Professional Documents
Culture Documents
#CyberFit
#CyberFit Academy
Cyber Protect Cloud
Introductions
#CyberFit Academy
Today`s Speaker
Steve Brining
#CyberFit Academy
Course Summary
20 MCQ questions 60 Minutes working 70% Passing Grade Two Attempts given Open Book
time
#CyberFit Academy
Target Persona
#CyberFit Academy
Learning Objectives
#CyberFit Academy
Course Modules
#CyberFit Academy
Certification Track
#CyberFit Academy
Certification Track
#CyberFit Academy
Certification Track
#CyberFit Academy
Certification Track
STEP
STEP Acronis #CyberFit Cloud Tech Associate Certifications
211 Consists of the following courses (specializations)
Let’s start here
Optional:
#CyberFit Academy
Cyber Protect Cloud
High Level Overview and Benefits
#CyberFit Academy
Best-in-breed backup combined
with integrated security and management
#CyberFit Academy
Core Solution – Security Components
1. #CyberFit Score
2. Vulnerability Assessment
3. Device Control
4. Quarantine
5. Active Protection
6. Anti-Virus (without local signature-based
engine)
#CyberFit Academy
Cyber Protect Cloud
#CyberFit Score
#CyberFit Academy
Acronis #CyberFit Score
Simplify MSP operations and service upselling
Assess the level of protection
of any machine:
• Is backup enabled?
• Is anti-malware installed?
• Is the firewall in place?
• Are HDDs encrypted?
• Is a VPN in use?
#CyberFit Academy
CyberFit Score
#CyberFit Academy
CyberFit Score
CyberFit
score
#CyberFit Academy
CyberFit Score
#CyberFit Academy
CyberFit Score
CyberFit
score
#CyberFit Academy
CyberFit Score
#CyberFit Academy
CyberFit Score
Help and
Options
#CyberFit Academy
#CyberFit Score for machines
#CyberFit Academy
#CyberFit Score
#CyberFit Academy
Cyber Protect Cloud
Vulnerability Assessment
#CyberFit Academy
Vulnerability Assessment
Discover an issue before an issue happens
#CyberFit Academy
Vulnerability Assessment
• CVE: Common Vulnerabilities and Exposures
• CVSS Score (Common Vulnerability Scoring
System)
• Assigns severity scores: prioritize
responses/resources
• Low, Medium and High Severity Levels
a) Low: CVSS score of 0.1 – 3.9
b) Medium: CVSS score of 4.0 – 6.9
c) High: CVSS score of 7.0 – 10.0
d) None: 0
#CyberFit Academy
Vulnerability Assessment
What Can Be
Scanned
Scheduling
Options
#CyberFit Academy
Cyber Protect Cloud
Device Control
#CyberFit Academy
Device Control
#CyberFit Academy
Device Control
#CyberFit Academy
Device Control
Device Control
settings
#CyberFit Academy
Device Control
Access settings
devices list
permission
#CyberFit Academy
Device Control
Redirected
devices
#CyberFit Academy
Device Control
Device types
allowlist
#CyberFit Academy
Cyber Protect Cloud
Quarantine
#CyberFit Academy
Quarantine
#CyberFit Academy
Actions with Quarantined Files
#CyberFit Academy
Quarantine
#CyberFit Academy
Quarantine
Quarantined files
#CyberFit Academy
Quarantine
#CyberFit Academy
Quarantine
Actions with
quarantined files
#CyberFit Academy
Cyber Protect Cloud
Active Protection
#CyberFit Academy
Active Protection
Backup industry’s most advanced anti-ransomware
technology
Acronis provided
excellent performance, is
easy to use and has a rich
Persistently guards files Relentlessly defends feature set. On top of that
including local backups backups from alteration it is
from unauthorized by hardening the Acronis the only solution in the
modification and/or agent application from test to provide dedicated
encryption attacks protection from
ransomware attacks. This
earned Acronis the first
Instantly restores files Actively future-proofs ever approved backup &
to the most recently your data protection data security certificate of
backed up version because AV-TEST.
should ransomware it is based on a behavioral
manage to get through heuristic approach
the defense and white-listing David Walkiewicz
Director Test Research,
av-test.org
#CyberFit Academy
Active Protection
Protects against:
#CyberFit Academy
Active Protection
#CyberFit Academy
Active Protection
#CyberFit Academy
Active Protection
Protects collaboration and
communications applications:
#CyberFit Academy
Active Protection
Monitoring processes
#CyberFit Academy
Active Protection
#CyberFit Academy
Active Protection
Process Injection
#CyberFit Academy
Active Protection
Things to help
#CyberFit Academy
Active Protection
Behavior and how we respond
#CyberFit Academy
Active Protection
Behavior and how we respond
#CyberFit Academy
Active Protection
Behavior and how we respond
#CyberFit Academy
Active Protection
Threat actors
#CyberFit Academy
Cyber Protect Cloud
Anti-virus (without local signature-based engine)
#CyberFit Academy
Antivirus
#CyberFit Academy
Antivirus
Not part of the
core solution
Quarantined files
#CyberFit Academy
Antivirus – Core Solution
Supports Windows and Quick / Full scans Exclusions can be
macOS (malware) configurable configured
• 3rd party antivirus present • Full scan: checks all files on • Trust certain files, folders and
when applying Protection Plan machine processes
Anti-malware module: alert
generated and on-access • Quick scan: checks only • Block specific processes
protection stopped to prevent machine system files
conflicts • Detected threats
• To enable full functionality: quarantined and
disable/uninstall 3rd party automatically deleted after
antivirus 30 days (default)
#CyberFit Academy
Antivirus – Core Solution
Cloud Based Signature Detection (File Reputation
Services (FRS))
• Working specific hash-based small signatures
• Cloud look-up can help for an on-demand scan when something is
not executed
• If executed we can look it up but it might have already started
• FRS is hash only: not much data sent to look up
• No sandbox analyst at this time and no files sent
• Our own FRS being used
• FRS determined if file is good or bad
• Using (among other things) VirusTotal: doing hash checking against
cloud database
• Update our list for the FRS (expanding in future other services)
#CyberFit Academy
Antivirus – Core Solution
Cloud Based Signature Detection (File Reputation
Services (FRS))
#CyberFit Academy
Stacktrace AI Analyzer
#CyberFit Academy
Section Summary
#CyberFit Academy
Section Summary
#CyberFit Academy
Section Summary
#CyberFit Academy
Cyber Protect Cloud
Advanced Security
Technical Discussion
Part 1
#CyberFit Academy
Advanced Security Components Part 1
1. Forensic backup
2. URL Filtering
3. Corporate allowlist (automatic and manual)
4. Backup Scanning (scanning cloud backups for
malware)
#CyberFit Academy
Cyber Protect Cloud
Forensic Backup
#CyberFit Academy
Forensic Backup
#CyberFit Academy
Forensic Backup
Enable collection
of forensic data in
Backup options
#CyberFit Academy
Forensic Backup
#CyberFit Academy
Forensic Backup
Recover forensic
data
#CyberFit Academy
Forensic Backup
#CyberFit Academy
Forensic Backup
Select forensic
data to recover
#CyberFit Academy
Forensic Backup – What Is It?
#CyberFit Academy
Forensic Backup – What Is It?
Capture original data in unaltered state
Image VS Clone
#CyberFit Academy
Hash
Hash signature
• Cryptographically secure checksum to
prove byte stream did not change
• Difference in hash value between original
and a copy? Confirms not exact copies
• Hash applied to entire image
Used to establish chain of custody
• Evidence preservation: chain of custody
fulfills this
• Evidence collected: need to be protect
against tampering
#CyberFit Academy
Forensic Backup
• Supports Windows 8.1, Windows Server 2012 R2 and
above
• Backup destinations: Cloud, external drive, network folders
• Entire machine backup only
• Snapshot of unused disk space and running processes along with full memory
dump1
• Automatically notarized
• Protection Plan with forensic data enabled cannot be
disabled
• Recovery:
• Recovered as entire machine
#CyberFit Academy
Forensic Backup Process
.DMP
1.Collects raw memory 2.Reboots machine 3. Creates backup 4. Notarizes backup 4. Reboots into OS
dump and then list of into bootable (occupied and and continue plan
running processes environment unoccupied space) execution
#CyberFit Academy
Forensic Backup
#CyberFit Academy
Forensic Backup
Notarization:
prove authentic and unchanged since backup
#CyberFit Academy
Forensic Backup
• When needed
a) Create a protection plan with machine to select for forensic
backup and turn forensics on
b) Perform backup process and verify certificate produced
c) One can delete the protection plan (only purpose was
forensic backup at that time) for that machine
#CyberFit Academy
Cyber Protect Cloud
URL Filtering
#CyberFit Academy
URL Filtering
#CyberFit Academy
URL Filtering
URL filtering
settings
#CyberFit Academy
URL Filtering
Warning alert
when URL is
blocked
#CyberFit Academy
URL Filtering
#CyberFit Academy
URL Filtering
Malware distributed by malicious or infected sites.
