SophosLabs 2019 Threat Report
|
|
- Doreen Hart
- 5 years ago
- Views:
Transcription
1 SophosLabs 2019 Threat Report Walter Narisoni Sales Engineer Manager 12 February 2019
2 Targeted Attacks on the Rise
3 SamSam 3
4 Victims
5 5
6 SamSam ransom payments - $6.7 million USD January November
7 Copy cats SamSam BitPaymer Ryuk Dharma GandCrab Type Targeted Targeted Targeted Targeted RaaS Deployment RDP RDP RDP RDP Victim profile Medium/large organizations Medium/large organizations Medium/large organizations Small organizations RDP/ /Exploit kits Typical ransom $40,000 $50,000-$1M+ $100,000 $5,000 $1,000-$8,000 Frequency 1+ per day Multiple per week Multiple per week Multiple per day Unknown Any Targets Regions affected All servers and endpoints Global w/us concentration All servers All servers Critical servers Any Global Global Global Global 7
8 Action items Security basics Intercept X Lateral movement protection 8
9 Living Off the Land
10 10
11 Infection chain.exe.zip.js.ps1.bat
12 Office exploits 12
13 Risky file types File extension File type details Windows component.chm Compiled HTML help HTML Help Executable (hh.exe).cmd Microsoft command file Shell.CPL Control panel Shell.DOTM Macro-enabled document template Word.exe.HTA HTML application Windows Script Host (wscript.exe).jar Java application Java.exe.JS Javascript Windows Script Host (wscript.exe).lnk Windows shortcut Shell.PIF Program Information File Shell.PS1 PowerShell Powershell.exe.SCF Shell Command File Shell.VBS Visual Basic Script Windows Script Host (wscript.exe).wsf Windows Script File Windows Script Host (wscript.exe) 13
14 Cryptojacking
15 Action items Reassign default applications Application control is your friend Sandstorm to the rescue 15
16 Mobile + IoT
17 17
18 Phishing-in-the-app 18
19 Phishing-in-the-app 19
20 Phishing-in-the-app 20
21 Mobile jacking 21
22 VPNFilter 22
23 VPNFilter 23
24 MikroTik 24
25 Patching works 25
26 Action items Stick to official markets Do your research Take control of your devices 26
27 Conclusions Ransomware isn t going away Most attacks start with an Build a solid security foundation Security is a lifestyle
28 Sophos History Evolution to complete security Founded in Abingdon (Oxford), UK Voted best small/medium sized company in UK Acquired Astaro Divested noncore Cyber business Acquired Reflexion Acquired Invincea Peter Lammer c1985 Jan Hruska c1985 US presence established in Boston IPO London Stock Exchange Launched Synchronized Security with Security Heartbeat Acquired ActiveState Acquired DIALOGS Acquired Cyberoam Acquired PhishThreat First checksumbased antivirus software First signaturebased antivirus software Acquired Utimaco Safeware AG Acquired Mojave Networks Acquired Surfright Acquired Barricade 28
29 Sophos Synchronized Security Next-Gen Firewall Wireless Security Heartbeat Next-Gen Endpoint Mobile Web Server PhishThreat Sophos Central Encryption
30
31 The most comprehensive endpoint protection Unknown Threats Crypto-Ransomware Real-Time Attacks Protect Against the Unknown Deep Learning Behavior Model Signatureless Exploit Prevention Malicious and Benign identification Tiny Footprint & Low False Positives Stop Ransomware Behavioral Based Conviction Blocks Encryption and Boot Attacks Automatically Reverts Affected Files Identifies Source of Attack Deny the Hacker Protects against Real-Time Breaches Stops Credential Harvesting Attacks Prevents Persistence Techniques Blocks APC and Process Attacks UNKNOWN THREATS CRYPTO RANSOMWARE EVASIVE ATTACKER No User / Performance Impact No File Scanning No Signatures Prevent Ransomware Attacks Roll-Back Changes Attack Chain Analysis Prevent Land and Expand Protect Login Credentials Expose Hackers in plain sight
32 Threat Lifecycle Intercept X Feature Map LOCAL PRIVILEGE MITIGATION SYNCHRONIZED SECURITY Heartbeat MACHINE LEARNING INVESTIGATE & REMOVE Root Cause Analysis (RCA) Sophos Clean M with SafeStore ANTI-RANSOMWARE APPLICATION LOCKDOWN CREDENTIAL THEFT PROTECTION MEMORY MITIGATIONS Delivery Exploitation Installation Actions on Objective Command & Control CODE MITIGATIONS APC MITIGATION PROCESS PROTECTIONS SAFE BROWSING MALICIOUS TRAFFIC DETECTION
33 Threat Lifecycle Intercept X + Endpoint Advanced SYNCHRONIZED SECURITY Heartbeat PRE-EXECUTION BEHAVIOR ANALYSIS INVESTIGATE & REMOVE Root Cause Analysis (RCA) Sophos Clean M with SafeStore RUNTIME BEHAVIOR ANALYSIS LOCAL PRIVILEGE MITIGATION MACHINE LEARNING ANTI-RANSOMWARE WEB CONTROL APPLICATION LOCKDOWN LIVE PROTECTION CREDENTIAL THEFT PROTECTION WEB PROTECTION MEMORY MITIGATIONS ANTI-MALWARE DATA LOSS PREVENTION Delivery Exploitation Installation Actions on Objective Command & Control PERIPHERAL CONTROL CODE MITIGATIONS PROCESS PROTECTIONS SAFE BROWSING DOWNLOAD REPUTATION APC MITIGATION POTENTIALLY UNWANTED APPS APPLICATION CONTROL MALICIOUS TRAFFIC DETECTION
34
35
36
37
38 Intercept X Prevention Stop breaches before they start Top-rated endpoint protection stops more threats Reduces the Overall Attack Surface Significantly lightens the EDR workload Optimizes resources by reducing noise Detect Investigate Respond Malicious Code or Hackers Intercept X Advanced with EDR Detect Investigate Respond
39 Intercept and EDR
40
41 Synchronized Security
42 Endpoint and firewall Integration 1 Malware Detection Sophos Endpoint detects a malware attack 2 Cross-Estate Communication Sophos Endpoint shares infection status with the security system, triggering automatic responses 3 Device Isolation XG Firewall instantly isolates the computer, preventing the attack from spreading, and communication with C2 servers. Security Heartbeat 5 Access Restored XG Firewall restores network access. Root Cause Analysis provides detailed view of what happened. 4 Clean-up Sophos Endpoint automatically cleans up the infection. Once the malware is removed, Sophos Endpoint shares this update with the cybersecurity system
43 Endpoint and Encryption Integration 1 Threat Detected Sophos Endpoint detects malware threat or intruder 2 Cross-system Communication Sophos Endpoint shares this information with the security system via the Security Heartbeat 3 Encryption Keys Revoked SafeGuard Encryption revokes the encryption keys on the affected device, preventing theft of data.! Security Heartbeat 5 Encryption Keys Restored SafeGuard Enterprise restores the encryption keys, and access to data returns to normal. 4 Clean-up Sophos Endpoint automatically cleans up the infection. Once the threat is removed, Sophos Endpoint shares this update with the cybersecurity system
44
45 Synchronized App Control Taking Application Visibility and Control to a whole new level with Synchronized Security What Firewalls See Today What XG Firewall Sees All firewalls today depend on static application signatures to identify apps. But those don t work for most custom, obscure, evasive, or any apps using generic HTTP or HTTPS. You can t control what you can t see. XG Firewall utilizes Synchronized Security to automatically identify, classify, and control all unknown applications. Easily blocking the apps you don t want and prioritizing the ones you do. 46
46 Synchronized App Control 1 Unknown Application Sophos XG Firewall sees app traffic that does not match a signature 2 Endpoint Shares App Info Sophos Endpoint passes app name, patch and category to XG Firewall for classification Security Heartbeat 3 App is Classified and Controlled Automatically categorize and control where possible, or admin can manually set category or policy to apply.
47
48 Three Winning XG Sales Plays 1. Aggressive Firewall Replacement Who to target and how Replace SonicWALL, WatchGuard, and Legacy UTM Primary <100 Users, Secondary <500 Users, UTM Deployments, Lite Campus Edge (NGFW) Lead with Industry Accolades, Key Differentiators, Sync Security 2. Opportunistically pursue Pragmatic Enterprise Inline Deployment (for Synchronized Security) Opportunistically pursue Pragmatic Enterprise, SE validation needed Cisco/PAN/Checkpoint/Fortinet Lead with enabling Synchronized Security Be prepared to pivot between firewall replacement and inline deployment 3. Cross-Sell to Intercept X Install Base Discover Mode (off to the side) deployment, no impact or risk to network Enables Synchronized Security reporting and visibility only Piggyback off of huge Intercept X demand/growth (Central EP Install base) Get into the rack
49 Endpoint and Wireless Integration 1 Malware Detection Sophos Endpoint detects a malware attack 2 Cross-Estate Communication Sophos Endpoint shares infection status with the security system, triggering automatic responses 3 Restrict Internet Access Sophos Wireless automatically restricts internet access for the affected endpoint, stopping further malware download and preventing communication with C2 servers Security Heartbeat 5 Access Restored Sophos Wireless restores full internet access. 4 Clean-up Sophos Endpoint automatically cleans up the infection. Once the malware is removed, Sophos Endpoint shares this update with the cybersecurity system
50 Mobile and Wireless Integration 1 Compliance violation A user creates a compliance violation on a phone secured through Sophos Mobile 2 Cross-estate Communication Sophos Mobile sees the violation and shares it with the rest of the system, triggering predefined actions 3 Deny Network If the deny network rule is selected in Sophos Mobile, Sophos Wireless will restrict internet access. Security Heartbeat 1 4b Mobile Client Alert When the phone user tries to access the web a splash screen tells them that internet access has been restricted. 4a Instant Insights The Sophos Wireless dashboard instantly indicated that there is a compromised device (a red heartbeat)
51
52 Strategic Product Priorities ENDPOINT FIREWALL CENTRAL SYNC SEC Intercept X: Advanced threat detection and response for the enterprise. Project Nemo: Enterprise firewall built on high-performance custom hardware. Sophos Central: Create an extensible security platform. Project Darwin: Artificially intelligent security and analytics.
53 Project Darwin Adaptive Response Agent Sensors Event Model Data Libraries Applications [Containers] Operating System [Hypervisor] Physical Device API (IaaS, SaaS, etc.) Identity Entity Models High Interaction Interfaces Threat Intelligence Security Marketplace Analytics API Inferences Observations Events Event Stream Identity Provider SaaS Application
54
Walter Narisoni Sales Engineer Manager
Walter Narisoni Sales Engineer Manager Sophos History Evolution to complete security Founded in Abingdon (Oxford), UK Voted best small/medium sized company in UK Acquired Astaro Divested noncore Cyber
More informationAgenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options
Agenda Why we need a new approach to endpoint security Introducing Sophos Intercept X Demonstration / Feature Walk Through Deployment Options Q & A 2 Endpoint Security has reached a Tipping Point Attacks
More informationNext Generation Enduser Protection
Next Generation Enduser Protection Janne Timisjärvi Systems Engineer 10.5.2017 What is the the real threat? Encrypted! Give me all your Bitcoin$ Let s check if there Is something of value The Evolution
More informationINTRODUCING SOPHOS INTERCEPT X
INTRODUCING SOPHOS INTERCEPT X Matt Cooke Senior Product Marketing Manager November 2016 A Leader in Endpoint Security Sophos delivers the most enterprise-friendly SaaS endpoint security suite. Sophos
More informationSynchronized Security
Synchronized Security 2 Endpoint Firewall Synchronized Security Platform and Strategy Admin Manage All Sophos Products Self Service User Customizable Alerts Partner Management of Customer Installations
More informationSophos Central Admin. help
help Contents About Sophos Central...1 Activate Your License... 2 Overview...3 Dashboard... 3 Alerts...4 Logs & Reports... 15 People...31 Devices... 41 Global Settings... 57 Protect Devices... 90 Endpoint
More informationServer Protection Buyers Guide
Server Protection Buyers Guide Cyber threats to servers continue to evolve in complexity and viciousness at an alarming rate. Devastating ransomware outbreaks such as WannaCry and NotPetya highlighted
More informationSynchronized Security: Outsmart Hackers by Coordinating Your Defenses
Synchronized Security: Outsmart Hackers by Coordinating Your Defenses Seth Geftic Endpoint Security Group November 2 nd, 2017 What could you do in two hours? What could an attacker do in two hours? Attacks
More informationFIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?
WHAT IS FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT? While firewalls started life simply protecting networks from outside hacks and attacks, the role of the firewall has greatly evolved to take
More informationSophos. Allan Widell Channel Account Executive. 24. August 2017
Sophos Allan Widell Channel Account Executive 24. August 2017 Our Differentiated Model Focus on mid-market enterprises: over 50% of IT security market Complete, advanced, and highly effective security
More informationSynchronized Security
Synchronized Security Revolutionizing Advanced Threat Protection Per Söderqvist Sales Engineer Nordics and Baltics 1 A Proven Market Leader Endpoint Encryption Leader UTM Unified Threat Management EPP
More informationSophos Central Admin. help
help Contents About Sophos Central... 1 Activate Your License...2 Endpoint Protection...3 Dashboard...3 Alerts...4 Root Cause Analysis...9 Logs & Reports... 11 People... 24 Computers...33 Computer Groups...40
More informationFIREWALL BEST PRACTICES TO BLOCK
FIREWALL BEST PRACTICES TO BLOCK Ransomware attacks are only increasing in complexity and are getting more efficient at exploiting network and system vulnerabilities, leaving organizations with a significant
More informationSynchronized Security In Action
Synchronized Security In Action 99% Reduction in incident response time Firewall Web Wireless Email Sophos Central Server Encryption Mobile Endpoint ~5K Firewalls w/ Security Heartbeat 2 Avg. firewalls
More informationCloudSOC and Security.cloud for Microsoft Office 365
Solution Brief CloudSOC and Email Security.cloud for Microsoft Office 365 DID YOU KNOW? Email is the #1 delivery mechanism for malware. 1 Over 40% of compliance related data in Office 365 is overexposed
More informationProtect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com
Protect Your Endpoint, Keep Your Business Safe. White Paper Exosphere, Inc. getexosphere.com White Paper Today s Threat Landscape Cyber attacks today are increasingly sophisticated and widespread, rendering
More informationFIREWALL BEST PRACTICES TO BLOCK
Brought to you by Enterprie Control Systems FIREWALL BEST PRACTICES TO BLOCK Recent ransomware attacks like Wanna and Petya have spread largely unchecked through corporate networks in recent months, extorting
More informationCHARLES DARWIN, CYBERSECURITY VISIONARY
SESSION ID: SPO1-W12 CHARLES DARWIN, CYBERSECURITY VISIONARY Dan Schiappa SVP and GM, Products Sophos @dan_schiappa It is not the strongest of the species that survives, nor the most intelligent that survives.
More informationTop 10 most important IT priorities over the next 12 months. (Percent of respondents, N=633, ten responses accepted)
ESG Lab Review Sophos Security Heartbeat Date: January 2016 Author: Tony Palmer, Sr. ESG Lab Analyst; and Jack Poller, ESG Lab Analyst Abstract: This report examines the key attributes of Sophos synchronized
More informationMODERN DESKTOP SECURITY
MODERN DESKTOP SECURITY I M GOING TO BE HONEST. WE RE IN THE FIGHT OF OUR DIGITAL LIVES, AND WE ARE NOT WINNING! M I C H A E L M C C A U L, C H A I R M A N, U S H O M E L A N D S E C U R I T Y C O M M
More informationADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY
ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY OUTLINE Advanced Threat Landscape (genv) Why is endpoint protection essential? Types of attacks and how to prevent them
More informationAustralian Signals Directorate (ASD) Top 35 Reference Card
The Australian Signals Directorate (ASD) published its Strategies to Mitigate Targeted Cyber Intrusions based on its analysis of incidents across the Australian Government. First published in 2010, an
More informationSophos Central Admin. help
help Contents About Sophos Central... 1 Activate Your License...2 Overview... 3 Dashboard...3 Alerts...4 Logs & Reports... 10 People... 25 Devices... 34 Global Settings...50 Protect Devices...78 Endpoint
More informationWINNERS AND LOSERS OF THE 2018 CYBERTHREAT ROLLERCOASTER. Claudio Tosi, Sales Engineer, Malwarebytes
WINNERS AND LOSERS OF THE 2018 CYBERTHREAT ROLLERCOASTER Claudio Tosi, Sales Engineer, Malwarebytes 1 Why are businesses getting hit with so much malware? 2 BUSINESS DETECTION 2017/2018 Silent Threats
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationThe Next Generation Security Platform. Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy
The Next Generation Security Platform Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy The Next Generation Enterprise Security Platform Core Value Proposition An Enterprise Security
More informationSecurity Made Simple by Sophos
Security Made Simple by Sophos Indian businesses in the radar of cyber-threats Frequency of cyber-attacks Most targeted systems / IT assets -- KPMG Cybercrime Survey Report 2015 3 ON AN AVERAGE, HOW MUCH
More informationStreaming Prevention in Cb Defense. Stop malware and non-malware attacks that bypass machine-learning AV and traditional AV
Streaming Prevention in Cb Defense Stop malware and non-malware attacks that bypass machine-learning AV and traditional AV 2 STREAMING PREVENTION IN Cb DEFENSE OVERVIEW Over the past three years, cyberattackers
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationMcAfee Advanced Threat Defense
Advanced Threat Defense Detect advanced malware Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike
More informationSecuring Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &
Securing Dynamic Data Centers Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan & Afghanistan @WajahatRajab Modern Challenges By 2020, 60% of Digital Businesses will suffer Major Service
More informationChristopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud
Christopher Covert Principal Product Manager Enterprise Solutions Group Copyright 2016 Symantec Endpoint Protection Cloud THE PROMISE OF CLOUD COMPUTING We re all moving from challenges like these Large
More informationCisco Cloud Security. How to Protect Business to Support Digital Transformation
Cisco Cloud Security How to Protect Business to Support Digital Transformation Dragan Novakovic Cybersecurity Consulting Systems Engineer January 2018. Security Enables Digitization Digital Disruption,
More informationEndpoint Protection : Last line of defense?
Endpoint Protection : Last line of defense? First TC Noumea, New Caledonia 10 Sept 2018 Independent Information Security Advisor OVERVIEW UNDERSTANDING ENDPOINT SECURITY AND THE BIG PICTURE Rapid development
More informationTrend Micro Incorporated reserves the right to make changes to this document and to the product described herein without notice. Before installing and using the product, review the readme files, release
More informationJoe Stocker, CISSP, MCITP, VTSP Patriot Consulting
Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting Microsoft Cloud Evangelist at Patriot Consulting Principal Systems Architect with 17 Years of experience Technical certifications: MCSE, MCITP Office
More informationThe best for everyday PC users
The best for everyday PC users 2019 ESET Internet Security delivers rock-solid protection for everyday web users, built on ESET s trademark best mix of detection, speed and usability. Legendary antivirus
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by machine learning and intelligent automation. By rethinking
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by behavior-based threat detection and intelligent automation.
More informationMcAfee Complete Endpoint Threat Protection Advanced threat protection for sophisticated attacks
McAfee Complete Endpoint Threat Protection Advanced threat protection for sophisticated attacks Key Advantages Stay ahead of zero-day threats, ransomware, and greyware with machine learning and dynamic
More informationTrend Micro. Apex One as a Service / Apex One. Best Practice Guide for Malware Protection. 1 Best Practice Guide Apex One as a Service / Apex Central
Trend Micro Apex One as a Service / Apex One Best Practice Guide for Malware Protection 1 Best Practice Guide Apex One as a Service / Apex Central Information in this document is subject to change without
More informationAnnexure E Technical Bid Format
Annexure E Technical Bid Format ANTIVIRUS SOLUTION FOR MAIL SERVER SECURITY AND SERVER SECURITY FOR DESKTOP,LAPTOP Sr. No Description Compliance (Y/N) Remark 01 Must offer comprehensive client/server security
More informationCisco Advanced Malware Protection (AMP) for Endpoints
Cisco Advanced Malware Protection (AMP) for Endpoints Endpoints continue to be the primary point of entry for attacks! 70% of breaches start on endpoint devices WHY? Gaps in protection Gaps in visibility
More informationEU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux
EU GENERAL DATA PROTECTION: TIME TO ACT Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux Is this the WAY you handle GDPR today 2 3 area s to consider
More informationSecuring the SMB Cloud Generation
Securing the SMB Cloud Generation Intelligent Protection Against the New Generation of Threats Colin Brackman, National Distribution Manager, Consumer Sales, Symantec Christopher Covert Principal Product
More informationNext-Gen Firewall Buyers Guide
Next-Gen Firewall Buyers Guide In a recent survey, we asked IT network managers to name their top issues with their existing firewall. Here are problems they cited: Visibility into application traffic,
More information9 Steps to Protect Against Ransomware
9 Steps to Protect Against Ransomware IT Support Analyst Task Overview Security Manager Security Dashboard Self Service log Secur Devices With Vulnerabilities Critical Important/High Moderate/Medium 40
More informationwith Advanced Protection
with Advanced Email Protection OVERVIEW Today s sophisticated threats are changing. They re multiplying. They re morphing into new variants. And they re targeting people, not just technology. As organizations
More informationDeep instinct For MSSPs
Deep instinct For MSSPs Deep Instinct Solution Deep Instinct is the first and only Endpoint & Mobile Cybersecurity solution that is based on a proprietary deep learning framework that was specifically
More informationSophos Intercept X. Stopping Active Adversaries An explanation of features included in Sophos Intercept X. Last updated 22th June 2017 v1.
Stopping Active Adversaries An explanation of features included in Sophos Intercept X Contents Introduction 3 Intercept X 3 Some common questions 3 Comprehensive Anti-Exploit 4 How does Intercept X prevent
More informationProduct Guide Revision B. McAfee Cloud Workload Security 5.0.0
Product Guide Revision B McAfee Cloud Workload Security 5.0.0 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee
More informationENTERPRISE ENDPOINT PROTECTION BUYER S GUIDE
ENTERPRISE ENDPOINT PROTECTION BUYER S GUIDE TABLE OF CONTENTS Overview...3 A Multi-Layer Approach to Endpoint Security...4 Known Attack Detection...5 Machine Learning...6 Behavioral Analysis...7 Exploit
More informationSymantec Ransomware Protection
Symantec Ransomware Protection Protection Against Ransomware Defense in depth across all control points is required to stop ransomware @ Email Symantec Email Security.cloud, Symantec Messaging Gateway
More informationBehavioral Analytics A Closer Look
SESSION ID: GPS2-F03 Behavioral Analytics A Closer Look Mike Huckaby VP, Global Systems Engineering RSA The world is full of obvious things which nobody by any chance ever observes. Sherlock Holmes 2 Patterns
More informationTHE ACCENTURE CYBER DEFENSE SOLUTION
THE ACCENTURE CYBER DEFENSE SOLUTION A MANAGED SERVICE FOR CYBER DEFENSE FROM ACCENTURE AND SPLUNK. YOUR CURRENT APPROACHES TO CYBER DEFENSE COULD BE PUTTING YOU AT RISK Cyber-attacks are increasingly
More informationThe 2017 State of Endpoint Security Risk
The 2017 State of Endpoint Security Risk Attacks are evolving. As a result, today s organizations are struggling to secure their endpoints, and paying a steep cost for each successful attack. To discover
More informationDHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1
Addressing the Evolving Cybersecurity Tom Tollerton, CISSP, CISA, PCI QSA Manager Cybersecurity Advisory Services DHG presenter Tom Tollerton, Manager DHG IT Advisory 704.367.7061 tom.tollerton@dhgllp.com
More informationTHE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson
THE RSA NETWITNESS SUITE REINVENT YOUR SIEM Presented by: Walter Abeson 1 Reality Goals GOALS VERSUS REALITY OF SIEM 1.0 Single compliance & security interface Analyze & prioritize alerts across various
More informationStopping the Threat at the Door
Stopping the Threat at the Door Matt Pannebaker Sales Engineer Ohio and Kentucky Today 2 Top Threats in the US Malvertising 6% Generic Malware 9% Crpytocoin Generator 6% Exploits 44% Phishing o 93% of
More informationSeqrite Endpoint Security
Enterprise Security Solutions by Quick Heal Integrated enterprise security and unified endpoint management console Enterprise Suite Edition Product Highlights Innovative endpoint security that prevents
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationSymantec & Blue Coat Technical Update Webinar 29. Juni 2017
Avantec Blue Coat/Symantec Webinar Jean Marc Edder Senior Systems Engineer The Global Leader in Cyber Network + + Cloud Global market leader in Endpoint, Email, Data Loss Prevention and Website, User Authentication
More informationEndpoint Security Buyers Guide
Endpoint Security Buyers Guide As cyber threats become ever more complex, the pressure on IT and security managers to have the right endpoint solution in place has also grown. However, the endpoint security
More informationWhite Paper. Why IDS Can t Adequately Protect Your IoT Devices
White Paper Why IDS Can t Adequately Protect Your IoT Devices Introduction As a key component in information technology security, Intrusion Detection Systems (IDS) monitor networks for suspicious activity
More informationBuilt without compromise for users who want it all
Built without compromise for users who want it all 2019 Enjoy your digital life, secured by ESET s ultimate multilayered antimalware protection for all internet users, built on ESET s trademark best mix
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationThe Invisible Threat of Modern Malware Lee Gitzes, CISSP Comm Solutions Company
The Invisible Threat of Modern Malware Lee Gitzes, CISSP Comm Solutions Company November 12, 2014 Malware s Evolution Why the change? Hacking is profitable! Breaches and Malware are Projected to Cost $491
More informationUP L13: Leveraging the full protection of SEP 12.1.x
UP L13: Leveraging the full protection of SEP 12.1.x Hands on lab Description In this hands on lab you will learn about the different protection technologies bundled in SEP 12.1.x and see how they complement
More informationSophos Central for partners and customers: overview and new features. Jonathan Shaw Senior Product Manager, Sophos Central
Sophos Central for partners and customers: overview and new features Jonathan Shaw Senior Product Manager, Sophos Central What is Sophos Central? Partner Dashboard Admin Self Service Allows Partners to
More informationVectra Cognito. Brochure HIGHLIGHTS. Security analyst in software
Brochure Vectra Cognito HIGHLIGHTS Finds active attackers inside your network Automates security investigations with conclusive answers Persistently tracks threats across all phases of attack Monitors
More informationTechnical Brochure F-SECURE THREAT SHIELD
Technical Brochure F-SECURE THREAT SHIELD F-SECURE THREATSHIELD F-Secure ThreatShield is a gateway-level security solution for protecting email and web traffic, with built-in network sandboxing technology.
More informationIT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2,
IT Security Training MS-500: Microsoft 365 Security Administration $2,595.00 4 Days Upcoming Dates Course Description Day 1: Managing Microsoft 365 Identity and Access (MS-500T01-A) Help protect against
More informationForeScout Extended Module for Splunk
Enterprise Strategy Group Getting to the bigger truth. ESG Lab Review ForeScout Extended Module for Splunk Date: May 2017 Author: Tony Palmer, Senior Lab Analyst Abstract This report provides a first look
More informationGetting over Ransomware - Plan your Strategy for more Advanced Threats
Getting over Ransomware - Plan your Strategy for more Advanced Threats Kaspersky Lab Hong Kong Eric Kwok General Manager Lapcom Ltd. BEYOND ANTI-VIRUS: TRUE CYBERSECURITY FROM KASPERSKY LAB 20 years ago
More informationOffice 365 Buyers Guide: Best Practices for Securing Office 365
Office 365 Buyers Guide: Best Practices for Securing Office 365 Microsoft Office 365 has become the standard productivity platform for the majority of organizations, large and small, around the world.
More informationDiscover threats quickly, remediate immediately, and mitigate the impact of malware and breaches
Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches Introduction No matter how hard you work to educate your employees about the constant and evolving threats
More informationARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE
ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE Vectra Cognito HIGHLIGHTS Finds active attackers inside your network Automates security investigations with conclusive
More informationCyber Security. Our part of the journey
Cyber Security Our part of the journey The Journey Evolved Built on the past Will be continued Not always perfect Small Steps moving forward The Privileged How to make enemies quickly Ask before acting
More informationOperationalizing the Three Principles of Advanced Threat Detection
SESSION ID: SDS2-R08 Operationalizing the Three Principles of Advanced Threat Detection ZULFIKAR RAMZAN, PH.D Chief Technology Officer RSA @zulfikar_ramzan Dealing with Traffic Congestion Singapore: Major
More informationSeceon s Open Threat Management software
Seceon s Open Threat Management software Seceon s Open Threat Management software (OTM), is a cyber-security advanced threat management platform that visualizes, detects, and eliminates threats in real
More informationBuilding Resilience in a Digital Enterprise
Building Resilience in a Digital Enterprise Top five steps to help reduce the risk of advanced targeted attacks To be successful in business today, an enterprise must operate securely in the cyberdomain.
More informationEFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave
EFFECTIVELY TARGETING ADVANCED THREATS Terry Sangha Sales Engineer at Trustwave THE CHALLENGE PROTECTING YOUR ENVIRONMENT IS NOT GETTING EASIER ENDPOINT POINT OF SALE MOBILE VULNERABILITY MANAGEMENT CYBER
More informationThe Cognito automated threat detection and response platform
Overview The Cognito automated threat detection and response platform HIGHLIGHTS Finds active cyberattackers inside cloud, data center and enterprise environments Automates security investigations with
More informationMcAfee Cloud Workload Security Product Guide
Revision B McAfee Cloud Workload Security 5.1.0 Product Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection,
More informationForeScout Extended Module for Carbon Black
ForeScout Extended Module for Carbon Black Version 1.0 Table of Contents About the Carbon Black Integration... 4 Advanced Threat Detection with the IOC Scanner Plugin... 4 Use Cases... 5 Carbon Black Agent
More informationSecuring Privileged Access Securing High Value Assets Datacenter Security Information Protection Information Worker and Device Protection
Securing Privileged Access Securing High Value Assets Datacenter Security Information Protection Information Worker and Device Protection Azure Active Directory 3 rd Party IaaS IaaS Rights Management Services
More information10 FOCUS AREAS FOR BREACH PREVENTION
10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual
More informationSO YOU THINK YOU ARE PROTECTED? THINK AGAIN! NEXT GENERATION ENDPOINT SECURITY
SO YOU THINK YOU ARE PROTECTED? THINK AGAIN! NEXT GENERATION ENDPOINT SECURITY www.securelink.net BACKGROUND Macro trends like cloud and mobility change the requirements for endpoint security. Data can
More informationCybowall Solution Overview
Cybowall Solution Overview 1 EVOLVING SECURITY CHALLENGES 2 EXAMPLES OF CYBER BREACHES INCLUDING CARD DATA 2013: Adobe Systems Hackers raided an Adobe back-up server on which they found and published a
More informationCognito Detect is the most powerful way to find and stop cyberattackers in real time
Overview Cognito Detect is the most powerful way to find and stop cyberattackers in real time HIGHLIGHTS Always-learning behavioral models use AI to find hidden and unknown attackers, enable quick, decisive
More informationAgile Security Solutions
Agile Security Solutions Piotr Linke Security Engineer CISSP CISA CRISC CISM Open Source SNORT 2 Consider these guys All were smart. All had security. All were seriously compromised. 3 The Industrialization
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationCopyright 2011 Trend Micro Inc.
Copyright 2011 Trend Micro Inc. 2008Q1 2008Q2 2008Q3 2008Q4 2009Q1 2009Q2 2009Q3 2009Q4 2010Q1 2010Q2 2010Q3 2010Q4 2011Q1 2011Q2 2011Q3 2011Q4 M'JPY Cloud Security revenue Q to Q Growth DeepSecurity/Hosted/CPVM/IDF
More informationBREAKTHROUGH CYBER SECURITY FREQUENTLY ASKED QUESTIONS
BREAKTHROUGH CYBER SECURITY FREQUENTLY ASKED QUESTIONS www.gbmstech.com What does GBMS Tech do? WE STOP MALWARE from running on your computers and mobile devices. We block CryptoLocker and Ransomware without
More information2018 Cyber Security Predictions
2018 Cyber Security Predictions Rampa Manoonsin Country Manager, Thailand Symantec At a Glance 175M endpoints under protection $5B+ FY18E revenue 2100+ patents Leader in 4 Gartner MQs SWG, EPP, DLP and
More informationSecuring Your Amazon Web Services Virtual Networks
Securing Your Amazon Web Services s IPS security for public cloud deployments It s no surprise that public cloud infrastructure has experienced fast adoption. It is quick and easy to spin up a workload,
More informationForeScout ControlFabric TM Architecture
ForeScout ControlFabric TM Architecture IMPROVE MULTI-VENDOR SOLUTION EFFECTIVENESS, RESPONSE AND WORKFLOW AUTOMATION THROUGH COLLABORATION WITH INDUSTRY-LEADING TECHNOLOGY PARTNERS. The Challenge 50%
More informationIntercepting WannaCry
Intercepting WannaCry Sophos Intercept-X Yannick Escudero Sales Engineer June 2017 Exploit Techniques vs Antivirus How (not) to test endpoint security software https://www.youtube.com/watch?v=aq2bucgqzjg
More informationManaged Endpoint Defense
DATA SHEET Managed Endpoint Defense Powered by CB Defense Next-gen endpoint threat detection and response DEPLOY AND HARDEN. Rapidly deploy and optimize endpoint prevention with dedicated security experts
More informationEliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat
WHITE PAPER Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat Executive Summary Unfortunately, it s a foregone conclusion that no organisation is 100 percent safe
More information