SlideShare ist ein Scribd-Unternehmen logo

Hiding In Plain Sight – Protect Against Bad Hashes

Als PPTX, PDF herunterladen
Tripwire
Tripwire

The document discusses advanced threat detection through integration with malware analytics services and appliances using sandbox technology. It also discusses automating the investigation and monitoring of indicators of compromise from industry peers, community sources, and commercial threat intelligence services on high-risk assets. The diagram shows the process of detecting threats from new indicators, searching for previous existence, starting monitoring, and driving workflows to investigate and remediate impacted systems.

Technologie
1 von 16
Advanced Malware Identification – Identify advanced threats on high risk assets through integration to malware analytics services and appliances using sandbox technology Monitoring for Peer & Community Sourced IoCs – Automate the forensics investigation and proactive monitoring on high risk assets of indicators of compromise sourced from industry peers and community sources Monitoring for Commercial Threat Intelligence Service IoCs – Automate the forensics investigation and proactive monitoring on high risk assets of indicators of compromise sourced from tailored commercial threat intelligence services
! THREAT DETECTED! 3 NEW INDICATORS 1 Search forensics data for previous existence of indicator. Start monitoring for indicator in all new changes. 2 Drive workflow to investigate and remediate system. 4
! THREAT DETECTED! 4 Indicators Feed 2 Search forensics data for previous existence of indicator. Start monitoring for indicator in all new changes. 3 Drive workflow to investigate and remediate system. 5
Next Generation Threat Prevention Tripwire Enterprise AgentNEW BINARY FOUND 1 SEND FILE/HASH FOR ANALYSIS 2 ! THREAT DETECTED! 3 NEW ADVANCED THREAT DETECTED 4 Drive workflow to investigate and remediate system. 5 UPDATE THREAT PREVENTION RULES 6 Real-time blocking of command & control, exfiltration, and further infections. 7
tripwire.com | @TripwireInc

Empfohlen

World best web apps security and Active detection of malicious link
World best web apps security and Active detection of malicious linkWorld best web apps security and Active detection of malicious link
World best web apps security and Active detection of malicious link
임채호 박사님
 
CTAP
CTAPCTAP
CTAP
Lan & Wan Solutions
 
Leverage Big Data in Cybersecurity
Leverage Big Data in Cybersecurity Leverage Big Data in Cybersecurity
Leverage Big Data in Cybersecurity
DefCamp
 
RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your Network
RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your NetworkRSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your Network
RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your Network
Skybox Security
 
Evento - Fintech Districht - Pierguido Iezzi - SWASCAN
Evento - Fintech Districht - Pierguido Iezzi - SWASCANEvento - Fintech Districht - Pierguido Iezzi - SWASCAN
Evento - Fintech Districht - Pierguido Iezzi - SWASCAN
SWASCAN
 
Gov Day Sacramento 2015 - User Behavior Analytics
Gov Day Sacramento 2015 - User Behavior AnalyticsGov Day Sacramento 2015 - User Behavior Analytics
Gov Day Sacramento 2015 - User Behavior Analytics
Splunk
 
Don’t let Your Website Spread Malware – a New Approach to Web App Security
Don’t let Your Website Spread Malware – a New Approach to Web App SecurityDon’t let Your Website Spread Malware – a New Approach to Web App Security
Don’t let Your Website Spread Malware – a New Approach to Web App Security
Sasha Nunke
 
Analyzing and implementing of network penetration testing
Analyzing and implementing of network penetration testingAnalyzing and implementing of network penetration testing
Analyzing and implementing of network penetration testing
Engr Md Yusuf Miah
 

Empfohlen

World best web apps security and Active detection of malicious link
World best web apps security and Active detection of malicious linkWorld best web apps security and Active detection of malicious link
World best web apps security and Active detection of malicious link
임채호 박사님
 
CTAP
CTAPCTAP
CTAP
Lan & Wan Solutions
 
Leverage Big Data in Cybersecurity
Leverage Big Data in Cybersecurity Leverage Big Data in Cybersecurity
Leverage Big Data in Cybersecurity
DefCamp
 
RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your Network
RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your NetworkRSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your Network
RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your Network
Skybox Security
 
Evento - Fintech Districht - Pierguido Iezzi - SWASCAN
Evento - Fintech Districht - Pierguido Iezzi - SWASCANEvento - Fintech Districht - Pierguido Iezzi - SWASCAN
Evento - Fintech Districht - Pierguido Iezzi - SWASCAN
SWASCAN
 
Gov Day Sacramento 2015 - User Behavior Analytics
Gov Day Sacramento 2015 - User Behavior AnalyticsGov Day Sacramento 2015 - User Behavior Analytics
Gov Day Sacramento 2015 - User Behavior Analytics
Splunk
 
Don’t let Your Website Spread Malware – a New Approach to Web App Security
Don’t let Your Website Spread Malware – a New Approach to Web App SecurityDon’t let Your Website Spread Malware – a New Approach to Web App Security
Don’t let Your Website Spread Malware – a New Approach to Web App Security
Sasha Nunke
 
Analyzing and implementing of network penetration testing
Analyzing and implementing of network penetration testingAnalyzing and implementing of network penetration testing
Analyzing and implementing of network penetration testing
Engr Md Yusuf Miah
 
ARES Next-Gen Risk Management Platform
ARES Next-Gen Risk Management PlatformARES Next-Gen Risk Management Platform
ARES Next-Gen Risk Management Platform
Tieu Luu
 
Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques
Akash Karwande
 
Stephanie Vanroelen - Mobile Anti-Virus apps exposed
Stephanie Vanroelen - Mobile Anti-Virus apps exposedStephanie Vanroelen - Mobile Anti-Virus apps exposed
Stephanie Vanroelen - Mobile Anti-Virus apps exposed
NoNameCon
 
G data mobile_mwr_q2_2015_us
G data mobile_mwr_q2_2015_usG data mobile_mwr_q2_2015_us
G data mobile_mwr_q2_2015_us
linkedinbeam
 
OTG - Practical Hands on VAPT
OTG - Practical Hands on VAPTOTG - Practical Hands on VAPT
OTG - Practical Hands on VAPT
shiriskumar
 
Enterprise Sec + User Bahavior Analytics
Enterprise Sec + User Bahavior AnalyticsEnterprise Sec + User Bahavior Analytics
Enterprise Sec + User Bahavior Analytics
Splunk
 
Inside forti os-v524-r5
Inside forti os-v524-r5Inside forti os-v524-r5
Inside forti os-v524-r5
Lan & Wan Solutions
 
SplunkLive! Stockholm 2015 breakout - Analytics based security
SplunkLive! Stockholm 2015 breakout - Analytics based securitySplunkLive! Stockholm 2015 breakout - Analytics based security
SplunkLive! Stockholm 2015 breakout - Analytics based security
Splunk
 
Gov & Education Day 2015 - User Behavior Analytics
Gov & Education Day 2015 - User Behavior AnalyticsGov & Education Day 2015 - User Behavior Analytics
Gov & Education Day 2015 - User Behavior Analytics
Splunk
 
Open Source Insight: Securing Software Stacks, Election Security, FDA Pacema...
Open Source Insight: Securing Software Stacks, Election Security, FDA Pacema...Open Source Insight: Securing Software Stacks, Election Security, FDA Pacema...
Open Source Insight: Securing Software Stacks, Election Security, FDA Pacema...
Black Duck by Synopsys
 
JAKU Botnet Analysis
JAKU Botnet AnalysisJAKU Botnet Analysis
JAKU Botnet Analysis
Napier University
 
Supply Chain Solutions for Modern Software Development
Supply Chain Solutions for Modern Software DevelopmentSupply Chain Solutions for Modern Software Development
Supply Chain Solutions for Modern Software Development
Sonatype
 
The AppSec Path to Enlightenment
The AppSec Path to EnlightenmentThe AppSec Path to Enlightenment
The AppSec Path to Enlightenment
Black Duck by Synopsys
 
Initial Routing Resilience Survey Results Show At Least 10% Of Incidents Are ...
Initial Routing Resilience Survey Results Show At Least 10% Of Incidents Are ...Initial Routing Resilience Survey Results Show At Least 10% Of Incidents Are ...
Initial Routing Resilience Survey Results Show At Least 10% Of Incidents Are ...
Internet Technology Matters (Internet Society)
 
Solnet dev secops meetup
Solnet dev secops meetupSolnet dev secops meetup
Solnet dev secops meetup
pbink
 
Base Metal Forensics
Base Metal ForensicsBase Metal Forensics
Base Metal Forensics
Napier University
 
The malware monetization machine
The malware monetization machineThe malware monetization machine
The malware monetization machine
Priyanka Aash
 
Intro to Network Vapt
Intro to Network VaptIntro to Network Vapt
Intro to Network Vapt
Apurv Singh Gautam
 
Viewfinity Application Control and Monitoring 2015
Viewfinity Application Control and Monitoring 2015Viewfinity Application Control and Monitoring 2015
Viewfinity Application Control and Monitoring 2015
Joseph Iannelli
 
Strategies for Improving Enterprise Application Security - a WhiteSource Webinar
Strategies for Improving Enterprise Application Security - a WhiteSource WebinarStrategies for Improving Enterprise Application Security - a WhiteSource Webinar
Strategies for Improving Enterprise Application Security - a WhiteSource Webinar
WhiteSource
 
Mr201401 consideration for indicators of malware likeness based on static fil...
Mr201401 consideration for indicators of malware likeness based on static fil...Mr201401 consideration for indicators of malware likeness based on static fil...
Mr201401 consideration for indicators of malware likeness based on static fil...
FFRI, Inc.
 
Dll hijacking
Dll hijackingDll hijacking
Dll hijacking
antitree
 

Weitere ähnliche Inhalte

Was ist angesagt?

Stephanie Vanroelen - Mobile Anti-Virus apps exposed
Stephanie Vanroelen - Mobile Anti-Virus apps exposedStephanie Vanroelen - Mobile Anti-Virus apps exposed
Stephanie Vanroelen - Mobile Anti-Virus apps exposed
NoNameCon
 
Viewfinity Application Control and Monitoring 2015
Viewfinity Application Control and Monitoring 2015Viewfinity Application Control and Monitoring 2015
Viewfinity Application Control and Monitoring 2015
Joseph Iannelli
 

Was ist angesagt? (20)

ARES Next-Gen Risk Management Platform
ARES Next-Gen Risk Management PlatformARES Next-Gen Risk Management Platform
ARES Next-Gen Risk Management Platform
 
Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques
 
Stephanie Vanroelen - Mobile Anti-Virus apps exposed
Stephanie Vanroelen - Mobile Anti-Virus apps exposedStephanie Vanroelen - Mobile Anti-Virus apps exposed
Stephanie Vanroelen - Mobile Anti-Virus apps exposed
 
G data mobile_mwr_q2_2015_us
G data mobile_mwr_q2_2015_usG data mobile_mwr_q2_2015_us
G data mobile_mwr_q2_2015_us
 
OTG - Practical Hands on VAPT
OTG - Practical Hands on VAPTOTG - Practical Hands on VAPT
OTG - Practical Hands on VAPT
 
Enterprise Sec + User Bahavior Analytics
Enterprise Sec + User Bahavior AnalyticsEnterprise Sec + User Bahavior Analytics
Enterprise Sec + User Bahavior Analytics
 
Inside forti os-v524-r5
Inside forti os-v524-r5Inside forti os-v524-r5
Inside forti os-v524-r5
 
SplunkLive! Stockholm 2015 breakout - Analytics based security
SplunkLive! Stockholm 2015 breakout - Analytics based securitySplunkLive! Stockholm 2015 breakout - Analytics based security
SplunkLive! Stockholm 2015 breakout - Analytics based security
 
Gov & Education Day 2015 - User Behavior Analytics
Gov & Education Day 2015 - User Behavior AnalyticsGov & Education Day 2015 - User Behavior Analytics
Gov & Education Day 2015 - User Behavior Analytics
 
Open Source Insight: Securing Software Stacks, Election Security, FDA Pacema...
Open Source Insight: Securing Software Stacks, Election Security, FDA Pacema...Open Source Insight: Securing Software Stacks, Election Security, FDA Pacema...
Open Source Insight: Securing Software Stacks, Election Security, FDA Pacema...
 
JAKU Botnet Analysis
JAKU Botnet AnalysisJAKU Botnet Analysis
JAKU Botnet Analysis
 
Supply Chain Solutions for Modern Software Development
Supply Chain Solutions for Modern Software DevelopmentSupply Chain Solutions for Modern Software Development
Supply Chain Solutions for Modern Software Development
 
The AppSec Path to Enlightenment
The AppSec Path to EnlightenmentThe AppSec Path to Enlightenment
The AppSec Path to Enlightenment
 
Initial Routing Resilience Survey Results Show At Least 10% Of Incidents Are ...
Initial Routing Resilience Survey Results Show At Least 10% Of Incidents Are ...Initial Routing Resilience Survey Results Show At Least 10% Of Incidents Are ...
Initial Routing Resilience Survey Results Show At Least 10% Of Incidents Are ...
 
Solnet dev secops meetup
Solnet dev secops meetupSolnet dev secops meetup
Solnet dev secops meetup
 
Base Metal Forensics
Base Metal ForensicsBase Metal Forensics
Base Metal Forensics
 
The malware monetization machine
The malware monetization machineThe malware monetization machine
The malware monetization machine
 
Intro to Network Vapt
Intro to Network VaptIntro to Network Vapt
Intro to Network Vapt
 
Viewfinity Application Control and Monitoring 2015
Viewfinity Application Control and Monitoring 2015Viewfinity Application Control and Monitoring 2015
Viewfinity Application Control and Monitoring 2015
 
Strategies for Improving Enterprise Application Security - a WhiteSource Webinar
Strategies for Improving Enterprise Application Security - a WhiteSource WebinarStrategies for Improving Enterprise Application Security - a WhiteSource Webinar
Strategies for Improving Enterprise Application Security - a WhiteSource Webinar
 

Andere mochten auch

Concepts of Malicious Windows Programs
Concepts of Malicious Windows ProgramsConcepts of Malicious Windows Programs
Concepts of Malicious Windows Programs
Natraj G
 
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera... SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
AlienVault
 
Level Up Your Security with Threat Intelligence
Level Up Your Security with Threat IntelligenceLevel Up Your Security with Threat Intelligence
Level Up Your Security with Threat Intelligence
IBM Security
 

Andere mochten auch (20)

Mr201401 consideration for indicators of malware likeness based on static fil...
Mr201401 consideration for indicators of malware likeness based on static fil...Mr201401 consideration for indicators of malware likeness based on static fil...
Mr201401 consideration for indicators of malware likeness based on static fil...
 
Dll hijacking
Dll hijackingDll hijacking
Dll hijacking
 
Concepts of Malicious Windows Programs
Concepts of Malicious Windows ProgramsConcepts of Malicious Windows Programs
Concepts of Malicious Windows Programs
 
Big Game Hunting - Peculiarities In Nation State Malware Research
Big Game Hunting - Peculiarities In Nation State Malware ResearchBig Game Hunting - Peculiarities In Nation State Malware Research
Big Game Hunting - Peculiarities In Nation State Malware Research
 
Dns security threats and solutions
Dns security threats and solutionsDns security threats and solutions
Dns security threats and solutions
 
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera... SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
 
Enabling effective hunt teaming and incident response
Enabling effective hunt teaming and incident responseEnabling effective hunt teaming and incident response
Enabling effective hunt teaming and incident response
 
PE Packers Used in Malicious Software - Part 1
PE Packers Used in Malicious Software - Part 1PE Packers Used in Malicious Software - Part 1
PE Packers Used in Malicious Software - Part 1
 
Level Up Your Security with Threat Intelligence
Level Up Your Security with Threat IntelligenceLevel Up Your Security with Threat Intelligence
Level Up Your Security with Threat Intelligence
 
SOC Foundation
SOC FoundationSOC Foundation
SOC Foundation
 
Dreaming of IoCs Adding Time Context to Threat Intelligence
Dreaming of IoCs Adding Time Context to Threat IntelligenceDreaming of IoCs Adding Time Context to Threat Intelligence
Dreaming of IoCs Adding Time Context to Threat Intelligence
 
Infoblox Secure DNS Solution
Infoblox Secure DNS SolutionInfoblox Secure DNS Solution
Infoblox Secure DNS Solution
 
For Critical Infrastructure Protection
For Critical Infrastructure ProtectionFor Critical Infrastructure Protection
For Critical Infrastructure Protection
 
Introducing Intelligence Into Your Malware Analysis
Introducing Intelligence Into Your Malware AnalysisIntroducing Intelligence Into Your Malware Analysis
Introducing Intelligence Into Your Malware Analysis
 
Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016
Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016
Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016
 
2016 ISSA Conference Threat Intelligence Keynote philA
2016 ISSA Conference Threat Intelligence Keynote philA2016 ISSA Conference Threat Intelligence Keynote philA
2016 ISSA Conference Threat Intelligence Keynote philA
 
Health IT Cyber Security HIPAA Summit Presentation: Metrics and Continuous Mo...
Health IT Cyber Security HIPAA Summit Presentation: Metrics and Continuous Mo...Health IT Cyber Security HIPAA Summit Presentation: Metrics and Continuous Mo...
Health IT Cyber Security HIPAA Summit Presentation: Metrics and Continuous Mo...
 
Your Botnet is My Botnet: Analysis of a Botnet Takeover
Your Botnet is My Botnet: Analysis of a Botnet TakeoverYour Botnet is My Botnet: Analysis of a Botnet Takeover
Your Botnet is My Botnet: Analysis of a Botnet Takeover
 
Indicators of compromise: From malware analysis to eradication
Indicators of compromise: From malware analysis to eradicationIndicators of compromise: From malware analysis to eradication
Indicators of compromise: From malware analysis to eradication
 
What Goes In Must Come Out: Egress-Assess and Data Exfiltration
What Goes In Must Come Out: Egress-Assess and Data ExfiltrationWhat Goes In Must Come Out: Egress-Assess and Data Exfiltration
What Goes In Must Come Out: Egress-Assess and Data Exfiltration
 

Ähnlich wie Hiding In Plain Sight – Protect Against Bad Hashes

Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk
 
How to Investigate Threat Alerts in Spiceworks!
How to Investigate Threat Alerts in Spiceworks! How to Investigate Threat Alerts in Spiceworks!
How to Investigate Threat Alerts in Spiceworks!
AlienVault
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security Simple
Gregory Hanis
 
Automated malware invariant generation
Automated malware invariant generationAutomated malware invariant generation
Automated malware invariant generation
UltraUploader
 
Detection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day ThreatsDetection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day Threats
Invincea, Inc.
 
Splunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk EMEA Webinar: Scoping infections and disrupting breachesSplunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk
 

Ähnlich wie Hiding In Plain Sight – Protect Against Bad Hashes (20)

SplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral AnalyticsSplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral Analytics
 
Next Generation Advanced Malware Detection and Defense
Next Generation Advanced Malware Detection and DefenseNext Generation Advanced Malware Detection and Defense
Next Generation Advanced Malware Detection and Defense
 
Deep Learning based Threat / Intrusion detection system
Deep Learning based Threat / Intrusion detection systemDeep Learning based Threat / Intrusion detection system
Deep Learning based Threat / Intrusion detection system
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
 
IOCs Are Dead—Long Live IOCs!
IOCs Are Dead—Long Live IOCs!IOCs Are Dead—Long Live IOCs!
IOCs Are Dead—Long Live IOCs!
 
SplunkLive Auckland 2015 - Splunk for Security
SplunkLive Auckland 2015 - Splunk for SecuritySplunkLive Auckland 2015 - Splunk for Security
SplunkLive Auckland 2015 - Splunk for Security
 
SplunkLive Wellington 2015 - Splunk for Security
SplunkLive Wellington 2015 - Splunk for SecuritySplunkLive Wellington 2015 - Splunk for Security
SplunkLive Wellington 2015 - Splunk for Security
 
Splunk for Security
Splunk for SecuritySplunk for Security
Splunk for Security
 
Best Practices for Scoping Infections and Disrupting Breaches
Best Practices for Scoping Infections and Disrupting BreachesBest Practices for Scoping Infections and Disrupting Breaches
Best Practices for Scoping Infections and Disrupting Breaches
 
How to Investigate Threat Alerts in Spiceworks!
How to Investigate Threat Alerts in Spiceworks! How to Investigate Threat Alerts in Spiceworks!
How to Investigate Threat Alerts in Spiceworks!
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security Simple
 
SynerComm's Tech TV series CIS Top 20 Critical Security Controls #4
SynerComm's Tech TV series CIS Top 20 Critical Security Controls #4SynerComm's Tech TV series CIS Top 20 Critical Security Controls #4
SynerComm's Tech TV series CIS Top 20 Critical Security Controls #4
 
Automated malware invariant generation
Automated malware invariant generationAutomated malware invariant generation
Automated malware invariant generation
 
Unveiling the Shadows: A Comprehensive Guide to Malware Analysis for Ensuring...
Unveiling the Shadows: A Comprehensive Guide to Malware Analysis for Ensuring...Unveiling the Shadows: A Comprehensive Guide to Malware Analysis for Ensuring...
Unveiling the Shadows: A Comprehensive Guide to Malware Analysis for Ensuring...
 
Spice world 2014 hacker smackdown
Spice world 2014 hacker smackdown Spice world 2014 hacker smackdown
Spice world 2014 hacker smackdown
 
Detection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day ThreatsDetection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day Threats
 
Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.
 
Splunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk EMEA Webinar: Scoping infections and disrupting breachesSplunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk EMEA Webinar: Scoping infections and disrupting breaches
 
Cisco amp for endpoints
Cisco amp for endpointsCisco amp for endpoints
Cisco amp for endpoints
 
Cisco amp for networks
Cisco amp for networksCisco amp for networks
Cisco amp for networks
 

Mehr von Tripwire

Defend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK FrameworkDefend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK Framework
Tripwire
 

Mehr von Tripwire (20)

Mind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't EnoughMind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't Enough
 
Data Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data PrivacyData Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data Privacy
 
Key Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsKey Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The Experts
 
Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo
 
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale Peterson
 
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
 
Tripwire Energy Working Group: Customer Session with Chase Cole
Tripwire Energy Working Group: Customer Session with Chase ColeTripwire Energy Working Group: Customer Session with Chase Cole
Tripwire Energy Working Group: Customer Session with Chase Cole
 
Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller
 
World Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest CelebrationWorld Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest Celebration
 
Tripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key FindingsTripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key Findings
 
Key Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact ReportKey Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact Report
 
The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!
 
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationIndustrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
 
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
 
Tripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key FindingsTripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key Findings
 
A Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber MomentsA Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber Moments
 
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTime for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
 
Tripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key FindingsTripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key Findings
 
Defend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK FrameworkDefend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK Framework
 
Defending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksDefending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber Attacks
 

Kürzlich hochgeladen

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 

Kürzlich hochgeladen (20)

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 

Hiding In Plain Sight – Protect Against Bad Hashes

  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7. Advanced Malware Identification – Identify advanced threats on high risk assets through integration to malware analytics services and appliances using sandbox technology Monitoring for Peer & Community Sourced IoCs – Automate the forensics investigation and proactive monitoring on high risk assets of indicators of compromise sourced from industry peers and community sources Monitoring for Commercial Threat Intelligence Service IoCs – Automate the forensics investigation and proactive monitoring on high risk assets of indicators of compromise sourced from tailored commercial threat intelligence services
  • 8. ! THREAT DETECTED! 3 NEW INDICATORS 1 Search forensics data for previous existence of indicator. Start monitoring for indicator in all new changes. 2 Drive workflow to investigate and remediate system. 4
  • 9. ! THREAT DETECTED! 4 Indicators Feed 2 Search forensics data for previous existence of indicator. Start monitoring for indicator in all new changes. 3 Drive workflow to investigate and remediate system. 5
  • 10. Next Generation Threat Prevention Tripwire Enterprise AgentNEW BINARY FOUND 1 SEND FILE/HASH FOR ANALYSIS 2 ! THREAT DETECTED! 3 NEW ADVANCED THREAT DETECTED 4 Drive workflow to investigate and remediate system. 5 UPDATE THREAT PREVENTION RULES 6 Real-time blocking of command & control, exfiltration, and further infections. 7
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.