How can you secure your server if you have no idea what files, registry keys, users, groups, services, or other artifacts are created when an application is installed? Most vendor documentation fails to detail the intricacies of an application’s installation footprint down to individual files. This makes securing the application, not to mention the development of enterprise policies and procedures for the application, an arduous and ultimately ineffective task.
Using a combination of malware analysis techniques, package management utilities, and some homegrown tools, anyone can understand exactly what an application is going to do to your server and how its installation impacts your attack surface area. With this knowledge in hand, an organization can translate the newly created application map to Chef, Puppet, and RightScale configuration scripts to better automate its server and application fleet deployments. The map can also be used to help tighten controls for more accurate and continuous operational and security monitoring of applications.
In this talk Andrew Hay, CloudPassage, Inc.’s Director of Applied Security Research, will present a repeatable and application-agnostic methodology to quickly and easily:
Use malware analysis techniques to profile any application before its installation
Identify undocumented post-installation application artifacts worth monitoring
Build new, and leverage existing, automated tools to expedite the entire identification process
Andrew Hay is the Director of Applied Security Research at CloudPassage, Inc. where he leads the security research efforts for the company. Prior to joining CloudPassage, Andrew served as a Senior Security Analyst for 451 Research’s Enterprise Security Practice (ESP) providing technology vendors, private equity firms, venture capitalists and end users with strategic advisory services. He is a veteran strategist with more than a decade of experience related to endpoint, network and security management across various product sectors.