Why Are We Still Being Breached?

Similar documents
Managed Endpoint Defense

Symantec Ransomware Protection

Building Resilience in a Digital Enterprise

Real-time, Unified Endpoint Protection

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

Application Whitelisting and Active Analysis Nick Levay, Chief Security Officer, Bit9

Symantec & Blue Coat Technical Update Webinar 29. Juni 2017

Advanced Endpoint Protection

Next-generation Endpoint Security and Cybereason

Symantec Endpoint Protection 14

Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options

RSA NetWitness Suite Respond in Minutes, Not Months

BUILT TO STOP BREACHES. Cloud-Delivered Endpoint Protection

IBM Security Network Protection Solutions

Un SOC avanzato per una efficace risposta al cybercrime

How to Identify Advanced Persistent, Targeted Malware Threats with Multidimensional Analysis

SentinelOne Technical Brief

Qualys Indication of Compromise

Getting over Ransomware - Plan your Strategy for more Advanced Threats

Put an end to cyberthreats

The Artificial Intelligence Revolution in Cybersecurity

Isla Web Malware Isolation and Network Sandbox Solutions Security Technology Comparison and Integration Guide

Zero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Deep Modernization of a Corporate IT Security Infrastructure

Securing the SMB Cloud Generation

Roberto NARETTO Technical Director CTO

Assessing Your Incident Response Capabilities Do You Have What it Takes?

Endpoint Protection : Last line of defense?

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

Reinventing Cybersecurity Prevention with Deep Learning: Endpoint Cybersecurity Evolution. Whitepaper

TRAPS ADVANCED ENDPOINT PROTECTION

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

CloudSOC and Security.cloud for Microsoft Office 365

with Advanced Protection

ForeScout Extended Module for Carbon Black

Kaspersky Cloud Security for Hybrid Cloud. Diego Magni Presales Manager Kaspersky Lab Italia

2018 Cyber Security Predictions

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

Panda Security. Corporate Presentation. Gianluca Busco Arré Country Manager

How to build a multi-layer Security Architecture to detect and remediate threats in real time

AT&T Endpoint Security

The 2017 State of Endpoint Security Risk

Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat

RSA Security Analytics

ANATOMY OF AN ATTACK!

Cisco Advanced Malware Protection (AMP) for Endpoints

ein wichtiger Baustein im Security Ökosystem Dr. Christian Gayda (T-SEC) und Ingo Kruckewitt (Symantec)

A Simple Guide to Understanding EDR

Colin Gibbens Director, Product Management

Building a Threat-Based Cyber Team

Next Generation Enduser Protection

ENTERPRISE ENDPOINT PROTECTION BUYER S GUIDE

WHITEPAPER ENDPOINT DETECTION AND RESPONSE BEYOND ANTIVIRUS PROACTIVE THREAT HUNTING AT THE ENDPOINT

SentinelOne Technical Brief

Cylance vs. Traditional Security Approaches. Understanding Drives Informed Decisions

BUILDING AND MAINTAINING SOC

6 KEY SECURITY REQUIREMENTS

Integrated Web Application Firewall (WAF) & Distributed Denial Of Service (DDoS) Mitigation For Today s Enterprises

WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX

SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE

IT Security Mandatory Solutions. Andris Soroka 2nd of July, RIGA

Gaps in Resources, Risk and Visibility Weaken Cybersecurity Posture

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

McAfee Endpoint Threat Defense and Response Family

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ

Maximum Security with Minimum Impact : Going Beyond Next Gen

Checklist for Evaluating Deception Platforms

TRAPS ADVANCED ENDPOINT PROTECTION

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

esendpoint Next-gen endpoint threat detection and response

CROWDSTRIKE FALCON FOR THE PUBLIC SECTOR

PULLING OUR SOCS UP VODAFONE GROUP AT RSAC Emma Smith. Andy Talbot. Group Technology Security Director Vodafone Group Plc

RANSOMWARE PROTECTION. A Best Practices Approach to Securing Your Enterprise

6 MILLION AVERAGE PAY. CYBER Security. How many cyber security professionals will be added in 2019? for popular indursty positions are

Endpoint Buyer s Guide

Technology Roadmap for Managed IT and Security. Michael Kirby II, Scott Yoshimura 04/12/2017

CYBER SECURITY EFFECTIVENESS FOR THE RESOURCE-CONSTRAINED ORGANIZATION

BOLSTERING DETECTION ABILITIES KENT KNUDSEN JUNE 23, 2016

This Cylance Is Headline This Is. Products and

McAfee Advanced Threat Defense

Symantec Endpoint Protection Family Feature Comparison

DATA SHEET RSA NETWITNESS ENDPOINT DETECT UNKNOWN THREATS. REDUCE DWELL TIME. ACCELERATE RESPONSE.

Technology Roadmap for Managed IT and Security. Michael Kirby II, Scott Yoshimura 05/24/2017

Designing an Adaptive Defense Security Architecture. George Chiorescu FireEye

Traditional Security Solutions Have Reached Their Limit

Lastline Breach Detection Platform

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

A MULTILAYERED SECURITY APPROACH TO KEEPING HEALTHCARE DATA SECURE

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

Designing and Building a Cybersecurity Program

WHITEPAPER HEALTHCARE S KEY TO DEFEATING CYBERATTACKS

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Cybersecurity Panel: Cutting through Cybersecurity Hype with Practical Tips to Protect your Bank

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

Transcription:

TM TM Why Are We Still Being Breached? Are 1 st Generation and NexGen solutions working? Rick Pither Director of Cybersecurity

Session Agenda 01 SparkCognition Introduction TM 02 Why Are We Still Being Breached? EPP, EDR, 1 st GEN AV, NexGen? 03 Differences in AI/ML Tesla vs Legacy Auto Manufacturers 04 DeepArmor Enterprise Built from AI

SparkCognition Portfolio SECURITY OPERATIONS SOLUTIONS PATENTED ALGORITMS MALWARE PREDICTION PREVENT PRE-EXECUTION PREVENT UNKNOWN SEIM, IT logs, Threat Intelligence Industrial and operational data PLATFORMS OR SERVICES INDUSTRIAL IOT PERFORMANCE PREDICTION ASSET MAINTENANCE FAILURE PREDICTION STUCTURED UNSTRUCTURED Files, Documents. Scripts, Macros Billions of Alerts 1M+ pages/documents 10Ks Research Reports Contracts JSON, CSV, XML Historical and Real Time Sensor Data Support Tickets Incident Reports DOCUMENT CLASSIFICATION WORKFLOW AUTOMATION COGNITIVE QUERY STRUCTURE TEXT AUTOIMATED MODEL BUILDING STRUCTURE TEX INTO TABLES BEST ALGORITM FOR CUSTOMER DATA SET CLIENT CHURN FIREWALL RULE SETS MALICIOUS BOT DETECTION PII DATA LEAKAGE THREAT PRIORITIZATION NETWORK ANOMOLIES AIR QUALITY/WEATHER PATERNS INVENTORY REQUIREMENTS EMPLOYEE ATTRITION HOME CREDIT DEFAULT RISK FINANCIAL/INSURANCE FRAUDS SOLAR OUTPUT/WEATHER PATTERNS

Why are we still being breached? The evolution of tools and tactics Hacking as a Service Open source tools and online services that lower the technical barrier to entry for attackers Single Use Malware Highly targeted, single use attacks with no two variants being the same Polymorphism Attacks that can automatically mutate to evade signatures and IoCs Trusted Application Attacks Attacks that leverage trusted applications like document, macros and scripts to deliver payload In Memory Attacks Direct injection of code into memory space to evade file monitoring Weaponized AI Leveraging machine learning to generate adversarial malware 69% of organizations don't believe their antivirus can stop the threats they're seeing - Ponemon Institute

Quick History of the Endpoint Market Effectiveness of solution Broken; Not as effective AI/ML is everywhere FUD around file-less and in-memory EDR is now the answer Too many attacks/alerts/data Zero day still a struggle 1 st Gen Reverse engineered FUD Marketing 2 nd Gen Rush to add AI/ML capabilities Reverse engineered EDR tilt 85+ Vendors Time and adversary strength grow

Defense in Depth Cloud Firewall Email Gateway Network IDS/IPS EPP EDR IR Forensics Effectiveness Effectiveness IR Cost

Why EPP? OUTSIDE 73% INSIDER 27% EPP Endpoint Prevention Platform PRE-EXECUTION STATIC DETECTION FILE-BASED IN MEMORY/FILE-LESS POST-EXECUTION INFECTED DYNAMIC BEHAVIORAL EDR Endpoint Detection and Remediation 101010101010101010101010101010 101010101010101010101010101010 NETWORK ANONOMLY DETECTION FILE-LESS ADVANCED MALWARE DETECTION SANDBOXING

Impact of the Evolving Attack Model Endpoint Protection must evolve to keep pace $5M Average cost of a successful endpoint security attack in 2017 1 42% of organizations reported an endpoint breach in the last year 2 77% 53% Of successful cyber attacks include new or unknown Of organizations believe their current endpoint protection solutions threats (malware, exploit, file-less), 350,000 new do not provide adequate protection against the newest attacks 1 variants are created each day 1 97% Of malware infections employ polymorphic techniques 3 35% Of cyber attacks were fileless exploits including macros, scripts and in-memory 1 99% Of malware is seen for less than one minute before a new sample takes it place 4

Security Market Whiteboard CISO=DEA 5,000 miles Vectors Plane Boat Drug Mule Sub Catapult Tunnels Drone Disguised Already here east/west state/state 3,000 miles 1. CHANGE THE DEFINITION OF WINNING 2. START REALLY CHANGING METHODOLOGY 244 new threats Per min Up 22% in 2017 32m samples SparkCognition Recommendations Help IT practice good hygiene patching privilege escalation management 2 factor authentication Network segmentation Leverage REAL AI/ML 46% malware 30% zero day 33% LOTL Detect Prevent Watch Remediate 3. REDUCE RELIANCE ON PRODUCTS/HUMANS F/W, IDS and AV are easily bypassed 4. GET OUT OF DETECTION/ALERT BUSINESS Ex: SIEM s on average on have only 12 YARA rules And they generate 10,000-50,000 alerts/day Still need tripwires along the kill chain Reduce incident response times Start to reduce number of security vendors

DeepArmor: Endpoint Protection The Future of Endpoint Protection, Built from AI Multi-Vector Protection, Built from AI DeepArmor leverages ground breaking algorithms and patented model building tools to predict and prevent across every attack vector including file-based, file-less and in-memory attacks Pre-Execution Prevention DeepArmor intercepts and prevents attacks before they can execute, eliminating the need for post-infection behavioral analysis, ineffective system rollbacks and time-intensive reimaging No Heuristics, No Signatures, No Control Features DeepArmor leverages the power of AI to prevent unknown zero-day attacks with no need for rigid heuristics, out of date signatures or rudimentary on/off control features

Threat Detection Architecture Lightweight, Cognitive Agent Windows Mac Linux Desktops/Servers 1001010111010110101011000101010110101 001010111010110101011000101010110101 File Reputation Application Control (Whitelist, Blacklist) Machine Learning File Analysis Block Known and Zero-Day Unknown Malware Exploits Kernel Level Real-Time Executable Malware Weaponized Documents In-Memory Script/Macro

Replace Legacy Antivirus How DeepArmor Replaces Antivirus with Algorithms DeepArmor s Endpoint Protection platform delivers the strongest protection against zero-day malware, weaponized scripts, macros and in-memory attacks. Prevention Technique Traditional Antivirus Signatures Heuristics Control Features Next-Generation Antivirus Basic ML & Behavioral Analysis DeepArmor Endpoint Protection Pre-Execution Machine Learning Known File-Based Malware No Out-of-Date Signatures No Rudimentary Control Features Unknown File-Based Malware Unknown Document Attacks Unknown Script-Based Attacks Unknown Macro Attacks No Post-Infection Behavioral Analysis No Rigid Heuristics (e.g., YARA) Unknown In-Memory Attacks

BitDefender Cylance CrowdStrike Symantec DeepArmor 75% 77% 83.5% 88.4% 99.6% The DeepArmor Efficacy Difference Commitment to Innovation, Differentiated Protection Near Zero-Day (<24hrs. ) Malware Detection % (Pre-Execution) 100.00% DeepArmor 99.6% 95.00% 90.00% 85.00% Next Generation Average 77.1% 80.00% 75.00% 70.00% 1st Generation Average 64.4% 65.00% 60.00% 55.00% 50.00% 60.00% 70.00% 80.00% 90.00% 100.00% 50.00%

Near Zero Day Testing (how well does your product correctly prevent something never seen before) Download random set daily No File Reputation Data Set Query Less than 24 hours old Microsoft executable Malicious Detected by at least 20 vendors Static File Pre-Execution Compare all AI/ML models

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback