AMP for Endpoints & Threat Grid
|
|
- Alexina Joseph
- 5 years ago
- Views:
Transcription
1
2 AMP for Endpoints & Threat Grid Response & Prevention Dean De Beer & Eric Hulse BRKSEC-2029
3 AMP Threat Grid Malware Analysis Engines & Techniques
4 A little background Malware Analysis & Threat Intelligence Appliance & Cloud delivery options Current DC: U.S East Coast Data Center U.S. UCS Data Center DC: U.S. UCS Data Center 2 EU UCS Data Center 1 Multiple API Options Integration Driven Scaling/Stability versus Features BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 4
5 Asymmetric Warfare: a conflict between opposing forces which differ greatly in military power and that typically involves the use of unconventional weapons and tactics
6 The Kernel Monitor Outside & invisible to the Guest OS Uses a map of symbols in select kernel functions Analyzes data coming through kernel functions trap defer=false, no_trap=false, arch=(), osver=(), hw=false For arguments of interest we extract interesting content Write data out to a series of files Analysis.json is produced and sent for further enrichment Define Trap Symbol Paths Monitor Set Handler Parse Arguments Raw Output Win Analyze Analysis.json No Is Trap Hit Yes BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 6
7 Dynamic Disk Analysis Forensic parsing of the physical disk MBR, Active & Inactive partitions Requires understanding of how we load VMs. Create snapshot of base image (control subject) Uses a clone of this image for analysis Keep log of changes at block/sector level Impossible to evade if persistence is required Invisible to the Guest OS Diff of changes is parsed Next we walk MFT for file name and location Produces a list of disk Modifications. BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 7
8 MBR Modification (Dark Seoul) "orig": "3\u00c0\u008e\u00d0\u00bc\u0000 \u00fbp\u0007p\u001f\u00fc\u00be\u001b \u00bf\u001b\u0006pw\u00b9\u 00e5\u0001\u00f3\u00a4\u00cb\u00bd\u00be\u0007\u00b1\u00048n\u0000 \tu\u0013\u0083\u00c5\u0010\u00e2 \u00f4\u00cd\u0018\u008b\u00f5\u0083\u00c6\u0010it\u00198,t\u00f6\u00a0\u00b5\u0007\u00b4\u0007\u008b\ u00f0\u00ac<\u0000t\u00fc\u00bb\u0007\u0000\u00b4\u000e\u00cd\u0010\u00eb\u00f2\u0088n\u0010\u00e8f\ u0000s*\u00fef\u0010\u0080~\u0004\u000bt\u000b\u0080~\u0004\ft\u0005\u00a0\u00b6\u0007u\u00d2\u0080f \u0002\u0006\u0083f\b\u0006\u0083v\n\u0000\u00e8!\u0000s\u0005\u00a0\u00b6\u0007\u00eb\u00bc\u0081> \u00fe}u\u00aat\u000b\u0080~\u0010\u0000t\u00c8\u00a0\u00b7\u0007\u00eb\u00a9\u008b\u00fc\u001ew\u00 8b\u00f5\u00cb\u00bf\u0005\u0000\u008aV\u0000\u00b4\b\u00cd\u ", "curr :"PRINCPESPRINCPESPRINCPESPRINCPESPRINCPESPRINCPESPRINCPESPRINCPESPRINCPESPR INCPESPRINCPESPRINCPESPRINCPESPRINCPESPRINCPESPRINCPESPRINCPESPRINCPESPRINCPESP RINCPESPRINCPESPRINCPESPRINCPESPRINCPESPRINCPESPRINCPESPRINCPESPRINCPESPRINCPES PRINCPESPRINCPESPRINCPESPRINCPESPRINCPESPRINCPESPRINCPESPRINCPESPRINCPESPRINCPE SPRINCPESPRINCPESPRINCPESPRINCPESPRINCPESPRINCPESPRINCPESPRINCPESPRINCPESPRINCP ESPRINCPESPRINCPESPRINCPESPRINCPESPRINCPESPRINCPESPRINCPESPRINCPESPRINCPESPRINC PESPRINCPES BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 8
9 User Land Instrumentation Set of tools providing user-land visibility (Cloak and Dagger) Dagger handles injection & data exfiltration Support various evasion techniques Cloak handles user-land monitoring Allows for gathering information that does not make it to the kernel Active Capability as well Sleep & Crypto APIs Manipulation. bexhb7i/z2bic0tnezmphxb/xyoaetikgatzx5w5&jqc5uq4amhpowvuty2urh!gs9bcpt7qczspg 6:31:20 AM PC Administrator Introduces a presence into Guest OS BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 9
10 BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 10
11 So it turns out that malware authors do not follow RFC s or standards of any type.
12 Artifact Static Analysis Multiple techniques for file-type identification Go based file parsers File is taken apart into component form & analyzed YARA rules on per-filetype basis Isolates crashes in static forensics Applied to all generated artifacts today Will be applied to incoming submissions shortly BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 12
13 BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 13
14 BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 14
15 Document Macros Checking External IP Ownership BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 15
16 Document Macros Enumerating Virtual Environment BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 16
17 Continuing Execution BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 17
18 Evasion Attempt Behaviors BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 18
19 So all this work and
20 Indicator Engine Observations Indicator Types Behavioral Static Malware Compromise Evasion Compound Feeds BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 20
21 Behavioral Indicators 675 Current Indicators Developed Weekly Additional 200 in Current Work Queue 400 in Backlog forensics attribute weakening artifact network enumeration malware file evasion persistence BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 21
22 BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 22
23 Ransomware Excessive Suspicious Activity Generic Ransomware Desktop Background Change Generic Ransom Note Shadow Copy Deletion BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 23
24 Inner Workings of a Compound Indicator BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 24
25 Behavioral Indicator BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 25
26 BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 26
27 Knowledge is partial and temporary without context there is no meaning.
28 Advanced Threat Research & Efficacy Team Drive Product Efficacy Create Detection Engines Content & Convictions Threat Research Advance Sandbox & Analysis Capabilities Advance Correlation Capabilities Produce Metrics & Reports BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 28
29 6,907,413 files were marked malicious in June leading to 514,015 Threat Detections and 113,509 Retrospective Detections on 226,873 endpoints across 2,131 businesses. BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 29
30 Cisco AMP Provides Unique Value Cisco Sandbox More than 19% of files convicted by Threat Grid did not exist in Virus Total at time of detection 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% 63% 58% 37% 75% 75% 33% 57% 42% 19% 67% % 90% 80% 32% 70% 60% 50% 40% 30% 20% 10% 0% Cisco Threat Intelligence Research More than 45% of files convicted by Talos did not exist in Virus Total at time of detection 36% 83% 17% 33% 35% 57% 43% 45% 55% Known to Virus Total Threat Grid Known to Virus Total Talos BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 30
31 AMP For Endpoints
32 Point-in-Time Defenses Automatically stop as many threats as possible, known and unknown One-to-one signature Offer better accuracy and dispositioning Fuzzy finger-printing Machine learning Improve to handle new & emerging threats Advanced analytics Dynamic analysis Protect your business with no lag BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 32
33 Point-in-time detection alone will never be 100% effective.
34 AMP Analysis AMP Retrospective Security Action In Cloud AMP Cloud AMP Cloud Threat Grid Sandbox Check Changes Change Interval Talos Who has seen these Files? Lookup Database DGA Talos Sandbox Parsing Analysis Initiate Retrospective Quarantine BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 34
35 Value of Retrospective Security 100% 90% 80% 70% 60% 50% 40% Restrospective Detection Detection 30% 20% 10% 0% BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 35
36 AMP & CTA CTA Alerts Directly in AMP Console BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 36
37 Virus Total & Research Lab Integrations Virus Total Data Research Labs Classification BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 37
38 Vulnerability Data CVE Associations Ranked by CVSS Score BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 38
39 Demo
40 Demo Summary Determined Delivery Method Remote File Fetch Due to Low Prevalence Sandbox Determined Sample Malicious Retrospectively Quarantined Enriched With Threat Grid Automated through API Cisco Brand Exchange BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 40
41 Advanced Threat & AMP Everywhere
42 The AMP Everywhere Architecture AMP Protection across the Extended Network for an Integrated Threat Defense AMP Threat Intelligence Cloud remote endpoints AMP for Endpoints AMP on Firepower NGIPS Appliance (AMP for Networks) Threat Grid Malware Analysis + Threat Intelligence Engine AMP Private Cloud Virtual Appliance AMP on Cisco ASA Firewall with Firepower Services AMP for Endpoints AMP on Web & Security Appliances CWS/CTA AMP on ISR with Firepower Services AMP on Cloud Web Security & Hosted Windows OS Android Mobile Virtual MAC OS CentOS, Red Hat Linux for datacenters AMP for Endpoints can be launched from AnyConnect BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 42
43 We are buried beneath the weight of information which is being confused with knowledge.
44 AMP Response Incident Response & Orchestration
45 I want to enrich all events and alerts so that I can detect, prioritize, correlate and respond to incidents by taking advantage of the capabilities of my infrastructure, effectively reducing the time to respond and remediate.
46 All Responders want: A Systemic response to attacks Context and cross-product intelligence for all phases of an attack To identify the scope and criticality of a breach To assess containment and remediation while taking risk of remediation actions into account To enable automation to better deal with enrichment and response actions Overall management with better integrations BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 46
47 BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 47
48 Reminders
49 Complete Your Online Session Evaluation Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card. Complete your session surveys through the Cisco Live mobile app or from the Session Catalog on CiscoLive.com/us. Don t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 49
50 Continue Your Education Advanced Malware Protection [BRKSEC-2139] Eric Howard, Technical Marketing Engineer, Cisco Thursday, Jul 14, 10:30 a.m. BRKSEC Cisco and/or its affiliates. All rights reserved. Cisco Public 50
51 Thank you
52
Cisco Advanced Malware Protection. May 2016
Cisco Advanced Malware Protection May 2016 The Reality Organizations Are Under Attack and Malware Is Getting in 95% of large companies targeted by malicious traffic 100% Cybercrime is lucrative, barrier
More informationCisco Security. Advanced Malware Protection. Guillermo González Security Systems Engineer Octubre 2017
Cisco Security Advanced Malware Protection Guillermo González Security Systems Engineer Octubre 2017 The New Security Model Attack Continuum Before During After Before Discover During Detect After Scope
More informationHow to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption
How to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption Nikos Mourtzinos, CCIE #9763 Cisco Cyber Security Sales Specialist April 2018 New
More informationCisco Advanced Malware Protection against WannaCry
Cisco Advanced Malware Protection against WannaCry "A false sense of security is worse than a true sense of insecurity" Senad Aruc Consulting Systems Engineer Advanced Threats Group Nils Roald Advanced
More informationCisco AMP Solution. Rene Straube CSE, Cisco Germany January 2017
Cisco AMP Solution Rene Straube CSE, Cisco Germany January 2017 The AMP Everywhere Architecture AMP Protection Across the Extended Network for an Integrated Threat Defense AMP Threat Intelligence Cloud
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats You have a mandate to build and secure a network that supports ongoing innovation Mobile access Social collaboration Public / private hybrid
More informationCisco Advanced Malware Protection for Endpoints. Donald J Case BizCare, Inc. Saturday, May 19, 2018
Cisco Advanced Malware Protection for Endpoints Donald J Case, Inc. Saturday, May 19, 2018 Every single attack that an organization experiences is either on an endpoint or it s headed there Malware is
More informationCisco Cloud Security. How to Protect Business to Support Digital Transformation
Cisco Cloud Security How to Protect Business to Support Digital Transformation Dragan Novakovic Cybersecurity Consulting Systems Engineer January 2018. Security Enables Digitization Digital Disruption,
More informationCisco Advanced Malware Protection for Endpoints
Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview Organizations today are under the constant threat of cyber attack, and security breaches happen every day. Cisco Advanced Malware
More informationInnovative Cisco Security- Lösungen für den Endpoint Das Alpha und Omega unsere Next Gen Security
Innovative Cisco Security- Lösungen für den Endpoint Das Alpha und Omega unsere Next Gen Security Sven Kutzer Consulting Systems Engineer GSSO - CYBERSECURITY SALES Mittwoch, 7. März 2018 Challenges 2017
More informationAgile Security Solutions
Agile Security Solutions Piotr Linke Security Engineer CISSP CISA CRISC CISM Open Source SNORT 2 Consider these guys All were smart. All had security. All were seriously compromised. 3 The Industrialization
More informationMcAfee Endpoint Threat Defense and Response Family
Defense and Family Detect zero-day malware, secure patient-zero, and combat advanced attacks The escalating sophistication of cyberthreats requires a new generation of protection for endpoints. Advancing
More informationThreat Centric Network Security
BRKSEC-2056 Threat Centric Network Security Ted Bedwell, Principal Engineer Network Threat Defence Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this
More informationAdvanced Malware Protection: A Buyer s Guide
Advanced Malware Protection: A Buyer s Guide What You Will Learn This document will identify the essential capabilities you need in an advanced malware protection solution, the key questions you should
More informationAby se z toho bezpečnostní správci nezbláznili Cisco security integrace. Milan Habrcetl Cisco CyberSecurity Specialist Mikulov, 5. 9.
Aby se z toho bezpečnostní správci nezbláznili aneb Cisco security integrace Aby se z toho bezpečnostní správci nezbláznili Cisco security integrace Milan Habrcetl Cisco CyberSecurity Specialist Mikulov,
More informationHow to build a multi-layer Security Architecture to detect and remediate threats in real time
How to build a multi-layer Security Architecture to detect and remediate threats in real time Nikos Mourtzinos, CCIE #9763 Cisco Cyber Security Sales Specialist March 2018 Agenda Cisco Strategy Umbrella
More informationAlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment
BRKPAR-2488 AlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment Edy Almer How to Secure and Automate Your Heterogeneous Cisco Environment Yogesh Kaushik, Senior Director Cisco Doug
More informationCisco Advanced Malware Protection (AMP) for Endpoints Security Testing
Cisco Advanced Malware Protection (AMP) for Endpoints Security Testing 7 September 2018 DR180821E Miercom.com www.miercom.com Contents 1.0 Executive Summary... 3 2.0 Test Summary... 4 3.0 Product Tested...
More informationAdvanced Malware Protection. Dan Gavojdea, Security Sales, Account Manager, Cisco South East Europe
Advanced Malware Protection Dan Gavojdea, Security Sales, Account Manager, Cisco South East Europe How would you do security differently if you knew you were going to be hacked? Security Challenges Changing
More informationCisco Threat Grid Integrations with Web, and Endpoint Security
Cisco Threat Grid Integrations with Web, Email and Endpoint Security Moritz Wenz, Manager Systems Engineering, Advanced Threat Solutions Rene Straube, Consulting Systems Engineer, Advanced Threat Solutions
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats Digital Transformation on a Massive Scale 15B Devices Today Attack Surface 500B Devices In 2030 Threat Actors $19T Opportunity Next 10 Years
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by behavior-based threat detection and intelligent automation.
More informationTanium Endpoint Detection and Response. (ISC)² East Bay Chapter Training Day July 13, 2018
Tanium Endpoint Detection and Response (ISC)² East Bay Chapter Training Day July 13, 2018 $> WhoamI 11 Years of Security Experience Multiple Verticals (Technology, Industrial, Healthcare, Biotech) 9 Years
More informationCisco Tetration Analytics
Cisco Tetration Analytics Real-time application visibility and policy management using advanced analytics Yogesh Kaushik, Sr. Director Product Management PSOACI-2100 Agenda Market context Introduction:
More informationBuilding a Threat-Based Cyber Team
Building a Threat-Based Cyber Team Anthony Talamantes Manager, Defensive Cyber Operations Todd Kight Lead Cyber Threat Analyst Sep 26, 2017 Washington, DC Forward-Looking Statements During the course of
More informationSymantec Ransomware Protection
Symantec Ransomware Protection Protection Against Ransomware Defense in depth across all control points is required to stop ransomware @ Email Symantec Email Security.cloud, Symantec Messaging Gateway
More informationMcAfee Complete Endpoint Threat Protection Advanced threat protection for sophisticated attacks
McAfee Complete Endpoint Threat Protection Advanced threat protection for sophisticated attacks Key Advantages Stay ahead of zero-day threats, ransomware, and greyware with machine learning and dynamic
More informationDATA SHEET RSA NETWITNESS ENDPOINT DETECT UNKNOWN THREATS. REDUCE DWELL TIME. ACCELERATE RESPONSE.
RSA NETWITNESS ENDPOINT DETECT UNKNOWN THREATS. REDUCE DWELL TIME. ACCELERATE RESPONSE. KEY CUSTOMER BENEFITS: Gain complete visibility into all endpoints, regardless of whether they are on or off the
More informationCisco Security Exposed Through the Cyber Kill Chain
Cisco Forschung & Lehre Forum für Mecklenburg Vorpommern Cisco Security Exposed Through the Cyber Kill Chain Rene Straube CSE, Cisco Advanced Threat Solutions January, 2017 The Cisco Security Model BEFORE
More informationKey Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.
Key Technologies for Security Operations 2 Traditional Security Is Not Working 97% of breaches led to compromise within days or less with 72% leading to data exfiltration in the same time Source: Verizon
More informationGladiator Incident Alert
Gladiator Incident Alert Allen Eaves Sabastian Fazzino FINANCIAL PERFORMANCE RETAIL DELIVERY IMAGING PAYMENT SOLUTIONS INFORMATION SECURITY & RISK MANAGEMENT ONLINE & MOBILE 1 2016 Jack Henry & Associates,
More informationAppDefense Cb Defense Configuration Guide. AppDefense Appendix Cb Defense Integration Configuration Guide
AppDefense Appendix Cb Defense Integration Configuration Guide Table of Contents Overview 3 Requirements 3 Provision API Key for Cb Defense Integration 3 Figure 1 Integration Type 4 Figure 2 API Key Provisioning
More informationIntelligent Cyber Security for Real World
Intelligent Cyber Security for Real World Simone Posti Security Account Manager Cisco GSSO June 2016 The Security Challenges Without integrated security, our data is at risk 60% of data is stolen in HOURS
More informationFirewall nové generace na platformě SF, přístupové politiky, analýza souborů, FireAMP a trajektorie útoků
Firewall nové generace na platformě SF, přístupové politiky, analýza souborů, FireAMP a trajektorie útoků Jiří Tesař, CSE Security, jitesar@cisco.com CCIE #14558, SFCE #124266 Mapping Technologies to the
More informationCisco Advanced Malware Protection for Networks
Data Sheet Cisco Advanced Malware Protection for Networks Product Overview Fighting malware effectively today requires new approaches, strategies, and technologies. Cisco Advanced Malware Protection (AMP)
More informationMAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER
MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER Bret Hartman Cisco / Security & Government Group Session ID: SPO1-W25 Session Classification: General Interest 1 Mobility Cloud Threat Customer centric
More informationThe Internet of Everything is changing Everything
The Internet of Everything is changing Everything Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763 Global Security Sales Organization Changing Business Models Any Device
More informationMcAfee Advanced Threat Defense
Advanced Threat Defense Detect advanced malware Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike
More informationCisco Advanced Malware Protection for Networks
Data Sheet Cisco Advanced Malware Protection for Networks Product Overview Fighting malware effectively today requires new approaches, strategies, and technologies. Cisco Advanced Malware Protection (AMP)
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by machine learning and intelligent automation. By rethinking
More informationSecure solutions for advanced threats
Secure solutions for advanced email threats Threat-centric email security Cosmina Calin Virtual System Engineer November 2016 Get ahead of attackers with threat-centric security solutions In our live Security
More informationCisco Firepower NGIPS Tuning and Best Practices
Cisco Firepower NGIPS Tuning and Best Practices John Wise, Security Instructor High Touch Delivery, Cisco Learning Services CTHCRT-2000 Cisco Spark How Questions? Use Cisco Spark to communicate with the
More informationATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK
PARTNER BRIEF ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK INTRODUCTION Attivo Networks has partnered with Cisco Systems to provide advanced real-time inside-the-network
More informationSOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.
More informationSourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data
SEE everything in your environment LEARN by applying security intelligence to data ADAPT defenses automatically ACT in real-time Sourcefire Solutions Overview Security for the Real World Change is constant.
More informationWe re ready. Are you?
We re ready. Are you? Defense against Multi-Vector Threats with Cisco Email and Web Security Usman Din Consulting Systems Engineer Agenda Threat Landscape Email and Web Solutions: Reputation Filtering
More informationStopping Advanced Persistent Threats In Cloud and DataCenters
Stopping Advanced Persistent Threats In Cloud and DataCenters Frederik Van Roosendael PSE Belgium Luxembourg 10/9/2015 Copyright 2013 Trend Micro Inc. Agenda How Threats evolved Transforming Your Data
More informationEliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat
WHITE PAPER Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat Executive Summary Unfortunately, it s a foregone conclusion that no organisation is 100 percent safe
More informationRSA NetWitness Suite Respond in Minutes, Not Months
RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations
More informationwith Advanced Protection
with Advanced Email Protection OVERVIEW Today s sophisticated threats are changing. They re multiplying. They re morphing into new variants. And they re targeting people, not just technology. As organizations
More informationUn SOC avanzato per una efficace risposta al cybercrime
Un SOC avanzato per una efficace risposta al cybercrime Identificazione e conferma di un incidente @RSAEMEA #RSAEMEASummit @masiste75 Mauro Costantini - Presales Consultant Agenda A look into the threat
More informationCloudSOC and Security.cloud for Microsoft Office 365
Solution Brief CloudSOC and Email Security.cloud for Microsoft Office 365 DID YOU KNOW? Email is the #1 delivery mechanism for malware. 1 Over 40% of compliance related data in Office 365 is overexposed
More informationProtection - Before, During And After Attack
Advanced Malware Protection for FirePOWER TM BENEFITS Continuous detection of malware - immediately and retrospectively Inline detection of sophisticated malware that evades traditional network protections
More informationBuilding Resilience in a Digital Enterprise
Building Resilience in a Digital Enterprise Top five steps to help reduce the risk of advanced targeted attacks To be successful in business today, an enterprise must operate securely in the cyberdomain.
More informationTHE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson
THE RSA NETWITNESS SUITE REINVENT YOUR SIEM Presented by: Walter Abeson 1 Reality Goals GOALS VERSUS REALITY OF SIEM 1.0 Single compliance & security interface Analyze & prioritize alerts across various
More informationAn Investment Checklist
Next-Generation Addressing Advanced Firewalls: Web Threats Next-Generation Firewalls: What You Will Learn When you buy a next-generation firewall (NGFW), you want to determine whether the solution can
More informationStop Threats Before They Stop You
Stop Threats Before They Stop You Gain visibility and control as you speed time to containment of infected endpoints Andrew Peters, Sr. Manager, Security Technology Group Agenda Situation System Parts
More informationAutomated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security Chris Van Den Abbeele, Global Solution Architect, Trend
SAI3314BES Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security Chris Van Den Abbeele, Global Solution Architect, Trend Micro #VMworld #SAI3314BES Automated Security
More informationCisco Cyber Threat Defense Solution 1.0
Cisco Cyber Threat Defense Solution 1.0 Contents 1. Introduction to the Cisco Cyber Threat Defense Solution 1.0 2. Technical overview of the Cisco Cyber Threat Defense Solution 1.0 3. Using the Cisco Cyber
More informationCisco ASA 5500-X NGFW
Cisco ASA 5500-X NGFW Sieťová ochrana pre malé a stredné podniky pred modernými hrozbami Peter Mesjar CCIE 17428, Systémový Inžinier, Cisco What are we going to talk about Problem is THREATS How today
More informationAutomated Response in Cyber Security SOC with Actionable Threat Intelligence
Automated Response in Cyber Security SOC with Actionable Threat Intelligence while its biggest weakness is lack of visibility: SOCs still can t detect previously unknown threats, which is a consistent
More informationBitdefender GravityZone. Supreme protection against active threats for the SMB market
Bitdefender GravityZone Supreme protection against active threats for the SMB market Remain secure with industry-leading cybersecurity software Zero-day threats, viruses, and ransomware are prevalent in
More informationSandBlast Agent FAQ Check Point Software Technologies Ltd. All rights reserved P. 1. [Internal Use] for Check Point employees
SandBlast Agent FAQ What is Check Point SandBlast Agent? Check Point SandBlast Agent defends endpoints and web browsers with a complete set of realtime advanced browser and endpoint protection technologies,
More informationAgenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options
Agenda Why we need a new approach to endpoint security Introducing Sophos Intercept X Demonstration / Feature Walk Through Deployment Options Q & A 2 Endpoint Security has reached a Tipping Point Attacks
More informationBITDEFENDER GRAVITYZONE TANEL JEVSTIGNEJEV ALTACOM
BITDEFENDER GRAVITYZONE TANEL JEVSTIGNEJEV ALTACOM BUKAREST RUMEENIA KASUTAJAID 500 000 000+ THE MOST ADVANCED CYBERSECURITY IN THE WORLD BITDEFENDER CLOUD 11 000 000 000+ PÄRINGUT PÄEVAS ÜLE 120 OEM PARTNERI
More informationCisco Next Generation Firewall and IPS. Dragan Novakovic Security Consulting Systems Engineer
Cisco Next Generation Firewall and IPS Dragan Novakovic Security Consulting Systems Engineer Cisco ASA with Firepower services Cisco TALOS - Collective Security Intelligence Enabled Clustering & High Availability
More informationSynchronized Security
Synchronized Security 2 Endpoint Firewall Synchronized Security Platform and Strategy Admin Manage All Sophos Products Self Service User Customizable Alerts Partner Management of Customer Installations
More informationCognitive Threat Analytics Tech update
Cognitive Threat Analytics Tech update Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified Consulting Systems Engineer, Cyber Security, Denmark CTA CTA CTA Cognitive Threat Analytics
More informationIncident Response Agility: Leverage the Past and Present into the Future
SESSION ID: SPO1-W03 Incident Response Agility: Leverage the Past and Present into the Future Torry Campbell CTO, Endpoint and Management Technologies Intel Security The Reality we Face Reconnaissance
More informationDynamic Datacenter Security Solidex, November 2009
Dynamic Datacenter Security Solidex, November 2009 Deep Security: Securing the New Server Cloud Virtualized Physical Servers in the open Servers virtual and in motion Servers under attack 2 11/9/09 2 Dynamic
More informationKey Security Measures to Enable Next-Generation Data Center Transformation
Key Security Measures to Enable Next-Generation Data Center Transformation Bill McGee Senior Manager, Security Solutions Cisco Systems, Inc. Agenda Data Center Security Challenges Secure DC Strategies
More informationSustainable Security Operations
Sustainable Security Operations Optimize processes and tools to make the most of your team s time and talent The number and types of security incidents organizations face daily are steadily increasing,
More informationThreat Centric Vulnerability Management
Threat Centric Vulnerability Management Q. Which vulnerabilities should I address first? A. Your EXPOSED vulnerabilities AND the ones criminals are using. Agenda Understanding exploited vulnerabilities
More informationCisco ASA with FirePOWER Services
Cisco ASA with FirePOWER Services TDM Thomas Jankowsky Consulting Systems Engineer May 2015 Introduction Industry s First Threat-Focused Next-Generation Firewall (NGFW) Proven Cisco ASA firewalling Industry-leading
More informationAgenda: Insurance Academy Event
Agenda: Insurance Academy Event Drs Ing René Pluis MBA MBI Cyber Security Lead, Country Digitization Acceleration program the Netherlands The Hague, Thursday 16 November Introduction Integrated Security
More informationYes, You can protect your endpoints! Szilard Csordas, Security Consultant scsordas [at] cisco.com
Yes, You can protect your endpoints! Szilard Csordas, Security Consultant scsordas [at] cisco.com Endpoint Footprint Problem: TOO MANY AGENTS! Anti-Virus/Anti-Spyware agent IPSec/SSLVPN agent Host IPS/FW
More informationDetecting breach. There are only two types of organisations in the world... Terry Greer-King Director, Cyber security, UK & Africa May 2017
Feeling lucky? Detecting breach There are only two types of organisations in the world... Terry Greer-King Director, Cyber security, UK & Africa May 2017 Industry average is 100 days to detect a breach,
More informationImproved C&C Traffic Detection Using Multidimensional Model and Network Timeline Analysis
Improved C&C Traffic Detection Using Multidimensional Model and Elad Menahem Avidan Avraham Modern Threats Are More Sophisticated & Evasive CYBER KILL CHAIN: Infection Phase Post-Infection Recon Weaponization
More informationDelivering Integrated Cyber Defense for the Cloud Generation Darren Thomson
Delivering Integrated Cyber Defense for the Generation Darren Thomson Vice President & CTO, EMEA Region Symantec In 2009 there were 2,361,414 new piece of malware created. In 2015 that number was 430,555,582
More informationCisco Advanced Malware Protection
Cisco Advanced Malware Protection Security Webinar Nikos Mourtzinos, CCIE#9763 Cisco Security Product Sales Specialist October 2016 Agenda AMP Malware - Today s Reality Cisco AMP Solution Components &
More informationTHE ACCENTURE CYBER DEFENSE SOLUTION
THE ACCENTURE CYBER DEFENSE SOLUTION A MANAGED SERVICE FOR CYBER DEFENSE FROM ACCENTURE AND SPLUNK. YOUR CURRENT APPROACHES TO CYBER DEFENSE COULD BE PUTTING YOU AT RISK Cyber-attacks are increasingly
More informationADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY
ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY OUTLINE Advanced Threat Landscape (genv) Why is endpoint protection essential? Types of attacks and how to prevent them
More informationThe Next Generation Security Platform. Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy
The Next Generation Security Platform Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy The Next Generation Enterprise Security Platform Core Value Proposition An Enterprise Security
More informationProactive Approach to Cyber Security
Proactive roach to Cyber Security Jeffrey Neo Sales Director HP Enterprise Security Products Customers struggle to manage the security challenge Today, security is a board-level agenda item 2 Trends driving
More informationSourcefire and ThreatGrid. A new perspective on network security
Sourcefire and ThreatGrid A new perspective on network security Agenda An overview of traditional IPS solutions Next-Generation IPS Requirements Sourcefire Next-Generation IPS Advanced Malware Protection
More informationMODERN DESKTOP SECURITY
MODERN DESKTOP SECURITY I M GOING TO BE HONEST. WE RE IN THE FIGHT OF OUR DIGITAL LIVES, AND WE ARE NOT WINNING! M I C H A E L M C C A U L, C H A I R M A N, U S H O M E L A N D S E C U R I T Y C O M M
More informationSecuring the Modern Data Center with Trend Micro Deep Security
Advania Fall Conference Securing the Modern Data Center with Trend Micro Deep Security Okan Kalak, Senior Sales Engineer okan@trendmicro.no Infrastructure change Containers 1011 0100 0010 Serverless Public
More informationRSA ECAT DETECT, ANALYZE, RESPOND!
RSA ECAT DETECT, ANALYZE, RESPOND! Cyber Threat Landscape Attack surface (& attackers) expanding Web app Existing strategies & controls are failing Laptop EHR Firewall Attacks sophistication on the rise
More informationSourcefire Network Security Analytics: Finding the Needle in the Haystack
Sourcefire Network Security Analytics: Finding the Needle in the Haystack Mark Pretty Consulting Systems Engineer #clmel Agenda Introduction The Sourcefire Solution Real-time Analytics On-Demand Analytics
More informationProduct Roadmap Symantec Endpoint Protection Suzanne Konvicka & Paul Murgatroyd
Product Roadmap Symantec Endpoint Protection Suzanne Konvicka & Paul Murgatroyd Symantec Endpoint Protection Product Roadmap 1 Safe Harbor Disclaimer Any information regarding pre-release Symantec offerings,
More informationDesign and Deployment of SourceFire NGIPS and NGFWL
Design and Deployment of SourceFire NGIPS and NGFWL BRKSEC - 2024 Marcel Skjald Consulting Systems Engineer Enterprise / Security Architect Abstract Overview of Session This technical session covers the
More informationThreat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ
Threat Containment and Operations Yong Kwang Kek, Director of Presales SE, APJ 2018-07-19 1 1 2017 Infoblox Inc. All Rights 2013 Infoblox Inc. All Reserved. Rights Reserved. Three Aspects of Security #1
More informationBenefits of SDN Modeling and Analytics tool for complex Service Provider Network
Benefits of SDN Modeling and Analytics tool for complex Service Provider Network George Backer, Senior Director, Charter Communications Manish Jani, Senior Architect, Cisco Systems BRKNMS-1010 BRKNMS-1010
More informationPassit4Sure (50Q) Cisco Advanced Security Architecture for System Engineers
Passit4Sure.500-265 (50Q) Number: 500-265 Passing Score: 800 Time Limit: 120 min File Version: 5.8 Cisco 500-265 Advanced Security Architecture for System Engineers Today is big day for me as I passed
More informationUSM Anywhere AlienApps Guide
USM Anywhere AlienApps Guide Updated April 23, 2018 Copyright 2018 AlienVault. All rights reserved. AlienVault, AlienApp, AlienApps, AlienVault OSSIM, Open Threat Exchange, OTX, Unified Security Management,
More informationWITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:
SOLUTION OVERVIEW: ALERT LOGIC THREAT MANAGER WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE Protecting your business assets and sensitive data requires regular vulnerability assessment,
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationHow to Identify Advanced Persistent, Targeted Malware Threats with Multidimensional Analysis
White paper How to Identify Advanced Persistent, Targeted Malware Threats with Multidimensional Analysis AhnLab, Inc. Table of Contents Introduction... 1 Multidimensional Analysis... 1 Cloud-based Analysis...
More informationSecuring the Software-Defined Data Center
Securing the Software-Defined Data Center The future of the data center is software defined Key Advantages McAfee Network Platform 8.4 Delivers best-in-class IPS security across physical and softwaredefined
More information