SophosLabs 2019 Threat Report

Size: px
Start display at page:

Download "SophosLabs 2019 Threat Report"

Transcription

1 SophosLabs 2019 Threat Report Walter Narisoni Sales Engineer Manager 12 February 2019

2 Targeted Attacks on the Rise

3 SamSam 3

4 Victims

5 5

6 SamSam ransom payments - $6.7 million USD January November

7 Copy cats SamSam BitPaymer Ryuk Dharma GandCrab Type Targeted Targeted Targeted Targeted RaaS Deployment RDP RDP RDP RDP Victim profile Medium/large organizations Medium/large organizations Medium/large organizations Small organizations RDP/ /Exploit kits Typical ransom $40,000 $50,000-$1M+ $100,000 $5,000 $1,000-$8,000 Frequency 1+ per day Multiple per week Multiple per week Multiple per day Unknown Any Targets Regions affected All servers and endpoints Global w/us concentration All servers All servers Critical servers Any Global Global Global Global 7

8 Action items Security basics Intercept X Lateral movement protection 8

9 Living Off the Land

10 10

11 Infection chain.exe.zip.js.ps1.bat

12 Office exploits 12

13 Risky file types File extension File type details Windows component.chm Compiled HTML help HTML Help Executable (hh.exe).cmd Microsoft command file Shell.CPL Control panel Shell.DOTM Macro-enabled document template Word.exe.HTA HTML application Windows Script Host (wscript.exe).jar Java application Java.exe.JS Javascript Windows Script Host (wscript.exe).lnk Windows shortcut Shell.PIF Program Information File Shell.PS1 PowerShell Powershell.exe.SCF Shell Command File Shell.VBS Visual Basic Script Windows Script Host (wscript.exe).wsf Windows Script File Windows Script Host (wscript.exe) 13

14 Cryptojacking

15 Action items Reassign default applications Application control is your friend Sandstorm to the rescue 15

16 Mobile + IoT

17 17

18 Phishing-in-the-app 18

19 Phishing-in-the-app 19

20 Phishing-in-the-app 20

21 Mobile jacking 21

22 VPNFilter 22

23 VPNFilter 23

24 MikroTik 24

25 Patching works 25

26 Action items Stick to official markets Do your research Take control of your devices 26

27 Conclusions Ransomware isn t going away Most attacks start with an Build a solid security foundation Security is a lifestyle

28 Sophos History Evolution to complete security Founded in Abingdon (Oxford), UK Voted best small/medium sized company in UK Acquired Astaro Divested noncore Cyber business Acquired Reflexion Acquired Invincea Peter Lammer c1985 Jan Hruska c1985 US presence established in Boston IPO London Stock Exchange Launched Synchronized Security with Security Heartbeat Acquired ActiveState Acquired DIALOGS Acquired Cyberoam Acquired PhishThreat First checksumbased antivirus software First signaturebased antivirus software Acquired Utimaco Safeware AG Acquired Mojave Networks Acquired Surfright Acquired Barricade 28

29 Sophos Synchronized Security Next-Gen Firewall Wireless Security Heartbeat Next-Gen Endpoint Mobile Web Server PhishThreat Sophos Central Encryption

30

31 The most comprehensive endpoint protection Unknown Threats Crypto-Ransomware Real-Time Attacks Protect Against the Unknown Deep Learning Behavior Model Signatureless Exploit Prevention Malicious and Benign identification Tiny Footprint & Low False Positives Stop Ransomware Behavioral Based Conviction Blocks Encryption and Boot Attacks Automatically Reverts Affected Files Identifies Source of Attack Deny the Hacker Protects against Real-Time Breaches Stops Credential Harvesting Attacks Prevents Persistence Techniques Blocks APC and Process Attacks UNKNOWN THREATS CRYPTO RANSOMWARE EVASIVE ATTACKER No User / Performance Impact No File Scanning No Signatures Prevent Ransomware Attacks Roll-Back Changes Attack Chain Analysis Prevent Land and Expand Protect Login Credentials Expose Hackers in plain sight

32 Threat Lifecycle Intercept X Feature Map LOCAL PRIVILEGE MITIGATION SYNCHRONIZED SECURITY Heartbeat MACHINE LEARNING INVESTIGATE & REMOVE Root Cause Analysis (RCA) Sophos Clean M with SafeStore ANTI-RANSOMWARE APPLICATION LOCKDOWN CREDENTIAL THEFT PROTECTION MEMORY MITIGATIONS Delivery Exploitation Installation Actions on Objective Command & Control CODE MITIGATIONS APC MITIGATION PROCESS PROTECTIONS SAFE BROWSING MALICIOUS TRAFFIC DETECTION

33 Threat Lifecycle Intercept X + Endpoint Advanced SYNCHRONIZED SECURITY Heartbeat PRE-EXECUTION BEHAVIOR ANALYSIS INVESTIGATE & REMOVE Root Cause Analysis (RCA) Sophos Clean M with SafeStore RUNTIME BEHAVIOR ANALYSIS LOCAL PRIVILEGE MITIGATION MACHINE LEARNING ANTI-RANSOMWARE WEB CONTROL APPLICATION LOCKDOWN LIVE PROTECTION CREDENTIAL THEFT PROTECTION WEB PROTECTION MEMORY MITIGATIONS ANTI-MALWARE DATA LOSS PREVENTION Delivery Exploitation Installation Actions on Objective Command & Control PERIPHERAL CONTROL CODE MITIGATIONS PROCESS PROTECTIONS SAFE BROWSING DOWNLOAD REPUTATION APC MITIGATION POTENTIALLY UNWANTED APPS APPLICATION CONTROL MALICIOUS TRAFFIC DETECTION

34

35

36

37

38 Intercept X Prevention Stop breaches before they start Top-rated endpoint protection stops more threats Reduces the Overall Attack Surface Significantly lightens the EDR workload Optimizes resources by reducing noise Detect Investigate Respond Malicious Code or Hackers Intercept X Advanced with EDR Detect Investigate Respond

39 Intercept and EDR

40

41 Synchronized Security

42 Endpoint and firewall Integration 1 Malware Detection Sophos Endpoint detects a malware attack 2 Cross-Estate Communication Sophos Endpoint shares infection status with the security system, triggering automatic responses 3 Device Isolation XG Firewall instantly isolates the computer, preventing the attack from spreading, and communication with C2 servers. Security Heartbeat 5 Access Restored XG Firewall restores network access. Root Cause Analysis provides detailed view of what happened. 4 Clean-up Sophos Endpoint automatically cleans up the infection. Once the malware is removed, Sophos Endpoint shares this update with the cybersecurity system

43 Endpoint and Encryption Integration 1 Threat Detected Sophos Endpoint detects malware threat or intruder 2 Cross-system Communication Sophos Endpoint shares this information with the security system via the Security Heartbeat 3 Encryption Keys Revoked SafeGuard Encryption revokes the encryption keys on the affected device, preventing theft of data.! Security Heartbeat 5 Encryption Keys Restored SafeGuard Enterprise restores the encryption keys, and access to data returns to normal. 4 Clean-up Sophos Endpoint automatically cleans up the infection. Once the threat is removed, Sophos Endpoint shares this update with the cybersecurity system

44

45 Synchronized App Control Taking Application Visibility and Control to a whole new level with Synchronized Security What Firewalls See Today What XG Firewall Sees All firewalls today depend on static application signatures to identify apps. But those don t work for most custom, obscure, evasive, or any apps using generic HTTP or HTTPS. You can t control what you can t see. XG Firewall utilizes Synchronized Security to automatically identify, classify, and control all unknown applications. Easily blocking the apps you don t want and prioritizing the ones you do. 46

46 Synchronized App Control 1 Unknown Application Sophos XG Firewall sees app traffic that does not match a signature 2 Endpoint Shares App Info Sophos Endpoint passes app name, patch and category to XG Firewall for classification Security Heartbeat 3 App is Classified and Controlled Automatically categorize and control where possible, or admin can manually set category or policy to apply.

47

48 Three Winning XG Sales Plays 1. Aggressive Firewall Replacement Who to target and how Replace SonicWALL, WatchGuard, and Legacy UTM Primary <100 Users, Secondary <500 Users, UTM Deployments, Lite Campus Edge (NGFW) Lead with Industry Accolades, Key Differentiators, Sync Security 2. Opportunistically pursue Pragmatic Enterprise Inline Deployment (for Synchronized Security) Opportunistically pursue Pragmatic Enterprise, SE validation needed Cisco/PAN/Checkpoint/Fortinet Lead with enabling Synchronized Security Be prepared to pivot between firewall replacement and inline deployment 3. Cross-Sell to Intercept X Install Base Discover Mode (off to the side) deployment, no impact or risk to network Enables Synchronized Security reporting and visibility only Piggyback off of huge Intercept X demand/growth (Central EP Install base) Get into the rack

49 Endpoint and Wireless Integration 1 Malware Detection Sophos Endpoint detects a malware attack 2 Cross-Estate Communication Sophos Endpoint shares infection status with the security system, triggering automatic responses 3 Restrict Internet Access Sophos Wireless automatically restricts internet access for the affected endpoint, stopping further malware download and preventing communication with C2 servers Security Heartbeat 5 Access Restored Sophos Wireless restores full internet access. 4 Clean-up Sophos Endpoint automatically cleans up the infection. Once the malware is removed, Sophos Endpoint shares this update with the cybersecurity system

50 Mobile and Wireless Integration 1 Compliance violation A user creates a compliance violation on a phone secured through Sophos Mobile 2 Cross-estate Communication Sophos Mobile sees the violation and shares it with the rest of the system, triggering predefined actions 3 Deny Network If the deny network rule is selected in Sophos Mobile, Sophos Wireless will restrict internet access. Security Heartbeat 1 4b Mobile Client Alert When the phone user tries to access the web a splash screen tells them that internet access has been restricted. 4a Instant Insights The Sophos Wireless dashboard instantly indicated that there is a compromised device (a red heartbeat)

51

52 Strategic Product Priorities ENDPOINT FIREWALL CENTRAL SYNC SEC Intercept X: Advanced threat detection and response for the enterprise. Project Nemo: Enterprise firewall built on high-performance custom hardware. Sophos Central: Create an extensible security platform. Project Darwin: Artificially intelligent security and analytics.

53 Project Darwin Adaptive Response Agent Sensors Event Model Data Libraries Applications [Containers] Operating System [Hypervisor] Physical Device API (IaaS, SaaS, etc.) Identity Entity Models High Interaction Interfaces Threat Intelligence Security Marketplace Analytics API Inferences Observations Events Event Stream Identity Provider SaaS Application

54

Walter Narisoni Sales Engineer Manager

Walter Narisoni Sales Engineer Manager Walter Narisoni Sales Engineer Manager Sophos History Evolution to complete security Founded in Abingdon (Oxford), UK Voted best small/medium sized company in UK Acquired Astaro Divested noncore Cyber

More information

Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options

Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options Agenda Why we need a new approach to endpoint security Introducing Sophos Intercept X Demonstration / Feature Walk Through Deployment Options Q & A 2 Endpoint Security has reached a Tipping Point Attacks

More information

Next Generation Enduser Protection

Next Generation Enduser Protection Next Generation Enduser Protection Janne Timisjärvi Systems Engineer 10.5.2017 What is the the real threat? Encrypted! Give me all your Bitcoin$ Let s check if there Is something of value The Evolution

More information

INTRODUCING SOPHOS INTERCEPT X

INTRODUCING SOPHOS INTERCEPT X INTRODUCING SOPHOS INTERCEPT X Matt Cooke Senior Product Marketing Manager November 2016 A Leader in Endpoint Security Sophos delivers the most enterprise-friendly SaaS endpoint security suite. Sophos

More information

Synchronized Security

Synchronized Security Synchronized Security 2 Endpoint Firewall Synchronized Security Platform and Strategy Admin Manage All Sophos Products Self Service User Customizable Alerts Partner Management of Customer Installations

More information

Sophos Central Admin. help

Sophos Central Admin. help help Contents About Sophos Central...1 Activate Your License... 2 Overview...3 Dashboard... 3 Alerts...4 Logs & Reports... 15 People...31 Devices... 41 Global Settings... 57 Protect Devices... 90 Endpoint

More information

Server Protection Buyers Guide

Server Protection Buyers Guide Server Protection Buyers Guide Cyber threats to servers continue to evolve in complexity and viciousness at an alarming rate. Devastating ransomware outbreaks such as WannaCry and NotPetya highlighted

More information

Synchronized Security: Outsmart Hackers by Coordinating Your Defenses

Synchronized Security: Outsmart Hackers by Coordinating Your Defenses Synchronized Security: Outsmart Hackers by Coordinating Your Defenses Seth Geftic Endpoint Security Group November 2 nd, 2017 What could you do in two hours? What could an attacker do in two hours? Attacks

More information

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT? WHAT IS FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT? While firewalls started life simply protecting networks from outside hacks and attacks, the role of the firewall has greatly evolved to take

More information

Sophos. Allan Widell Channel Account Executive. 24. August 2017

Sophos. Allan Widell Channel Account Executive. 24. August 2017 Sophos Allan Widell Channel Account Executive 24. August 2017 Our Differentiated Model Focus on mid-market enterprises: over 50% of IT security market Complete, advanced, and highly effective security

More information

Synchronized Security

Synchronized Security Synchronized Security Revolutionizing Advanced Threat Protection Per Söderqvist Sales Engineer Nordics and Baltics 1 A Proven Market Leader Endpoint Encryption Leader UTM Unified Threat Management EPP

More information

Sophos Central Admin. help

Sophos Central Admin. help help Contents About Sophos Central... 1 Activate Your License...2 Endpoint Protection...3 Dashboard...3 Alerts...4 Root Cause Analysis...9 Logs & Reports... 11 People... 24 Computers...33 Computer Groups...40

More information

FIREWALL BEST PRACTICES TO BLOCK

FIREWALL BEST PRACTICES TO BLOCK FIREWALL BEST PRACTICES TO BLOCK Ransomware attacks are only increasing in complexity and are getting more efficient at exploiting network and system vulnerabilities, leaving organizations with a significant

More information

Synchronized Security In Action

Synchronized Security In Action Synchronized Security In Action 99% Reduction in incident response time Firewall Web Wireless Email Sophos Central Server Encryption Mobile Endpoint ~5K Firewalls w/ Security Heartbeat 2 Avg. firewalls

More information

CloudSOC and Security.cloud for Microsoft Office 365

CloudSOC and  Security.cloud for Microsoft Office 365 Solution Brief CloudSOC and Email Security.cloud for Microsoft Office 365 DID YOU KNOW? Email is the #1 delivery mechanism for malware. 1 Over 40% of compliance related data in Office 365 is overexposed

More information

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com Protect Your Endpoint, Keep Your Business Safe. White Paper Exosphere, Inc. getexosphere.com White Paper Today s Threat Landscape Cyber attacks today are increasingly sophisticated and widespread, rendering

More information

FIREWALL BEST PRACTICES TO BLOCK

FIREWALL BEST PRACTICES TO BLOCK Brought to you by Enterprie Control Systems FIREWALL BEST PRACTICES TO BLOCK Recent ransomware attacks like Wanna and Petya have spread largely unchecked through corporate networks in recent months, extorting

More information

CHARLES DARWIN, CYBERSECURITY VISIONARY

CHARLES DARWIN, CYBERSECURITY VISIONARY SESSION ID: SPO1-W12 CHARLES DARWIN, CYBERSECURITY VISIONARY Dan Schiappa SVP and GM, Products Sophos @dan_schiappa It is not the strongest of the species that survives, nor the most intelligent that survives.

More information

Top 10 most important IT priorities over the next 12 months. (Percent of respondents, N=633, ten responses accepted)

Top 10 most important IT priorities over the next 12 months. (Percent of respondents, N=633, ten responses accepted) ESG Lab Review Sophos Security Heartbeat Date: January 2016 Author: Tony Palmer, Sr. ESG Lab Analyst; and Jack Poller, ESG Lab Analyst Abstract: This report examines the key attributes of Sophos synchronized

More information

MODERN DESKTOP SECURITY

MODERN DESKTOP SECURITY MODERN DESKTOP SECURITY I M GOING TO BE HONEST. WE RE IN THE FIGHT OF OUR DIGITAL LIVES, AND WE ARE NOT WINNING! M I C H A E L M C C A U L, C H A I R M A N, U S H O M E L A N D S E C U R I T Y C O M M

More information

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY OUTLINE Advanced Threat Landscape (genv) Why is endpoint protection essential? Types of attacks and how to prevent them

More information

Australian Signals Directorate (ASD) Top 35 Reference Card

Australian Signals Directorate (ASD) Top 35 Reference Card The Australian Signals Directorate (ASD) published its Strategies to Mitigate Targeted Cyber Intrusions based on its analysis of incidents across the Australian Government. First published in 2010, an

More information

Sophos Central Admin. help

Sophos Central Admin. help help Contents About Sophos Central... 1 Activate Your License...2 Overview... 3 Dashboard...3 Alerts...4 Logs & Reports... 10 People... 25 Devices... 34 Global Settings...50 Protect Devices...78 Endpoint

More information

WINNERS AND LOSERS OF THE 2018 CYBERTHREAT ROLLERCOASTER. Claudio Tosi, Sales Engineer, Malwarebytes

WINNERS AND LOSERS OF THE 2018 CYBERTHREAT ROLLERCOASTER. Claudio Tosi, Sales Engineer, Malwarebytes WINNERS AND LOSERS OF THE 2018 CYBERTHREAT ROLLERCOASTER Claudio Tosi, Sales Engineer, Malwarebytes 1 Why are businesses getting hit with so much malware? 2 BUSINESS DETECTION 2017/2018 Silent Threats

More information

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches

More information

The Next Generation Security Platform. Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy

The Next Generation Security Platform. Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy The Next Generation Security Platform Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy The Next Generation Enterprise Security Platform Core Value Proposition An Enterprise Security

More information

Security Made Simple by Sophos

Security Made Simple by Sophos Security Made Simple by Sophos Indian businesses in the radar of cyber-threats Frequency of cyber-attacks Most targeted systems / IT assets -- KPMG Cybercrime Survey Report 2015 3 ON AN AVERAGE, HOW MUCH

More information

Streaming Prevention in Cb Defense. Stop malware and non-malware attacks that bypass machine-learning AV and traditional AV

Streaming Prevention in Cb Defense. Stop malware and non-malware attacks that bypass machine-learning AV and traditional AV Streaming Prevention in Cb Defense Stop malware and non-malware attacks that bypass machine-learning AV and traditional AV 2 STREAMING PREVENTION IN Cb DEFENSE OVERVIEW Over the past three years, cyberattackers

More information

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive

More information

McAfee Advanced Threat Defense

McAfee Advanced Threat Defense Advanced Threat Defense Detect advanced malware Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike

More information

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan & Securing Dynamic Data Centers Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan & Afghanistan @WajahatRajab Modern Challenges By 2020, 60% of Digital Businesses will suffer Major Service

More information

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud Christopher Covert Principal Product Manager Enterprise Solutions Group Copyright 2016 Symantec Endpoint Protection Cloud THE PROMISE OF CLOUD COMPUTING We re all moving from challenges like these Large

More information

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

Cisco Cloud Security. How to Protect Business to Support Digital Transformation Cisco Cloud Security How to Protect Business to Support Digital Transformation Dragan Novakovic Cybersecurity Consulting Systems Engineer January 2018. Security Enables Digitization Digital Disruption,

More information

Endpoint Protection : Last line of defense?

Endpoint Protection : Last line of defense? Endpoint Protection : Last line of defense? First TC Noumea, New Caledonia 10 Sept 2018 Independent Information Security Advisor OVERVIEW UNDERSTANDING ENDPOINT SECURITY AND THE BIG PICTURE Rapid development

More information

Trend Micro Incorporated reserves the right to make changes to this document and to the product described herein without notice. Before installing and using the product, review the readme files, release

More information

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting Microsoft Cloud Evangelist at Patriot Consulting Principal Systems Architect with 17 Years of experience Technical certifications: MCSE, MCITP Office

More information

The best for everyday PC users

The best for everyday PC users The best for everyday PC users 2019 ESET Internet Security delivers rock-solid protection for everyday web users, built on ESET s trademark best mix of detection, speed and usability. Legendary antivirus

More information

SentinelOne Technical Brief

SentinelOne Technical Brief SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by machine learning and intelligent automation. By rethinking

More information

SentinelOne Technical Brief

SentinelOne Technical Brief SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by behavior-based threat detection and intelligent automation.

More information

McAfee Complete Endpoint Threat Protection Advanced threat protection for sophisticated attacks

McAfee Complete Endpoint Threat Protection Advanced threat protection for sophisticated attacks McAfee Complete Endpoint Threat Protection Advanced threat protection for sophisticated attacks Key Advantages Stay ahead of zero-day threats, ransomware, and greyware with machine learning and dynamic

More information

Trend Micro. Apex One as a Service / Apex One. Best Practice Guide for Malware Protection. 1 Best Practice Guide Apex One as a Service / Apex Central

Trend Micro. Apex One as a Service / Apex One. Best Practice Guide for Malware Protection. 1 Best Practice Guide Apex One as a Service / Apex Central Trend Micro Apex One as a Service / Apex One Best Practice Guide for Malware Protection 1 Best Practice Guide Apex One as a Service / Apex Central Information in this document is subject to change without

More information

Annexure E Technical Bid Format

Annexure E Technical Bid Format Annexure E Technical Bid Format ANTIVIRUS SOLUTION FOR MAIL SERVER SECURITY AND SERVER SECURITY FOR DESKTOP,LAPTOP Sr. No Description Compliance (Y/N) Remark 01 Must offer comprehensive client/server security

More information

Cisco Advanced Malware Protection (AMP) for Endpoints

Cisco Advanced Malware Protection (AMP) for Endpoints Cisco Advanced Malware Protection (AMP) for Endpoints Endpoints continue to be the primary point of entry for attacks! 70% of breaches start on endpoint devices WHY? Gaps in protection Gaps in visibility

More information

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux EU GENERAL DATA PROTECTION: TIME TO ACT Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux Is this the WAY you handle GDPR today 2 3 area s to consider

More information

Securing the SMB Cloud Generation

Securing the SMB Cloud Generation Securing the SMB Cloud Generation Intelligent Protection Against the New Generation of Threats Colin Brackman, National Distribution Manager, Consumer Sales, Symantec Christopher Covert Principal Product

More information

Next-Gen Firewall Buyers Guide

Next-Gen Firewall Buyers Guide Next-Gen Firewall Buyers Guide In a recent survey, we asked IT network managers to name their top issues with their existing firewall. Here are problems they cited: Visibility into application traffic,

More information

9 Steps to Protect Against Ransomware

9 Steps to Protect Against Ransomware 9 Steps to Protect Against Ransomware IT Support Analyst Task Overview Security Manager Security Dashboard Self Service log Secur Devices With Vulnerabilities Critical Important/High Moderate/Medium 40

More information

with Advanced Protection

with Advanced  Protection with Advanced Email Protection OVERVIEW Today s sophisticated threats are changing. They re multiplying. They re morphing into new variants. And they re targeting people, not just technology. As organizations

More information

Deep instinct For MSSPs

Deep instinct For MSSPs Deep instinct For MSSPs Deep Instinct Solution Deep Instinct is the first and only Endpoint & Mobile Cybersecurity solution that is based on a proprietary deep learning framework that was specifically

More information

Sophos Intercept X. Stopping Active Adversaries An explanation of features included in Sophos Intercept X. Last updated 22th June 2017 v1.

Sophos Intercept X. Stopping Active Adversaries An explanation of features included in Sophos Intercept X. Last updated 22th June 2017 v1. Stopping Active Adversaries An explanation of features included in Sophos Intercept X Contents Introduction 3 Intercept X 3 Some common questions 3 Comprehensive Anti-Exploit 4 How does Intercept X prevent

More information

Product Guide Revision B. McAfee Cloud Workload Security 5.0.0

Product Guide Revision B. McAfee Cloud Workload Security 5.0.0 Product Guide Revision B McAfee Cloud Workload Security 5.0.0 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee

More information

ENTERPRISE ENDPOINT PROTECTION BUYER S GUIDE

ENTERPRISE ENDPOINT PROTECTION BUYER S GUIDE ENTERPRISE ENDPOINT PROTECTION BUYER S GUIDE TABLE OF CONTENTS Overview...3 A Multi-Layer Approach to Endpoint Security...4 Known Attack Detection...5 Machine Learning...6 Behavioral Analysis...7 Exploit

More information

Symantec Ransomware Protection

Symantec Ransomware Protection Symantec Ransomware Protection Protection Against Ransomware Defense in depth across all control points is required to stop ransomware @ Email Symantec Email Security.cloud, Symantec Messaging Gateway

More information

Behavioral Analytics A Closer Look

Behavioral Analytics A Closer Look SESSION ID: GPS2-F03 Behavioral Analytics A Closer Look Mike Huckaby VP, Global Systems Engineering RSA The world is full of obvious things which nobody by any chance ever observes. Sherlock Holmes 2 Patterns

More information

THE ACCENTURE CYBER DEFENSE SOLUTION

THE ACCENTURE CYBER DEFENSE SOLUTION THE ACCENTURE CYBER DEFENSE SOLUTION A MANAGED SERVICE FOR CYBER DEFENSE FROM ACCENTURE AND SPLUNK. YOUR CURRENT APPROACHES TO CYBER DEFENSE COULD BE PUTTING YOU AT RISK Cyber-attacks are increasingly

More information

The 2017 State of Endpoint Security Risk

The 2017 State of Endpoint Security Risk The 2017 State of Endpoint Security Risk Attacks are evolving. As a result, today s organizations are struggling to secure their endpoints, and paying a steep cost for each successful attack. To discover

More information

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1 Addressing the Evolving Cybersecurity Tom Tollerton, CISSP, CISA, PCI QSA Manager Cybersecurity Advisory Services DHG presenter Tom Tollerton, Manager DHG IT Advisory 704.367.7061 tom.tollerton@dhgllp.com

More information

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson THE RSA NETWITNESS SUITE REINVENT YOUR SIEM Presented by: Walter Abeson 1 Reality Goals GOALS VERSUS REALITY OF SIEM 1.0 Single compliance & security interface Analyze & prioritize alerts across various

More information

Stopping the Threat at the Door

Stopping the Threat at the Door Stopping the Threat at the Door Matt Pannebaker Sales Engineer Ohio and Kentucky Today 2 Top Threats in the US Malvertising 6% Generic Malware 9% Crpytocoin Generator 6% Exploits 44% Phishing o 93% of

More information

Seqrite Endpoint Security

Seqrite Endpoint Security Enterprise Security Solutions by Quick Heal Integrated enterprise security and unified endpoint management console Enterprise Suite Edition Product Highlights Innovative endpoint security that prevents

More information

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS 10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND

More information

Symantec & Blue Coat Technical Update Webinar 29. Juni 2017

Symantec & Blue Coat Technical Update Webinar 29. Juni 2017 Avantec Blue Coat/Symantec Webinar Jean Marc Edder Senior Systems Engineer The Global Leader in Cyber Network + + Cloud Global market leader in Endpoint, Email, Data Loss Prevention and Website, User Authentication

More information

Endpoint Security Buyers Guide

Endpoint Security Buyers Guide Endpoint Security Buyers Guide As cyber threats become ever more complex, the pressure on IT and security managers to have the right endpoint solution in place has also grown. However, the endpoint security

More information

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

White Paper. Why IDS Can t Adequately Protect Your IoT Devices White Paper Why IDS Can t Adequately Protect Your IoT Devices Introduction As a key component in information technology security, Intrusion Detection Systems (IDS) monitor networks for suspicious activity

More information

Built without compromise for users who want it all

Built without compromise for users who want it all Built without compromise for users who want it all 2019 Enjoy your digital life, secured by ESET s ultimate multilayered antimalware protection for all internet users, built on ESET s trademark best mix

More information

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

The SANS Institute Top 20 Critical Security Controls. Compliance Guide The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise

More information

The Invisible Threat of Modern Malware Lee Gitzes, CISSP Comm Solutions Company

The Invisible Threat of Modern Malware Lee Gitzes, CISSP Comm Solutions Company The Invisible Threat of Modern Malware Lee Gitzes, CISSP Comm Solutions Company November 12, 2014 Malware s Evolution Why the change? Hacking is profitable! Breaches and Malware are Projected to Cost $491

More information

UP L13: Leveraging the full protection of SEP 12.1.x

UP L13: Leveraging the full protection of SEP 12.1.x UP L13: Leveraging the full protection of SEP 12.1.x Hands on lab Description In this hands on lab you will learn about the different protection technologies bundled in SEP 12.1.x and see how they complement

More information

Sophos Central for partners and customers: overview and new features. Jonathan Shaw Senior Product Manager, Sophos Central

Sophos Central for partners and customers: overview and new features. Jonathan Shaw Senior Product Manager, Sophos Central Sophos Central for partners and customers: overview and new features Jonathan Shaw Senior Product Manager, Sophos Central What is Sophos Central? Partner Dashboard Admin Self Service Allows Partners to

More information

Vectra Cognito. Brochure HIGHLIGHTS. Security analyst in software

Vectra Cognito. Brochure HIGHLIGHTS. Security analyst in software Brochure Vectra Cognito HIGHLIGHTS Finds active attackers inside your network Automates security investigations with conclusive answers Persistently tracks threats across all phases of attack Monitors

More information

Technical Brochure F-SECURE THREAT SHIELD

Technical Brochure F-SECURE THREAT SHIELD Technical Brochure F-SECURE THREAT SHIELD F-SECURE THREATSHIELD F-Secure ThreatShield is a gateway-level security solution for protecting email and web traffic, with built-in network sandboxing technology.

More information

IT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2,

IT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2, IT Security Training MS-500: Microsoft 365 Security Administration $2,595.00 4 Days Upcoming Dates Course Description Day 1: Managing Microsoft 365 Identity and Access (MS-500T01-A) Help protect against

More information

ForeScout Extended Module for Splunk

ForeScout Extended Module for Splunk Enterprise Strategy Group Getting to the bigger truth. ESG Lab Review ForeScout Extended Module for Splunk Date: May 2017 Author: Tony Palmer, Senior Lab Analyst Abstract This report provides a first look

More information

Getting over Ransomware - Plan your Strategy for more Advanced Threats

Getting over Ransomware - Plan your Strategy for more Advanced Threats Getting over Ransomware - Plan your Strategy for more Advanced Threats Kaspersky Lab Hong Kong Eric Kwok General Manager Lapcom Ltd. BEYOND ANTI-VIRUS: TRUE CYBERSECURITY FROM KASPERSKY LAB 20 years ago

More information

Office 365 Buyers Guide: Best Practices for Securing Office 365

Office 365 Buyers Guide: Best Practices for Securing Office 365 Office 365 Buyers Guide: Best Practices for Securing Office 365 Microsoft Office 365 has become the standard productivity platform for the majority of organizations, large and small, around the world.

More information

Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches

Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches Introduction No matter how hard you work to educate your employees about the constant and evolving threats

More information

ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE

ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE Vectra Cognito HIGHLIGHTS Finds active attackers inside your network Automates security investigations with conclusive

More information

Cyber Security. Our part of the journey

Cyber Security. Our part of the journey Cyber Security Our part of the journey The Journey Evolved Built on the past Will be continued Not always perfect Small Steps moving forward The Privileged How to make enemies quickly Ask before acting

More information

Operationalizing the Three Principles of Advanced Threat Detection

Operationalizing the Three Principles of Advanced Threat Detection SESSION ID: SDS2-R08 Operationalizing the Three Principles of Advanced Threat Detection ZULFIKAR RAMZAN, PH.D Chief Technology Officer RSA @zulfikar_ramzan Dealing with Traffic Congestion Singapore: Major

More information

Seceon s Open Threat Management software

Seceon s Open Threat Management software Seceon s Open Threat Management software Seceon s Open Threat Management software (OTM), is a cyber-security advanced threat management platform that visualizes, detects, and eliminates threats in real

More information

Building Resilience in a Digital Enterprise

Building Resilience in a Digital Enterprise Building Resilience in a Digital Enterprise Top five steps to help reduce the risk of advanced targeted attacks To be successful in business today, an enterprise must operate securely in the cyberdomain.

More information

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave EFFECTIVELY TARGETING ADVANCED THREATS Terry Sangha Sales Engineer at Trustwave THE CHALLENGE PROTECTING YOUR ENVIRONMENT IS NOT GETTING EASIER ENDPOINT POINT OF SALE MOBILE VULNERABILITY MANAGEMENT CYBER

More information

The Cognito automated threat detection and response platform

The Cognito automated threat detection and response platform Overview The Cognito automated threat detection and response platform HIGHLIGHTS Finds active cyberattackers inside cloud, data center and enterprise environments Automates security investigations with

More information

McAfee Cloud Workload Security Product Guide

McAfee Cloud Workload Security Product Guide Revision B McAfee Cloud Workload Security 5.1.0 Product Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection,

More information

ForeScout Extended Module for Carbon Black

ForeScout Extended Module for Carbon Black ForeScout Extended Module for Carbon Black Version 1.0 Table of Contents About the Carbon Black Integration... 4 Advanced Threat Detection with the IOC Scanner Plugin... 4 Use Cases... 5 Carbon Black Agent

More information

Securing Privileged Access Securing High Value Assets Datacenter Security Information Protection Information Worker and Device Protection

Securing Privileged Access Securing High Value Assets Datacenter Security Information Protection Information Worker and Device Protection Securing Privileged Access Securing High Value Assets Datacenter Security Information Protection Information Worker and Device Protection Azure Active Directory 3 rd Party IaaS IaaS Rights Management Services

More information

10 FOCUS AREAS FOR BREACH PREVENTION

10 FOCUS AREAS FOR BREACH PREVENTION 10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual

More information

SO YOU THINK YOU ARE PROTECTED? THINK AGAIN! NEXT GENERATION ENDPOINT SECURITY

SO YOU THINK YOU ARE PROTECTED? THINK AGAIN! NEXT GENERATION ENDPOINT SECURITY SO YOU THINK YOU ARE PROTECTED? THINK AGAIN! NEXT GENERATION ENDPOINT SECURITY www.securelink.net BACKGROUND Macro trends like cloud and mobility change the requirements for endpoint security. Data can

More information

Cybowall Solution Overview

Cybowall Solution Overview Cybowall Solution Overview 1 EVOLVING SECURITY CHALLENGES 2 EXAMPLES OF CYBER BREACHES INCLUDING CARD DATA 2013: Adobe Systems Hackers raided an Adobe back-up server on which they found and published a

More information

Cognito Detect is the most powerful way to find and stop cyberattackers in real time

Cognito Detect is the most powerful way to find and stop cyberattackers in real time Overview Cognito Detect is the most powerful way to find and stop cyberattackers in real time HIGHLIGHTS Always-learning behavioral models use AI to find hidden and unknown attackers, enable quick, decisive

More information

Agile Security Solutions

Agile Security Solutions Agile Security Solutions Piotr Linke Security Engineer CISSP CISA CRISC CISM Open Source SNORT 2 Consider these guys All were smart. All had security. All were seriously compromised. 3 The Industrialization

More information

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client

More information

Copyright 2011 Trend Micro Inc.

Copyright 2011 Trend Micro Inc. Copyright 2011 Trend Micro Inc. 2008Q1 2008Q2 2008Q3 2008Q4 2009Q1 2009Q2 2009Q3 2009Q4 2010Q1 2010Q2 2010Q3 2010Q4 2011Q1 2011Q2 2011Q3 2011Q4 M'JPY Cloud Security revenue Q to Q Growth DeepSecurity/Hosted/CPVM/IDF

More information

BREAKTHROUGH CYBER SECURITY FREQUENTLY ASKED QUESTIONS

BREAKTHROUGH CYBER SECURITY FREQUENTLY ASKED QUESTIONS BREAKTHROUGH CYBER SECURITY FREQUENTLY ASKED QUESTIONS www.gbmstech.com What does GBMS Tech do? WE STOP MALWARE from running on your computers and mobile devices. We block CryptoLocker and Ransomware without

More information

2018 Cyber Security Predictions

2018 Cyber Security Predictions 2018 Cyber Security Predictions Rampa Manoonsin Country Manager, Thailand Symantec At a Glance 175M endpoints under protection $5B+ FY18E revenue 2100+ patents Leader in 4 Gartner MQs SWG, EPP, DLP and

More information

Securing Your Amazon Web Services Virtual Networks

Securing Your Amazon Web Services Virtual Networks Securing Your Amazon Web Services s IPS security for public cloud deployments It s no surprise that public cloud infrastructure has experienced fast adoption. It is quick and easy to spin up a workload,

More information

ForeScout ControlFabric TM Architecture

ForeScout ControlFabric TM Architecture ForeScout ControlFabric TM Architecture IMPROVE MULTI-VENDOR SOLUTION EFFECTIVENESS, RESPONSE AND WORKFLOW AUTOMATION THROUGH COLLABORATION WITH INDUSTRY-LEADING TECHNOLOGY PARTNERS. The Challenge 50%

More information

Intercepting WannaCry

Intercepting WannaCry Intercepting WannaCry Sophos Intercept-X Yannick Escudero Sales Engineer June 2017 Exploit Techniques vs Antivirus How (not) to test endpoint security software https://www.youtube.com/watch?v=aq2bucgqzjg

More information

Managed Endpoint Defense

Managed Endpoint Defense DATA SHEET Managed Endpoint Defense Powered by CB Defense Next-gen endpoint threat detection and response DEPLOY AND HARDEN. Rapidly deploy and optimize endpoint prevention with dedicated security experts

More information

Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat

Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat WHITE PAPER Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat Executive Summary Unfortunately, it s a foregone conclusion that no organisation is 100 percent safe

More information