SlideShare a Scribd company logo

Detection and Analysis of 0-Day Threats

Download as PPTX, PDF
Invincea, Inc.
Invincea, Inc.

As threats are increasingly more sophisticated and targeted, traditional anti-virus detection is struggling to keep up. The traditional approach focuses on using fingerprint signatures of known malware to identify malware in the enterprise. This method of fingerprinting for detection is not only easily evaded, but it provides limited value to detecting targeted attacks against companies and emerging threats. To combat this problem, Invincea developed a novel method for detecting and analyzing previously unknown malware and 0-day exploits. The advanced detection approach runs in conjunction with Invincea’s secure virtual container, which is used to isolate the operating system and user data from exploits against vulnerable applications. By running high-risk apps like web browsers in a secure container, no prior knowledge, including signatures and IOCs of threats is required in order to prevent their damage to the system and loss of data.

Software
1 of 30
Detection and Analysis of 0- day Threats STEVE TAYLOR, PRINCIPAL SOFTWARE ENGINEER
Meet the Presenter Steve Taylor Steve is a Principal Software Engineer at Invincea who helped build the foundation for Invincea’s innovative security solution. As an employee since the company’s inception, he designed and implemented major portions of the product’s core architecture and malware detection engine. The containerization platform he helped develop is currently used by large enterprises to protect against web-based attacks, such as spear-phishing. He is named on a provisional patent for his role in building a behavior-based approach to detect and analyze threats.
Summary • Anatomy of a breach • Containment • Detection • Analysis • Demo
Incidental Contact Invincea Closes the Gap Targeted Attacks (APTs) Spear-phishing (95% of all APTs*) - Links to drive-by downloads - Weaponized document attachments Watering hole attacks - Hijacked, trusted sites - Poisoned Search Engine Results - Malicious Websites - Hijacked Legitimate Sites - 30,000 takeovers DAILY** - Social Networking Worms *Both Mandiant and Trend Micro – 2013 Reports ** Sophos – June 2013 Zero-days and New Malware Strains Targeting Browsers, Plug-ins, PDFs and Office Docs
Most Vulnerable Products 2013 Source: National Vulnerability Database and GFI
Malware Evolution (1980s – 1990s) Mass Targeting Pinpoint Targeting High Sophisticatio n Low Script Kiddies Lone Wolves “Hacktivists” Anti-Virus defenses
Malware Evolution (2000s) Mass Targeting Pinpoint Targeting High Sophisticatio n Low Script Kiddies Lone Wolves Organized Crime “Hacktivists” Nation States (Tier 2) Nation States (Tier 1) Anti-Virus defenses Network Sandboxing White Listing
Malware Evolution (circa 2010) Mass Targeting Pinpoint Targeting High Sophisticatio n Low Script Kiddies Lone Wolves Organized Crime “Hacktivists” Nation States (Tier 2) Nation States (Tier 1) Anti-Virus defenses Network Sandboxing Threat Curve circa 2010 White Listing
2014+ changing Threat Curve Mass Targeting Pinpoint Targeting High Sophisticatio n Low Script Kiddies Lone Wolves Organized Crime “Hacktivists” Nation States (Tier 2) Nation States (Tier 1) Anti-Virus defenses Threat Curve (today) Takeaway: Less advanced adversaries now have access to very sophisticated malware Network Sandboxing White Listing
New Defenses are Needed Mass Targeting Pinpoint Targeting High Sophisticatio n Low Script Kiddies Lone Wolves Organized Crime “Hacktivists” Nation States (Tier 2) Nation States (Tier 1) Anti-Virus defenses Threat Curve (today) Advanced Endpoint Protection Network Sandboxing White Listing
Controls Training IAM Antivirus Firewalls IPS/IPS Patching Mapping Enterprise Security Controls to ThreatScape Advanced Threat Conventional Threat
Re-thinking Endpoint Security DETECTION | PREVENTION | INTELLIGENCE
Why Endpoints Are Easy to Exploit Adobe Acrobat Reader …
Why Endpoints Are Easy to Exploit Browser Toolbars & Widgets
Why Endpoints Are Easy to Exploit Browser Plugins
Why Endpoints Are Easy to Exploit
Using Virtual Container Architecture to Cover the Largest Attack Surfaces Invincea Communications Interface Secure Virtual Container • Virtual File System • Behavioral sensors (process, file, network) • Command and Control • Forensic data capture
Using Virtual Container Architecture to Cover the Largest Attack Surfaces Contained Threats Attacks against the browser, PDF reader, Office suite are air-locked from the host operating system. Detection, kill and forensic capture occurs inside the secure virtual container. Detection Containerized application behavior is meticulously whitelisted. Any deviation from known behavior is immediately flagged as suspicious. This means no signatures are required and 0-day threat detection is realized.
Using Virtual Container Architecture to Cover the Largest Attack Surfaces Malware Killed & Collected • Virtual File System • IOCs • Command and Control • Forensic data capture
Real-time Forensic Data Feeds Invincea Management Server• Virtual appliance • Software • Physical appliance • Hosted
Protecting Against Drive-bys
• Each app has a profile of possible behaviors • Behavior that deviates from expected is a likely IOC • Malware will create artifacts as it executes including file system, registry, in-memory, and network activities • These artifacts are triggers to start collecting intel and alert the user How Detection Works
Malware-Free Intrusion IOCs • Unexpected process launches • Dropping and launching processes • Code injection into running processes • Loading modules reflectively in memory • Loading modules from the network • …
Leveraging Containerization For Behavioral Detection • Behavioral detection traditionally tricky – Hard to define expected behaviors for the entire system • Only behaviors of contained apps need to be mapped • The container is a controlled environment with predictable outcomes
The Source of Attack • Attribute any source website or document • Any iframes embedded in the website are traced • Links/Documents opened in Outlook that lead to a detection are indicators of spear phishing
Collecting Intel • All activity from suspect processes is collected – File/registry/network/execution • Execution and code injections are traced to filter only behaviors stemming from the attack • Process and network metadata is gathered
Analyzing the Data • DEMO
Questions? Invincea Research Edition: www.invincea.com/researchedition Webinar Recording : www.invincea.com/2014/12/detection-and-analysis-of-0-day-threats-with- invincea-freespace Demo Request: www.invincea.com/demo
#12daysofSploitmas www.invincea.com/12-days-of- sploitmas 'Tis the season for eggnog, holiday music... and online exploits. Learn about all the ways Invincea has detected and stopped cyber attacks in 2014.
Thank you. Invincea @Invincea

Recommended

Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementMayur Nanotkar
 
Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554TISA
 
Next Generation Advanced Malware Detection and Defense
Next Generation Advanced Malware Detection and DefenseNext Generation Advanced Malware Detection and Defense
Next Generation Advanced Malware Detection and DefenseLuca Simonelli
 
Persistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsPersistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsSameer Thadani
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent ThreatsESET
 
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...RootedCON
 
Safeguard your enterprise against ransomware
Safeguard your enterprise against ransomwareSafeguard your enterprise against ransomware
Safeguard your enterprise against ransomwareQuick Heal Technologies Ltd.
 
Cyber Resiliency
Cyber ResiliencyCyber Resiliency
Cyber ResiliencyAlert Logic
 

Recommended

Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementMayur Nanotkar
 
Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554TISA
 
Next Generation Advanced Malware Detection and Defense
Next Generation Advanced Malware Detection and DefenseNext Generation Advanced Malware Detection and Defense
Next Generation Advanced Malware Detection and DefenseLuca Simonelli
 
Persistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsPersistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsSameer Thadani
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent ThreatsESET
 
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...RootedCON
 
Safeguard your enterprise against ransomware
Safeguard your enterprise against ransomwareSafeguard your enterprise against ransomware
Safeguard your enterprise against ransomwareQuick Heal Technologies Ltd.
 
Cyber Resiliency
Cyber ResiliencyCyber Resiliency
Cyber ResiliencyAlert Logic
 
Cambodia CERT Seminar: Incident response for ransomeware attacks
Cambodia CERT Seminar: Incident response for ransomeware attacksCambodia CERT Seminar: Incident response for ransomeware attacks
Cambodia CERT Seminar: Incident response for ransomeware attacksAPNIC
 
Trisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS DefendersTrisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS DefendersDragos, Inc.
 
Behavior-Based Defense in ICS
Behavior-Based Defense in ICSBehavior-Based Defense in ICS
Behavior-Based Defense in ICSDragos, Inc.
 
Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.marketingunitrends
 
Planning your 2015 Threat Detection Strategy with a Broken Crystal Ball
Planning your 2015 Threat Detection Strategy with a Broken Crystal BallPlanning your 2015 Threat Detection Strategy with a Broken Crystal Ball
Planning your 2015 Threat Detection Strategy with a Broken Crystal BallAlienVault
 
Watering Hole Attacks: Detect End-User Compromise Before the Damage is Done
Watering Hole Attacks: Detect End-User Compromise Before the Damage is DoneWatering Hole Attacks: Detect End-User Compromise Before the Damage is Done
Watering Hole Attacks: Detect End-User Compromise Before the Damage is DoneAlienVault
 
Toward revealing Advanced Persistence Threats in your organization - Public
Toward revealing Advanced Persistence Threats in your organization - PublicToward revealing Advanced Persistence Threats in your organization - Public
Toward revealing Advanced Persistence Threats in your organization - PublicCharles Lim
 
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...Digital Bond
 
Hiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known VulnerabilitiesHiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known VulnerabilitiesImperva
 
How to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USMHow to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USMAlienVault
 
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...CODE BLUE
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)mmubashirkhan
 
Chapter 1, Transformasi antivirus
Chapter 1, Transformasi antivirusChapter 1, Transformasi antivirus
Chapter 1, Transformasi antivirusAdi Saputra
 
Alienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienVault
 
How Malware Works
How Malware WorksHow Malware Works
How Malware WorksAlienVault
 
Is Antivirus (AV) Dead or Just Missing in Action
Is Antivirus (AV) Dead or Just Missing in Action Is Antivirus (AV) Dead or Just Missing in Action
Is Antivirus (AV) Dead or Just Missing in Action Quick Heal Technologies Ltd.
 
