Next Generation Endpoint Security Confused?

Similar documents
Symantec Ransomware Protection

Securing the Modern Data Center with Trend Micro Deep Security

The Invisible Threat of Modern Malware Lee Gitzes, CISSP Comm Solutions Company

Application Whitelisting and Active Analysis Nick Levay, Chief Security Officer, Bit9

SentinelOne Technical Brief

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

Endpoint Protection : Last line of defense?

Synchronized Security

SentinelOne Technical Brief

CloudSOC and Security.cloud for Microsoft Office 365

A Comprehensive CyberSecurity Policy

Cisco Advanced Malware Protection against WannaCry

THE ACCENTURE CYBER DEFENSE SOLUTION

Advanced Endpoint Protection

Maximum Security with Minimum Impact : Going Beyond Next Gen

exam. Number: Passing Score: 800 Time Limit: 120 min File Version: CHECKPOINT

Getting over Ransomware - Plan your Strategy for more Advanced Threats

Datacenter Security: Protection Beyond OS LifeCycle

KASPERSKY ENDPOINT SECURITY FOR BUSINESS

MODERN DESKTOP SECURITY

Gladiator Incident Alert

SECURITY PLATFORM FOR HEALTHCARE PROVIDERS

Symantec Endpoint Protection

Threat Landscape vs Threat Management. Thomas Ludvik Næss Country Manager

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

Trend Micro. Apex One as a Service / Apex One. Best Practice Guide for Malware Protection. 1 Best Practice Guide Apex One as a Service / Apex Central

Symantec Endpoint Protection 12

TRAPS ADVANCED ENDPOINT PROTECTION

TRAPS ADVANCED ENDPOINT PROTECTION

McAfee Embedded Control

Symantec & Blue Coat Technical Update Webinar 29. Juni 2017

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

ein wichtiger Baustein im Security Ökosystem Dr. Christian Gayda (T-SEC) und Ingo Kruckewitt (Symantec)

Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options

Moving Beyond Prevention: Proactive Security with Integrity Monitoring

Annexure E Technical Bid Format

Audience. Overview. Enterprise Protection Platform for PCI DSS & HIPAA Compliance

Zero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection

Securing the SMB Cloud Generation

Symantec Endpoint Protection 14

SO YOU THINK YOU ARE PROTECTED? THINK AGAIN! NEXT GENERATION ENDPOINT SECURITY

SYMANTEC DATA CENTER SECURITY

Simple and Powerful Security for PCI DSS

The Next Generation Security Platform. Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy

Security Architect Northeast US Enterprise CISSP, GCIA, GCFA Cisco Systems. BRKSEC-2052_c Cisco Systems, Inc. All rights reserved.

Barracuda Advanced Threat Protection. Bringing a New Layer of Security for . White Paper

Incident Response Agility: Leverage the Past and Present into the Future

Building Resilience in a Digital Enterprise

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

Next Generation Enduser Protection

WHY ANTIVIRUS WILL NEVER DIE ADVANCED DETECTION FOR DUMMIES EDDY WILLEMS SECURITY EVANGELIST

Stopping Advanced Persistent Threats In Cloud and DataCenters

6 KEY SECURITY REQUIREMENTS

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Copyright 2011 Trend Micro Inc.

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Cisco Ransomware Defense The Ransomware Threat Is Real

The Top 6 WAF Essentials to Achieve Application Security Efficacy

Trend Micro and IBM Security QRadar SIEM

Consumerization. Copyright 2014 Trend Micro Inc. IT Work Load

The Evolution of Data Center Security, Risk and Compliance

How WebSafe Can Protect Customers from Web-Based Attacks. Mark DiMinico Sr. Mgr., Systems Engineering Security

Carbon Black PCI Compliance Mapping Checklist

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

Introducing MVISION. Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls. Jon Parkes.

3 Ways to Prevent and Protect Your Clients from a Cyber-Attack. George Anderson Product Marketing Director Business October 31 st 2017

Un SOC avanzato per una efficace risposta al cybercrime

CipherCloud CASB+ Connector for ServiceNow

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems

Cisco s Appliance-based Content Security: IronPort and Web Security

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

Seqrite Endpoint Security

Intel Security Advanced Threat Defense Threat Detection Testing

AV is Dead! Is AV Dead? AV is Dead! Is AV Dead?

CYBER SECURITY. formerly Wick Hill DOCUMENT* PRESENTED BY I nuvias.com/cybersecurity I

AT&T Endpoint Security

CS 356 Operating System Security. Fall 2013

UP L13: Leveraging the full protection of SEP 12.1.x

100% Endpoint Protection dank Machine Learning, EDR & Deception?

WHITE PAPER. AirGap. The Technology That Makes Isla a Powerful Web Malware Isolation System

How to Identify Advanced Persistent, Targeted Malware Threats with Multidimensional Analysis

Symantec Endpoint Protection Family Feature Comparison

Stop Ransomware In Its Tracks. Chris Chaves Channel Sales Engineer

CIS Controls Measures and Metrics for Version 7

Seamless Security in the Age of Cloud Services: Securing SaaS Applications & Cloud Workloads

Tanium Endpoint Detection and Response. (ISC)² East Bay Chapter Training Day July 13, 2018

with Advanced Protection

Outwit Cyber Criminals with Comprehensive Malware and Exploit Protection.

CIS Controls Measures and Metrics for Version 7

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

PineApp Mail Secure SOLUTION OVERVIEW. David Feldman, CEO

SandBlast Agent FAQ Check Point Software Technologies Ltd. All rights reserved P. 1. [Internal Use] for Check Point employees

Lecture 12 Malware Defenses. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Bailey s ECE 422

First Look Showcase. Expanding our prevention, detection and response solutions. Marco Rottigni Chief Technical Security Officer, Qualys, Inc.

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

Product Roadmap Symantec Endpoint Protection Suzanne Konvicka & Paul Murgatroyd

At a Glance: Symantec Security.cloud vs Microsoft O365 E3

MOBILE THREAT LANDSCAPE. February 2018

WHITEPAPER ENDPOINT DETECTION AND RESPONSE BEYOND ANTIVIRUS PROACTIVE THREAT HUNTING AT THE ENDPOINT

Transcription:

SESSION ID: CEM-W06 Next Generation Endpoint Security Confused? Greg Day VP & Chief Security Officer, EMEA Palo Alto Networks @GreDaySecurity

Brief Intro

Questions we will answer Do I need a new (NG) endpoint security capability? What are the different between traditional and NG? What are the techniques available? How do I evaluate which is best for me? What does the the future endpoint security stack look like? What factors should I consider? 3

Is the endpoint actually failing?

What simulated this debate: Evolution!

TeslaCrypt ransomware: splicing together new attacks Taken from Crypto locker Obfuscation from Carberp 2013 source code posted on Russian Forum And mimics CryptoWall Also leverages dynamic library & function loading

SAMSA (aka SAMAS, MOKOPONI) Ransomware & targeted (APT techniques) Targeted attack + ransomware Over $70k in BTC payments to attackers Entry point to network (targeted) network mapped for victims SamSa deployed Smaller demands per-pc infection, larger per-company 2 interesting payments of 40 BTC, Feb 3 rd and 5 th

Traditional endpoint security

Traditional Endpoint

Anti-Virus Not just signatures Leveraging the Cloud McAfee Artemis (faster patterns) GTI Symantec Insight (file reputation) GIN Heuristics/Generic Detection Generic detection malware family based pattern Pattern match for threat attribute Symantec Sonar updated and customizable heuristics In memory process scanning (Where no files written to disk)

Other traditional approaches: Application control/system lockdown/hids/fw Common techniques based around Pattern match for known exploits (IDS/IPS) McAfee Buffer Overflow protection System lockdown (whitelist/backlisting) Communications, Applications, File integrity Account based & IR response policies Microsoft Application protection The Good, Bad and Ugly Tuning, tuning, tuning Manual or snapshot Only as strong as the levels of lockdown Lightweight, No Updates, just versions updates

Summary Traditional techniques Block known bads (sigs) Exploit detection (IDS/IPS) Black & White listing Behavioral bad characteristics 12 2015, Palo Alto Networks.

NG endpoint techniques 13

Static analysis Can be more than just MD5 signatures Balancing signatures against performance? Everything versus what in the wild Need to link to unknown detection capabilities Static Analysis File Anomaly Detection Static Signatures String & Code Block Detection Machine Learning & Static Analysis 14

NG: Machine Learning Looking at the building blocks of an attack Typically done on machine Requires current knowledge of how attacks are functioning Typically deterministic scoring Been used in SPAM engines for years 15

NG: behavioral analysis techniques Replacement for heuristics/anomaly detection tools Buffer Overflow = Buffer Overflow x1000 variations Exploit techniques, rather than anomaly detection Compromise techniques, rather than blocking registry & file Individual Attacks 1,000s Software Vulnerability Exploits Thousands of new vulnerabilities and exploits 1,000,000s Malware Millions of new malware variations 16 Core Techniques 2-4 Exploitation Techniques Only two to four new exploit techniques ~10s Malware Techniques Tens of new malware sub-techniques

NG: Statistical/mathmatical analysis Commonly used for Detection & Forensic analysis Often used in conjunction with behavioral detection techniques Anomaly detection (scope will influence accuracy) Accuracy often leverages additional techniques, to prevent Big data lookups (DNS, File VirusTotal, etc..) Reverse heuristics (can be looking to validate known good) Forensics (value depends on what data you pass to it) The scale and scope of data it can analysis Real time, historic (how far: back 24-48hrs, longer?) Time taken to gather the results (computing power to process data volumes) 17

NG: Self discovery - Sandboxing Provides Emulation to see the real behavior Validation of what happens, see s whole attack Allows broad gathering of IOC data Requires CPU power to deal with volume Where to put the Sandbox (Speed vs CPU power) On Device or network Browser, APPs or OS In the Cloud Hybrid Anti-sandbox evasion techniques detection

Confidence in the process. supporting the greater good 19

Summary Evolution of techniques Traditional techniques Block known bads (sigs) Exploit detection White & black listing Behavioral bad characteristics NG techniques Static analysis Behavioral techniques & threat specific whitelisting (playbooks) Sandboxing Machine learning Big data (statistical/mathmatical analysis)

How much confidence to block/act? Gather Intelligence Leverage Exploit Execute Malware Control Channel Steal Data 20% 80% 40% 60% 23

How do I measure effectiveness? What are you looking to test? Ability to detect zero day threats What level of breach is acceptable to you? Ransomware Ability to detect traditional threats What testing? Independent tests AV-comparitives, SELabs, NSS labs, AV-Test, etc In- house testing Detection Manageability How does endpoint security fit into your broader ecosystem? 22

Endpoint security is more than detection/prevention 23

Player, play, playbook Gather Intel Leverage Exploit Execute Malware Control Channel Steal Data

Campaigns

Protection in depth = NG techniques together Quarantine Program Block Restricted Malicious Malicious User Attempts to Execute a Program Check Hash Against Override Policies No Match No Match Unknown Check Against List of Trusted Publishers Check Hash with WildFire Sandbox Conduct Static Analysis Submit Program to WildFire for Analysis Allowed Trusted Benign Benign Check Execution Restrictions Restricted Allowed Block Run 23

Building the endpoint stack for the future.. Encryption DLP Patch management White/black listing Firewall Anti-Spyware Anti-Virus DLP Patch management Encryption Forensics Static analysis Machine based learning Sanboxing Behavioural analysis Policy controls

So does all this this work? Endpoint analysis Network analysis Whole IT ecosystem analysis

Building out the security platform Defragmenting the broader capabilities

Other things to consider? Think big picture and long term Connected or silo ed analysis? Integration with broader security platforms (learn & share) Compliance Microsoft Security Centre approved (user pop-ups) Regulation compliant PCI-DSS, etc 30

Takeaways What are you looking to achieve? Define what your endpoint stack requires for your business! Look at industry tests, but also DO YOUR OWN testing Criteria should include Prevention/Detection of what is most impactful to your business Manageability/Usability Integration between capabilities Integration into your broader security platform 31

Thank you. QUESTIONS? GDay@PaloAltoNetworks.com GregDaySecurity uk.linkedin.com/in/gregday +44 (0) 7799 661164 https://www.securityroundtable.org/

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback