Educause Security Discussion mailing list archives
Re: Adobe Flash
From: H Morrow Long <morrow.long () YALE EDU>
Date: Thu, 23 Jul 2015 11:13:28 -0400
James, Dave, et. al : Three add'l vendor (not free...) solutions that work on mitigating methods of attack on the endpoint itself: Bit9+Carbon Black -- uses a large list of indicators of malicious attack behaviors (+ reputation + threat intel) & responds https://www.*bit9*.com/solutions/*carbon*-*black*/ Tanium -- works by identifying IoCs to tag malicious processes & responds https://www.tanium.com/products/endpoint-security/ Bromium -- mitigates by isolating user processes (esp. risky ones) via micro-virtualization http://www.bromium.com/why-bromium/how-we-do-it.html Morrow *From:* The EDUCAUSE Security Constituent Group Listserv [mailto:
SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Tevlin, Dave *Sent:* Thursday, July 23, 2015 9:24 AM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* Re: [SECURITY] Adobe Flash Deploy Microsoft Enhanced Mitigation Experience Toolkit (EMET) along side Flash and Java deployments where there is a need for Flash or Java. If you are a VMware shop you can't get away from Flash as it is part of vSphere administration. EMET is one of only three tools that I know of that block the attack methods instead of relying on heuristic or signature based detection which always require someone else to find it first. One of the last Flash 0 day attacks used a Heap-Spay method for the attack, which EMET is built to counter. I have no information if it would have worked on this specific attack through. EMET is free, and controllable through GPO. It is Windows only though. The list of tools in the market that work on mitigating the method of attack, that I know of are: Microsoft EMET (Free) https://technet.microsoft.com/en-us/security/jj653751 <https://urldefense.proofpoint.com/v2/url?u=https-3A__technet.microsoft.com_en-2Dus_security_jj653751&d=AwMFaQ&c=-dg2m7zWuuDZ0MUcV7Sdqw&r=fLmankr7CvzZarVeNVPoo8kyftZjAzLTx_VQwGbDDBY&m=GIJZNfRn7ZP6nmp4vUkwp2ZYGuguwAYEh5yTAI6iK8Q&s=v-4pGFlxgSh8O-LAlGTPFOHaya7nTKpFT-YY6q2xjMU&e=> Malwarebytes Anti-Exploit ($) https://www.malwarebytes.org/antiexploit/premium/ <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.malwarebytes.org_antiexploit_premium_&d=AwMFaQ&c=-dg2m7zWuuDZ0MUcV7Sdqw&r=fLmankr7CvzZarVeNVPoo8kyftZjAzLTx_VQwGbDDBY&m=GIJZNfRn7ZP6nmp4vUkwp2ZYGuguwAYEh5yTAI6iK8Q&s=HYkHrf9mXVra92u05xM1bKZDQFNlFEogvHEyhsPCwnc&e=> Palo Alto Traps Endpoint Security ($$$) https://www.paloaltonetworks.com/products/endpoint-security.html <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.paloaltonetworks.com_products_endpoint-2Dsecurity.html&d=AwMFaQ&c=-dg2m7zWuuDZ0MUcV7Sdqw&r=fLmankr7CvzZarVeNVPoo8kyftZjAzLTx_VQwGbDDBY&m=GIJZNfRn7ZP6nmp4vUkwp2ZYGuguwAYEh5yTAI6iK8Q&s=CwOdmjzpdyxJjXOleV0a9Tj4wkadfwSlZlOYFQdPvyA&e=> Dave Tevlin, MS Network/ Systems Administrator Georgetown Visitation Prep School dtevlin () visi org
Current thread:
- Adobe Flash Chris Green (Jul 22)
- Re: Adobe Flash Greg Williams (Jul 22)
- Re: Adobe Flash Kevin Reedy (Jul 22)
- Re: Adobe Flash Tevlin, Dave (Jul 23)
- Re: Adobe Flash James Farr (Jul 23)
- Re: Adobe Flash H Morrow Long (Jul 23)
- Re: Adobe Flash Brad Judy (Jul 23)
- Re: Adobe Flash Shalla, Kevin (Jul 23)
- Re: Adobe Flash Tevlin, Dave (Jul 23)
- Re: Adobe Flash Greg Williams (Jul 23)
- Re: Adobe Flash Tevlin, Dave (Jul 23)