Endpoint Telemetry | Network Activity | MFA Logs | Exit Point Traffic | IFS Object Changes | CIS Benchmarks| I/O Activity QAUDJRN | IFS Object Journals | Cloud Scanning | FTP Endpoint File Scans | Red Team Activity | Remote CDP Journals | Pen Testing
  • 35. 1. Malware Written for The IBM i • Rare • Insider Threats 2. Advanced Persistent Threats that Target the IBM i • Live Off The Land (LOTL) • Insider-Like • Example: Involved SSH Keys accessed via AIX Advanced Threats Limiting the blast radius
  • 37. The system is corrupt! What now? • You must have a Continuous Data Protection (CDP) recovery plan! • Execute the plan • Recover to an acceptable point prior to the corruption
  • 38. Planning: Maintain known good starting points Regular SAVEs Pros: • Allows for the most granularity (file, library) Cons: • Restore time • Not suitable for IFS Directories Flash copy/Snapshot image Pros: • May be faster than restore • Suitable for IFS Directories and Stream files Cons: • Quality of snapshot questionable • Requires restore of Journal Receivers Journal Receivers • Needed for rolling forward from start point • Immutable • Must be retained (protected from deletion)
  • 39. Planning: Requirements for CDP Apply Journal Change: Method to roll forward (apply) the journal entries from the known good point. Logical Replication Software: Software to roll forward (apply) the journal entries from the known good point. Start Point: Point in the journal receiver chain of the chosen known good point to Roll Forward from. Recovery Point: Point in the journal receiver chain where logical replication should stop. This is typically before the point of corruption. Final Readiness Process: • Typical Unplanned Switch Procedure to prepare the Database for normal operations (i.e. commitment control, triggers referential constraints, etc). • Final User validation
  • 40. Planning: Snapshot Quality State of Production LPAR at Time of Flash Open Commits All user data written to storage Known Transaction Point Quality of snapshot Requires outage Powered down No Yes Yes ⭐⭐⭐⭐⭐ Yes Restricted State No Yes Yes ⭐⭐⭐⭐ Yes Applications down No Yes Yes ⭐⭐⭐⭐ Yes Quiesced applications No Yes Yes ⭐⭐⭐⭐ Yes Application running with FORCE WRITE action performed No In doubt No ⭐⭐ No Application running with FORCE WRITE action performed Yes Unlikely No ⭐ No Application running No In doubt No ⭐ No Application running Yes Highly unlikely No ⭐ No
  • 41. Known Recovery Point IBM I Vol 01 IBM I Vol .. IBM I Vol .. IBM I Vol .. IBM I Vol 88 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 ID 23100915 Production Data Immutable Snapshots – Every Hour GOOD WARNING FAIL Validated Immutable Snapshots Known Recovery Point and Recovery Times
  • 42. “Be Prepared” for CDP Recovery -168 HR -144 HR -120 HR -96 HR -72 HR -48 HR -24 HR Snapshots Full Backup Incremental Backup Known Good Points High Quality snapshot Low Quality snapshot Journal Receivers System Corrupt Normal LPAR A: !
  • 43. CDP Recovery: from SAVE -168 HR -144 HR -120 HR -96 HR -72 HR -48 HR -24 HR Full Backup Incremental Backup Known Good Points Journal Receivers System Corrupt LPAR A: Recovery Operations Recovery Point Start Point • System restore • Libraries • Files • Objects Normal LPAR B: Roll Forward Restore offers granularity to the object level, but will be slower to complete
  • 44. CDP Recovery: from SNAPSHOT -168 HR -144 HR -120 HR -96 HR -72 HR -48 HR -24 HR Journal Receivers System Corrupt Recovery Operations Recovery Point Start Point • IPL Snapshot Normal LPAR B: Roll Forward Snapshots Known Good Points LPAR A: High Quality snapshot Low Quality snapshot
  • 45. CDP Recovery at the LPAR level A A Roll forward Restore Roll forward IPL Snapshot Recovery Point Recovery Point Roll Forward Recovery: from SAVE Roll Forward Recovery: from SNAPSHOT
  • 46. Multi-LPAR CDP Readiness Topology A - Primary B - Backup Real-time HA/DR A - Recovery B - Recovery Journal Receivers Journal Receivers Journal Receivers must be retained. Protect them from deletion by replicating them to another separate LPAR
  • 47. Example Event Timeline - NORMAL Timestamp Event LPAR Comments Sunday 0100 Database SAVE A or B Media should be available to B system Regularly Remote Journal Receiver SAVEs B Receivers are required for roll forward recovery - should be changed regularly and saved expeditiously
  • 48. Example Event Timeline – Cyber Attack Timestamp Event LPAR Comments Thursday 1400 Cyber attack – Rogue database changes occur A Rogue record changes are replicated to B Thursday 1415 Production isolated and offline A B is online, but not available to users. Thursday 1700 Decision to perform a roll forward recovery
  • 49. Example Event Timeline - Recovery Timestamp Event LPAR Comments Thursday 1730 CLRLIB completed, RESTORE started B Affected libraries Friday 1300 RESTORE completed B Affected libraries Friday 1315 Initialize Data Groups for restart B Set Data Group Recovery Point Friday 1330 Replay forward from SAVE Point B Start Data Groups from SAVE point in journal receivers. Recovery Point – 1 Reach Recovery Point B Stop Data Groups Recovery Point – 2 Perform final readiness B Switch Procedure to close commit control cycles, prepare database Recovery Point – 3 Present recovered database B