Defending Against Known & Unknown Threats

Similar documents
Advanced Threat Defense Certification Testing Report. Trend Micro Incorporated Trend Micro Deep Discovery Inspector

Fortinet, Inc. Advanced Threat Protection Solution

Advanced Threat Defense Certification Testing Report. Symantec Corporation Symantec Advanced Threat Protection

Sophos Central for partners and customers: overview and new features. Jonathan Shaw Senior Product Manager, Sophos Central

Avira Test Results 2013

Web Gateway Security Appliances for the Enterprise: Comparison of Malware Blocking Rates

Threat Landscape vs Threat Management. Thomas Ludvik Næss Country Manager

Endpoint Protection : Last line of defense?

Get BitDefender Client Security 2 Years 30 PCs software suite ]

How do you decide what s best for you?

The Scenes of Cyber Crime

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

Certified Cyber Security Specialist

SECURE YOUR APPLICATIONS, SIMPLIFY AUTHENTICATION AND CONSOLIDATE YOUR INFRASTRUCTURE

A Simple Guide to Understanding EDR

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

ISE Cyber Security UCITS Index (HUR)

Symantec Hosted Services. Eugenio Correnti / Senior Pre-Sales Consultant EMEA 1

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

Advanced Threat Protection Buyer s Guide GUIDANCE TO ADVANCE YOUR ORGANIZATION S SECURITY POSTURE

Invincea Endpoint Protection Test

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

ACTIVE MICROSOFT CERTIFICATIONS:

AT&T Endpoint Security

IBM Security Systems IBM X-Force 2012 Annual Trend and Risk Report

The Rise of the CSO Welcome

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

For Official Use Only

Certificate in Security Management

ONC Health IT Certification Program

October Broward County Government Human Services Department. Community Partnerships Division FY2015 Provider Information

Kaspersky Security for Microsoft Office 365

Using Six Sigma to Determine Risk Management Focus. Joyce Zerkich, CPHIMS, MBA, PMP Project Manager/Scrum Master, RelWare

Technical Brochure F-SECURE THREAT SHIELD

June 2012 First Data PCI RAPID COMPLY SM Solution

How to Identify Advanced Persistent, Targeted Malware Threats with Multidimensional Analysis

Defending Against Unkown Automation is the Key. Rajesh Kumar Juniper Networks

CYBER ATTACKS DON T DISCRIMINATE. Michael Purcell, Systems Engineer Manager

Hematology Program (BC90A/BC90B/BC90C/BC90D/CS90A/CS90B/CS90C/CS90D) Cycle 11: March 2016 February Sample No: 1 Sample Date: 14 Apr 16

Effective Data Security Takes More Than Just Technology

The Cybercrime Storm Continues. Are You Prepared? Can You Prevent Data Breaches?

Welcome To The. Broward County Human Services Department. Community Partnerships Division FY2016 Provider Information Workshop

Maximum Security with Minimum Impact : Going Beyond Next Gen

Application Security. Doug Ashbaugh CISSP, CISA, CSSLP. Solving the Software Quality Puzzle

HIMSS 15 Doing Better Business in the Era of Data Security and Privacy

WatchGuard Total Security Complete network protection in a single, easy-to-deploy solution.

Strategies for a Successful Security and Digital Transformation

COURSE LISTING. Courses Listed. with SAP Hybris Marketing Cloud. 24 January 2018 (23:53 GMT) HY760 - SAP Hybris Marketing Cloud

COMPARATIVE MALWARE PROTECTION ASSESSMENT

July 30, Q2 Quarterly Report on Progress in Processing Interconnection Requests; Docket No. ER

ISACA GEEK WEEK SECURITY MANAGEMENT TO ENTERPRISE RISK MANAGEMENT USING THE ISO FRAMEWORK AUGUST 19, 2015

Jordan Levesque - Keeping your Business Secure

Intel Security Advanced Threat Defense Threat Detection Testing

The Gartner Security Information and Event Management Magic Quadrant 2010: Dealing with Targeted Attacks

ThaiCERT Incident Response & Phishing cases in Thailand. By Kitisak Jirawannakool Thai Computer Emergency Response team (ThaiCERT)

COURSE LISTING. Courses Listed. Training for Database & Technology with Modeling in SAP HANA. 20 November 2017 (12:10 GMT) Beginner.

CloudSOC and Security.cloud for Microsoft Office 365

COURSE LISTING. Courses Listed. Training for Cloud with SAP Cloud Platform in Development. 23 November 2017 (08:12 GMT) Beginner.

Defensible and Beyond

COURSE LISTING. Courses Listed. Training for Database & Technology with Development in SAP Cloud Platform. 1 December 2017 (22:41 GMT) Beginner

ISACA MANILA CHAPTER CALENDAR OF ACTIVITIES

PANEL 5: IHE CONFORMITY ASSESSMENT TESTING IN A GLOBAL CONTEXT

Best Practices for a Cyber Fortified Supply Chain. By Craig Bowman. Vice President Verizon Advanced Solutions Division.

ISACA MANILA CHAPTER CALENDAR OF ACTIVITIES

Designing an Adaptive Defense Security Architecture. George Chiorescu FireEye

Securing the Modern Data Center with Trend Micro Deep Security

software.sci.utah.edu (Select Visitors)

Cybowall Solution Overview

Achieve deeper network security

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

North American Portability Management, LLC LNPA Transition Contingency Rollback. Industry Discussion July 12 th, 2017

Building Resilience in a Digital Enterprise

Cognitive Threat Analytics Tech update

SE Labs Test Plan for Q Endpoint Protection : Enterprise, Small Business, and Consumer

THE ACCENTURE CYBER DEFENSE SOLUTION

CLOSING THE 1% GAP THAT S COSTING YOU MILLIONS

Jens Thonke, EVP, Cyber Security Services Jyrki Rosenberg, EVP, Corporate Cyber Security CORPORATE SECURITY

Smart Protection Network. Raimund Genes, CTO

The Mimecast Security Risk Assessment Quarterly Report May 2017

Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options

MODERN DESKTOP SECURITY

RPS Work Item: Beta Testing of Message Standard

Symantec Endpoint Protection 14

At a Glance: Symantec Security.cloud vs Microsoft O365 E3

to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large

SE Labs Test Plan for Q Endpoint Protection : Enterprise, Small Business, and Consumer

Cybersecurity Roadmap: Global Healthcare Security Architecture

Defense in Depth Security in the Enterprise

Trend Micro Endpoint Comparative Report Performed by AV-Test.org

CSci530 Final Exam. Fall 2014

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

ACTIVE MICROSOFT CERTIFICATIONS:

PEOPLE CENTRIC SECURITY THE NEW

Securing and File Sharing in the Cloud

2018 CALENDAR OF ACTIVITIES

North American Portability Management, LLC LNPA Transition Contingency Rollback. Industry Working Session January 16 th, 2018

Who What Why

CONE 2019 Project Proposal on Cybersecurity

Cisco SD-WAN. Intent-based networking for the branch and WAN. Carlos Infante PSS EN Spain March 2018

Transcription:

Defending Against Known & Unknown Threats Jack Walsh, New Initiatives & Mobility Programs Manager Copyright 2016 ICSA Labs

Introducing ICSA Labs

About ICSA Labs We re known for Providing independent 3 rd -party assurance Security-focused certification testing Stakeholder consortia Founded in 1989 25 years of testing Anti-malware products, network firewalls, etc. ISO accredited ISO 9001: 2008 ISO/IEC 17025: 2005 ISO/IEC 17065: 2012 Recent initiatives Security product testing Advanced threat defense (ATD) Internet of Things devices & sensors Mobile testing Mobile device platform security Healthcare testing ONC EHR, HIMSS ConCert, IHE USA Our seal of approval

Some of our customers

The value of certification testing Buyers need an objective way to confirm that security products introduced into their organization will function as advertised, interoperate and conform to privacy & security requirements. Vendors need a cost effective way to credibly demonstrate that their products will satisfy buyers needs. Ongoing certification testing by a credible, independent third party like ICSA Labs helps satisfy the needs of both.

Defending Against Known & Unknown Threats

2005 2010 source: www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ Enterprises are being attacked

To defend against threats Organizations protected & secured themselves with all the traditional standards anti-malware, network firewalls, intrusion prevention systems, web application firewalls, etc.

2010 2016 Things did not improve source: www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ Enterprises still being breached!

Growth in security spend Up 294% since 2006 to $21B in 2014 (source Gartner) What resulted? Data breach explosion! 614 breaches reported in North America in 2013 Over 91M records disclosed AOL Breaches put another way TD RBS Ameritrade Worldpay TK / TJ Maxx Heartland AT&T Sony PSN Citigroup Washington Post source: https://blogs.bromium.com/2014/08/14/the-rise-and-fall-of-enterprise-security/ Target LexisNexis Michael s Home Depot Snapchat NASDAQ American Express ebay Neiman Marcus

Why haven t security products adequately protected enterprises?

Known and unknown threats

25 years (Known Threats) 1 year (Unknown Threats)

Known malicious threat testing ICSA Labs AV Testing Program Key Characteristics Wild List based testing Threats known in the wild On access On demand 25 years

Enhanced & Reloaded for 2017 ICSA Labs anti-malware testing From: From: To: To: More More Malicious Comprehensive Sample Sources Testing Wild List Static Signatures The Collection Wild List Static Wild List Signatures (Delta) Real Time URL Microsoft Threat List Blocking Prevalence ATD Anomaly Program Detection The Collection Enterprise Behavior- Samples Based

Testing unknown malicious threats ICSA ICSA Labs Labs began added ATD certification ATD-Email testing in in Q4 fall 2016 2015

What does ATD mean anyhow? Advanced threat defense (ATD) a. Protect from ADVANCED Threats? b. Protect from PERSISTENT Threats? c. Protect from UNKNOWN Threats?

Where does ATD occur? a. The Endpoint b. Network perimeter c. Local Sandbox d. Sandbox in Cloud e. Cloud Analysis Cluster A: Any or All of These!

Basis for ATD & ATD-Email testing Threat vectors leading to breaches Verizon Data Breach Investigations Report (DBIR) Direct Install Email Attachment Web Download Web Drive-By Email Link Download by Malware Network Propagation Remote Injection Removable Media Other 0 500 1000 1500 2000 2500 3000 3500 4000 3706 869 588 551 453 230 138 72 16 13

ATD & ATD-Email testing programs Does it detect 100s of new threats? Quarterly test cycles Does it have minimal FPs? Continuous testing for 3 to 5 wks Test cycles begin mid-month Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec FREE Reports available at quarter end

Testing focus Test cycles last 3-5 weeks Detecting threats Unknown Little-known While having minimal false positives

How you benefit Recurring testing with latest threats Keep informed with quarterly testing results. Know how ATD solutions perform against latest threats. Observe over time how products fare against the norm. No cost to enterprises Only participating vendors register and pay Includes free reports on our website https://www.icsalabs.com/products?tid[]=5352

ICSA Labs Certified ATD Solutions The value of certification testing

Without YOU certification testing disappears Want more choices? jwalsh@icsalabs.com

Statistics from 3 ATD test cycles Average Detection Effectiveness of Certified ATD Solutions Failing ATD Solutions Approximate Number of ATD Developers ~30 Vendors currently registered for ATD testing 11 Vendors with an ICSA Labs Certified ATD Solution 5 Average Test Cycle Length 30.75 days Average Number Test runs per test cycle 610

Data from previous 4 ATD test cycles Ransomware is huge lately

Poor Fred

Will ATD solve all your problems?

About Jack Walsh Jack has worked eighteen years at ICSA Labs. Currently driving development of programs that test the security of IoT devices, advanced threat defense solutions and all things mobile, his prior roles included network intrusion prevention systems program manager, anti-spam program manager and firewall lab technical lead. Prior to joining ICSA Labs, Jack tested commercial products at the National Security Agency. While there he co-authored the first firewall protection profile. Jack earned his B.S. in Electrical Engineering from Penn State and later earned an M.S. in Computer Science from Johns Hopkins. Jack Walsh New Initiatives & Mobility Programs Manager jwalsh@icsalabs.com 717.790.8126

Find out more at www.icsalabs.com/

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback