How can you secure your server if you have no idea what files, registry keys, users, groups, services, or other artifacts are created when an application is installed? Most vendor documentation fails to detail the intricacies of an application’s installation footprint down to individual files. This makes securing the application, not to mention the development of enterprise policies and procedures for the application, an arduous and ultimately ineffective task.
Using a combination of malware analysis techniques, package management utilities, and some homegrown tools, anyone can understand exactly what an application is going to do to your server and how its installation impacts your attack surface area. With this knowledge in hand, an organization can translate the newly created application map to Chef, Puppet, and RightScale configuration scripts to better automate its server and application fleet deployments. The map can also be used to help tighten controls for more accurate and continuous operational and security monitoring of applications.
In this talk Andrew Hay, CloudPassage, Inc.’s Director of Applied Security Research, will present a repeatable and application-agnostic methodology to quickly and easily:
Use malware analysis techniques to profile any application before its installation
Identify undocumented post-installation application artifacts worth monitoring
Build new, and leverage existing, automated tools to expedite the entire identification process