Bromium: Virtualization-Based Security

Similar documents
One Ring to Rule them All

CloudSOC and Security.cloud for Microsoft Office 365

A Simple Guide to Understanding EDR

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

SECOPS: NAVIGATE THE NEW LANDSCAPE FOR PREVENTION, DETECTION AND RESPONSE

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Consultant since many years. Mainly working with defense and public sector. MCSE on Windows Server 2000 security ;-)

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

SentinelOne Technical Brief

Symantec Ransomware Protection

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE

Driving more value from your Security Operations Center (SOC) Platform. James Hanlon Director, Splunk Security Markets Specialization, EMEA

Defending Against Unkown Automation is the Key. Rajesh Kumar Juniper Networks

Case Study. Top Financial Services Provider Ditches Detection for Isolation

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

Building Resilience in a Digital Enterprise

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO

Managed Endpoint Defense

MODERN DESKTOP SECURITY

RSA NetWitness Suite Respond in Minutes, Not Months

BUILDING SECURITY INTO YOUR DATA CENTER MODERNIZATION STRATEGY

AKAMAI CLOUD SECURITY SOLUTIONS

Deception: Deceiving the Attackers Step by Step

ForeScout Extended Module for Splunk

Proactive Approach to Cyber Security

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

NIST Special Publication

Live Attack Visualization and Analysis. What does a Malware attack look like?

Endpoint Security Transformed. Isolation: A Revolutionary New Approach

Cyber Resilience: Developing a Shared Culture. Sponsor Guide

Compliance series Building secure endpoints with Windows 10 and Defendpoint

From Managed Security Services to the next evolution of CyberSoc Services

THE ACCENTURE CYBER DEFENSE SOLUTION

CYBER SECURITY EFFECTIVENESS FOR THE RESOURCE-CONSTRAINED ORGANIZATION

WINDOWS 10 ENTERPRISE New Security Features

CyberArk Privileged Threat Analytics

85% 89% 10/5/2018. Do You Have A Firewall Around Your Cloud? Conquering The Big Threats & Challenges

HOW CLOUD, MOBILITY AND SHIFTING APP ARCHITECTURES WILL TRANSFORM SECURITY: GAINING THE HOME-COURT ADVANTAGE

Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches

The Oracle Trust Fabric Securing the Cloud Journey

Enterprise Ransomware Mitigations

MCAFEE INTEGRATED THREAT DEFENSE SOLUTION

INTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.

Qualys Cloud Platform

Real-time, Unified Endpoint Protection

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

WHITEPAPER ATTIVO NETWORKS DECEPTION TECHNOLOGY FOR MERGERS AND ACQUISITIONS

Symantec Endpoint Protection Family Feature Comparison

Security Operations in Flux

Hybrid Identity de paraplu in de cloud

BUFFERZONE Advanced Endpoint Security

align security instill confidence

Introducing MVISION. Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls. Jon Parkes.

Symantec & Blue Coat Technical Update Webinar 29. Juni 2017

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

A MULTILAYERED SECURITY APPROACH TO KEEPING HEALTHCARE DATA SECURE

Are we breached? Deloitte's Cyber Threat Hunting

The threat landscape is constantly

WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX

Evolution of Cyber Security. Nasser Kettani Chief Technology Officer Microsoft, Middle East and Africa

IMPLEMENTING MICROSOFT CREDENTIAL GUARD FOR ISO 27001, PCI, AND FEDRAMP

Designing an Adaptive Defense Security Architecture. George Chiorescu FireEye

BREACHES HAPPEN: BE PREPARED. Endpoint Detection & Response

STAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response

Tanium Endpoint Detection and Response. (ISC)² East Bay Chapter Training Day July 13, 2018

SOLUTION BRIEF RSA NETWITNESS PLATFORM ACCELERATED THREAT DETECTION & AUTOMATED RESPONSE FROM THE ENDPOINT TO THE CLOUD

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

CipherCloud CASB+ Connector for ServiceNow

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

Software-Defined Secure Networks in Action

Qualys Cloud Platform

SentinelOne Technical Brief

CLOSING THE 1% GAP THAT S COSTING YOU MILLIONS

Key Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering. Key Threats Internet was just growing Mail was on the verge

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER

Security Terminology Related to a SOC

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. Ralf Kaltenbach, Regional Director RSA Germany

Zero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection

Big and Bright - Security

Traditional Security Solutions Have Reached Their Limit

BUFFERZONE Advanced Endpoint Security

Security By Design: Application Isolation & Containment

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Windows 10 Security & Audit

This Cylance Is Headline This Is. Products and

2018 Cyber Security Predictions

Getting over Ransomware - Plan your Strategy for more Advanced Threats

Zero Trust with Okta: A Modern Approach to Secure Access from Anywhere. How Okta enables a Zero Trust solution for our customers

SYMANTEC DATA CENTER SECURITY

CYBER SECURITY MALAYSIA AWARDS, CONFERENCE & EXHIBITION (CSM-ACE) Securing Virtual Environments

CyberEdge Group 2018 Cyberthreat Defense Report

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

Building a More Secure Cloud Architecture

ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Transcription:

Bromium: Virtualization-Based Security TAG-Cyber Briefing Presented by Simon Crosby CTO, Co-Founder of Bromium

Bromium 2016 2

Bromium 2016 3

Real-time Detection & Analysis Malware manifest Bromium 2016 4

Search for attacks in real-time Isolate & remediate infected devices Learn, Adapt & Distribute new attack vectors & IoCs Send to SIEM and share with peer orgs Bromium 2016 5

Bromium eliminates malware completely, reducing the need for reimaging and patching. - Security Director, Valspar 6

Microsoft Edge browser isolation announcement Windows Defender Application Guard runs the Edge browser in isolation Limited to enterprise and education licenses Available summer 2017

Microsoft validation that Bromium solves the problem! Microsoft and Bromium are partnering on a series of joint security scenarios that use Virtualization Based Security and micro-virtualization as a means to hardware isolate apps. Microsoft Edge uses Windows Defender Application Guard to protect the device, apps, data, and networks from attacks launched through the browser. Bromium ships a robust full-featured solution to protect the endpoint from malicious documents, executables, attachments, downloads and sites.

Windows 10 Device Guard Device integrity Cryptographic processor Virtualization Biometric sensors UEFI Secure Boot prevents device tampering and ensures OS starts with integrity TPM processor provides tamper proof integrity validation and prevents unauthorized access to sensitive information Processor based virtualization isolates critical system components and data and protects even in the event full system compromise Using a biometric for authentication increases the level of difficulty for an attacker to the highest level 9

Ransomware is now the #1 security concern for organizations Windows 7, 8 Ransomware attack vectors Weaponized e-mail attachments Embedded hyperlinks within emails Browser (drive-by) attacks Web application vulnerabilities

Defeating ransomware with Bromium and Microsoft Isolates Edge Windows 7, 8 Isolates and self-remediates Weaponized e-mail attachments Embedded hyperlinks within emails Browser (drive-by) attacks Web application vulnerabilities

Enterprise cyber resilience with Bromium Protection against Pass-thehash attacks Kernel code integrity checks WDGA isolates Edge Windows 7, 8 Protection & self-remediation for Network-based attacks File or data loss Key-loggers & screen scrapers Ransomware Persistent APTs Pass-the-hash attacks All malicious execution Tamper-proof real-time monitoring (EDR) of isolated tasks and the Windows desktop

Windows Host Microvisor New Micro-VM per user task BIOS Boot (Windows 7, 8 upgrade) 15

Protected OS Network Intranet SaaS Sites Applications Files Credentials Isolated Websites Attachments USB / shares Untrusted networks Vulnerable Applications BIOS Boot (Windows 7, 8 upgrade) 16

Windows Defender Application Guard for Edge Applications Windows 10 Kernel VBS (Hyper-V)

Windows Defender Application Guard for Edge Applications Windows 10 Kernel VBS (Hyper-V) Monitoring Protection 2 Fed to SOC for real-time analytics & hunting 1 Complete record of execution state (diffs, pcaps, files) 3 Selfremediation Monitoring

Enterprise cyber resilience with Bromium Sensor Network Virtual SOC Threat Intelligence Device & Policy Management Self-defending Endpoints API and Threat Feeds

Bromium is delivering enterprise security today! The power of VBS is available now and will support the upgrade journey from Windows 7 and 8 to Windows 10 We isolate all threat vectors: malicious documents, executables, attachments, downloads, and sites The Sensor Network has isolation intelligence for postbreach, detection, investigation, and advanced threat response It s easy to deploy and you ll immediately start realizing value 20

Bromium helps investment firm secure $236 billion using existing business assets The Bromium approach leverages our existing investments in endpoint and network security, providing unambiguous and actionable threat intelligence that we can use to quickly and systematically enhance our overall security posture. - Ken Pfeil, CISO Pioneer Investments

Microsoft validates that isolation is the way forward! WDAG a Microsoft implementation of virtualization-based security with limited applicability Windows 10 WDAG implementation is not available on all Win 10 machines. New hardware required supporting UEFI-based Secure Boot BIOS-booted Windows 10 machines are not supported Bromium supports Edge today with hardware-enforced isolation and complete Edge browser isolation is in development Bromium accelerates Windows 10 migration with hardware-enforced isolation for Windows 7, 8 and 10 today for all attack vectors

Gartner top security investments in 2016/2017 Cloud Access Security Broker (CASB) Endpoint Detection & Remediation (EDR) Non-signature Approaches for EPP User and Entity Behavior Analytics (UEBA) Micro-segmentation & Visibility Security Testing for DevOps Intelligence Driven SOC Remote Browser Deception Pervasive Trust Services Bromium satisfies 6 of the top 10 security investments 23

Next Steps Learn more about us. We have more for you in our TAG-Cyber download. http://bit.ly/tag-cyber

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback