Educause Security Discussion mailing list archives

Re: Adobe Flash

From: H Morrow Long <morrow.long () YALE EDU>
Date: Thu, 23 Jul 2015 11:13:28 -0400

James, Dave, et. al :

Three add'l vendor (not free...) solutions that work on mitigating methods
of attack on the endpoint itself:

Bit9+Carbon Black -- uses a large list of indicators of malicious attack
behaviors (+ reputation + threat intel) & responds
  https://www.*bit9*.com/solutions/*carbon*-*black*/

Tanium -- works by identifying IoCs to tag malicious processes & responds
  https://www.tanium.com/products/endpoint-security/

Bromium -- mitigates by isolating user processes (esp. risky ones) via
micro-virtualization
  http://www.bromium.com/why-bromium/how-we-do-it.html


Morrow



*From:* The EDUCAUSE Security Constituent Group Listserv [mailto:

SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Tevlin, Dave

*Sent:* Thursday, July 23, 2015 9:24 AM
*To:* SECURITY () LISTSERV EDUCAUSE EDU
*Subject:* Re: [SECURITY] Adobe Flash



Deploy Microsoft Enhanced Mitigation Experience Toolkit (EMET) along side
Flash and Java deployments where there is a need for Flash or Java. If you
are a VMware shop you can't get away from Flash as it is part of vSphere
administration.



EMET is one of only three tools that I know of that block the attack
methods instead of relying on heuristic or signature based detection which
always require someone else to find it first.



One of the last Flash 0 day attacks used a Heap-Spay method for the
attack, which EMET is built to counter. I have no information if it would
have worked on this specific attack through.



EMET is free, and controllable through GPO. It is Windows only though.



The list of tools in the market that work on mitigating the method of
attack, that I know of are:

Microsoft EMET (Free)

https://technet.microsoft.com/en-us/security/jj653751
<https://urldefense.proofpoint.com/v2/url?u=https-3A__technet.microsoft.com_en-2Dus_security_jj653751&d=AwMFaQ&c=-dg2m7zWuuDZ0MUcV7Sdqw&r=fLmankr7CvzZarVeNVPoo8kyftZjAzLTx_VQwGbDDBY&m=GIJZNfRn7ZP6nmp4vUkwp2ZYGuguwAYEh5yTAI6iK8Q&s=v-4pGFlxgSh8O-LAlGTPFOHaya7nTKpFT-YY6q2xjMU&e=>



Malwarebytes Anti-Exploit ($)

https://www.malwarebytes.org/antiexploit/premium/
<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.malwarebytes.org_antiexploit_premium_&d=AwMFaQ&c=-dg2m7zWuuDZ0MUcV7Sdqw&r=fLmankr7CvzZarVeNVPoo8kyftZjAzLTx_VQwGbDDBY&m=GIJZNfRn7ZP6nmp4vUkwp2ZYGuguwAYEh5yTAI6iK8Q&s=HYkHrf9mXVra92u05xM1bKZDQFNlFEogvHEyhsPCwnc&e=>



Palo Alto Traps Endpoint Security ($$$)

https://www.paloaltonetworks.com/products/endpoint-security.html
<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.paloaltonetworks.com_products_endpoint-2Dsecurity.html&d=AwMFaQ&c=-dg2m7zWuuDZ0MUcV7Sdqw&r=fLmankr7CvzZarVeNVPoo8kyftZjAzLTx_VQwGbDDBY&m=GIJZNfRn7ZP6nmp4vUkwp2ZYGuguwAYEh5yTAI6iK8Q&s=CwOdmjzpdyxJjXOleV0a9Tj4wkadfwSlZlOYFQdPvyA&e=>



Dave Tevlin, MS

Network/ Systems Administrator

Georgetown Visitation Prep School

dtevlin () visi org

Current thread:

Adobe Flash Chris Green (Jul 22)
- Re: Adobe Flash Greg Williams (Jul 22)
- Re: Adobe Flash Kevin Reedy (Jul 22)
  - Re: Adobe Flash Tevlin, Dave (Jul 23)
    - Re: Adobe Flash James Farr (Jul 23)
    - Re: Adobe Flash H Morrow Long (Jul 23)
    - Re: Adobe Flash Brad Judy (Jul 23)
    - Re: Adobe Flash Shalla, Kevin (Jul 23)
    - Re: Adobe Flash Greg Williams (Jul 23)
    - Re: Adobe Flash Tevlin, Dave (Jul 23)
  - Re: Adobe Flash Livio Ricciulli (Jul 27)