Use drive-by-download methods to infect machine
#CyberFit Academy
Cyber Protect Cloud
Corporate Allowlist
#CyberFit Academy
Corporate Allowlist
#CyberFit Academy
Corporate Allowlist
Enable Automatic
generation of
whitelist and level of
heuristics
#CyberFit Academy
Corporate Allowlist
• Applications detected as false positive by antivirus solutions
• Need to add manually as trusted application to whitelist (avoid
unwanted errors and disruptions)
#CyberFit Academy
Cyber Protect Cloud
Backup Scanning
#CyberFit Academy
Backup Scanning
#CyberFit Academy
Backup Scanning
Create
backup
scanning
plan
#CyberFit Academy
Backup Scanning
Backup
scanning
plan settings
#CyberFit Academy
Backup Scanning
Cloud storage scanned for malware
(prevent restoring infected files):
• Windows OS:
• Only Entire machine or disks/volumes backups
scanned
• Volumes using NTFS file system with GPT or MBR
partitioning
• Cloud backups scanned in Acronis Cloud
• After backup scanning plan created, placed in queue
for execution
• May take time for scan to start/complete depending
on queue; will show Not scanned status until scanning
complete
• Status of backup once completed:
No malware | Malware detected
#CyberFit Academy
Section Summary
#CyberFit Academy
Section Summary
#CyberFit Academy
Cyber Protect Cloud
Advanced Security
Technical Discussion
Part 2
#CyberFit Academy
Advanced Security Components Part 2
1. Safe Recovery
2. Windows Defender Antivirus/Microsoft Security
Essentials integration
3. Remote Wipe
4. Smart Protection Plans
#CyberFit Academy
Cyber Protect Cloud
Safe Recovery
#CyberFit Academy
Safe Recovery
Enable safe
recovery
#CyberFit Academy
Safe Recovery
Anti-malware scanning and deletion performed as part of recovery
(prevent reinfection if malware is present):
#CyberFit Academy
Cyber Protect Cloud
Windows Defender Antivirus
#CyberFit Academy
Windows Defender Antivirus/Essentials
#CyberFit Academy
Windows Defender Antivirus/Essentials
Windows
Defender
Antivirus
settings
#CyberFit Academy
Windows Defender Antivirus/Essentials
Microsoft
Security
Essentials
settings
#CyberFit Academy
Windows Defender Antivirus/ Security Essentials
#CyberFit Academy
Cyber Protect Cloud
Remote Wipe
#CyberFit Academy
Remote Wipe
#CyberFit Academy
Remote Wipe
Remote wipe
setting in
machine Details
#CyberFit Academy
Remote Wipe
Deletion of all data on remote machine
(loss or theft):
• Windows 10
• Select machine click on Details >
Wipe data 1
• Remote wipe initiated when machine is
turned on and connected to Internet
• All data deleted and machine returned to
factory default state
#CyberFit Academy
Cyber Protect Cloud
Smart Protection Plans
#CyberFit Academy
Smart Protection Plans
#CyberFit Academy
Smart Protection Plans
Cyber Protection
widgets
#CyberFit Academy
Smart Protection Plans
#CyberFit Academy
Smart Protection Plans
#CyberFit Academy
Smart Protection Plans
Select
recommended
actions to take
#CyberFit Academy
Smart Protection Plans
Acronis Cyber Protection Operations Center (CPOC)
generates security alerts sent to related geographic regions
#CyberFit Academy
Section Summary
#CyberFit Academy
Section Summary
#CyberFit Academy
Cyber Protect Cloud
Advanced Security
Technical Discussion
Part 3
#CyberFit Academy
Advanced Security Components Part 3
1. Exploit prevention
2. Local signature-based detection anti-virus
3. Real-time anti-virus protection
#CyberFit Academy
Cyber Protect Cloud
Exploit Prevention
#CyberFit Academy
Exploit Prevention
#CyberFit Academy
Exploit Prevention
Detects and prevents malicious processes from
exploiting software vulnerabilities on a system
• Memory protection
• Code injection
• Privilege escalation and
• ROP protection (return-oriented programming)
#CyberFit Academy
Exploits
#CyberFit Academy
Exploits
#CyberFit Academy
Cyber Protect Cloud
Local Signature-Based Detection
#CyberFit Academy
Local Signature Based Detection
#CyberFit Academy
Cyber Protect Cloud
Real-time anti-virus scanning
#CyberFit Academy
Real-time Antivirus Scanning
#CyberFit Academy
Section Summary
#CyberFit Academy
Cyber Protect Cloud
Advanced Security Pack
Scenarios and Examples
#CyberFit Academy
Topics for Scenarios and Examples
1. Forensic Backup
2. Active Protection (Existing solutions already installed)
• Ransomware – Live Malware
• Self protection – MS Teams exploited
• Cryptomining - XMRig
3. URL Filtering
• Live malicious URL’s and trusted and blocked
4. Device Control
• Lock down of USB port yet use other items on port
• Protection of intellectual property being stolen by
internal threat
#CyberFit Academy
Forensic Backup
#CyberFit Academy
Scenarios and Examples – Forensic Backup
#CyberFit Academy
Scenarios and Examples – Forensic Backup
#CyberFit Academy
Scenarios and Examples – Forensic Backup
Already attacked?
Objection:
Disaster Recovery is too complex
Answer questions like:
• What systems/files/applications/networks
involved and/or affected?
• How did it occur?
• What data stolen or accessed?
• Hackers still on network?
#CyberFit Academy
Scenarios and Examples – Forensic Backup
Company victim to recent cyber
Objection:
attack?
Disaster Recovery is too complex
Overall forensics investigations:
• Safeguarding digital evidence used in attack
• Search for data access and/or exfiltration
• Identify cause and possible intent
• Retrace hackers steps
• Help prevent some future attack: detect gaps
to be filled
• Opportunity to see additional security
weaknesses
#CyberFit Academy
Scenarios and Examples – Forensic Backup
CERT statement
Objection:
Disaster Recovery is too complex
#CyberFit Academy
Scenarios and Examples – Forensic Backup
FlipObjection:
Side – show something
did NOT happen
Disaster Recovery is too complex
• 2006 - US Dept of Veterans Affairs
• Laptop recovered and analyzed
• Determined sensitive files “probably” not
viewed
• Examined access and modification times
with each file
• Files not opened by conventional means
#CyberFit Academy
Scenarios and Examples – Forensic Backup
Final Thought
#CyberFit Academy
Active Protection
#CyberFit Academy
Scenarios and Examples – Active Protection
#CyberFit Academy
URL Filtering
#CyberFit Academy
Scenarios and Examples – URL Filtering
#CyberFit Academy
Device Control
#CyberFit Academy
Scenarios and Examples – Device Control
#CyberFit Academy
What’s Next?
#CyberFit Academy
Review the Materials
#CyberFit Academy
Take the Exam
20 Multiple-choice questions
Open book
#CyberFit Academy
Certification Track
#CyberFit Academy
Certification Track
#CyberFit Academy
Certification Track
STEP
STEP Acronis #CyberFit Cloud Tech Associate Certifications
211 Consists of the following courses (specializations)
Optional:
#CyberFit Academy
Certification Track
#CyberFit Academy
Other Acronis Resources
• Inside Sales
• Field Sales
• Partner Success Managers
• Solution Engineers
• Sales Enablement Team
• Partner Portal for More #CyberFit
Academy Training Courses and easy-to-
use Marketing materials
#CyberFit Academy
Supplemental Materials
#CyberFit Academy
Cyber Foundation
Building a More
Knowledgeable Future
#CyberFit Academy