What is Next-Generation Antivirus?
What is Next-Generation Antivirus?What is Next-Generation Antivirus?
What is Next-Generation Antivirus?Ryan G. Murphy
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...APNIC
 
2017 Cyber Risk Grades by Industry: Normshield Executive Presentation
2017 Cyber Risk Grades by Industry: Normshield Executive Presentation2017 Cyber Risk Grades by Industry: Normshield Executive Presentation
2017 Cyber Risk Grades by Industry: Normshield Executive PresentationNormShield, Inc.
 
Is Anti-Virus Dead?
Is Anti-Virus Dead?Is Anti-Virus Dead?
Is Anti-Virus Dead?ESET
 
Threats to the Grid | Cyber Challenges Impacting the Energy Sector
Threats to the Grid | Cyber Challenges Impacting the Energy Sector Threats to the Grid | Cyber Challenges Impacting the Energy Sector
Threats to the Grid | Cyber Challenges Impacting the Energy Sector Invincea, Inc.
 
Cyber attacks in Ukraine
Cyber attacks in UkraineCyber attacks in Ukraine
Cyber attacks in UkraineNick Bilogorskiy
 

More Related Content

What's hot

Cambodia CERT Seminar: Incident response for ransomeware attacks
Cambodia CERT Seminar: Incident response for ransomeware attacksCambodia CERT Seminar: Incident response for ransomeware attacks
Cambodia CERT Seminar: Incident response for ransomeware attacksAPNIC
 
Trisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS DefendersTrisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS DefendersDragos, Inc.
 
Behavior-Based Defense in ICS
Behavior-Based Defense in ICSBehavior-Based Defense in ICS
Behavior-Based Defense in ICSDragos, Inc.
 
Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.marketingunitrends
 
Planning your 2015 Threat Detection Strategy with a Broken Crystal Ball
Planning your 2015 Threat Detection Strategy with a Broken Crystal BallPlanning your 2015 Threat Detection Strategy with a Broken Crystal Ball
Planning your 2015 Threat Detection Strategy with a Broken Crystal BallAlienVault
 
Watering Hole Attacks: Detect End-User Compromise Before the Damage is Done
Watering Hole Attacks: Detect End-User Compromise Before the Damage is DoneWatering Hole Attacks: Detect End-User Compromise Before the Damage is Done
Watering Hole Attacks: Detect End-User Compromise Before the Damage is DoneAlienVault
 
Toward revealing Advanced Persistence Threats in your organization - Public
Toward revealing Advanced Persistence Threats in your organization - PublicToward revealing Advanced Persistence Threats in your organization - Public
Toward revealing Advanced Persistence Threats in your organization - PublicCharles Lim
 
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...Digital Bond
 
Hiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known VulnerabilitiesHiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known VulnerabilitiesImperva
 
How to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USMHow to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USMAlienVault
 
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...CODE BLUE
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)mmubashirkhan
 
Chapter 1, Transformasi antivirus
Chapter 1, Transformasi antivirusChapter 1, Transformasi antivirus
Chapter 1, Transformasi antivirusAdi Saputra
 
Alienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienVault
 
How Malware Works
How Malware WorksHow Malware Works
How Malware WorksAlienVault
 
What is Next-Generation Antivirus?
What is Next-Generation Antivirus?What is Next-Generation Antivirus?
What is Next-Generation Antivirus?Ryan G. Murphy
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...APNIC
 
2017 Cyber Risk Grades by Industry: Normshield Executive Presentation
2017 Cyber Risk Grades by Industry: Normshield Executive Presentation2017 Cyber Risk Grades by Industry: Normshield Executive Presentation
2017 Cyber Risk Grades by Industry: Normshield Executive PresentationNormShield, Inc.
 
Is Anti-Virus Dead?
Is Anti-Virus Dead?Is Anti-Virus Dead?
Is Anti-Virus Dead?ESET
 

What's hot (20)

Cambodia CERT Seminar: Incident response for ransomeware attacks
Cambodia CERT Seminar: Incident response for ransomeware attacksCambodia CERT Seminar: Incident response for ransomeware attacks
Cambodia CERT Seminar: Incident response for ransomeware attacks
 
Trisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS DefendersTrisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS Defenders
 
Behavior-Based Defense in ICS
Behavior-Based Defense in ICSBehavior-Based Defense in ICS
Behavior-Based Defense in ICS
 
Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.
 
Planning your 2015 Threat Detection Strategy with a Broken Crystal Ball
Planning your 2015 Threat Detection Strategy with a Broken Crystal BallPlanning your 2015 Threat Detection Strategy with a Broken Crystal Ball
Planning your 2015 Threat Detection Strategy with a Broken Crystal Ball
 
Watering Hole Attacks: Detect End-User Compromise Before the Damage is Done
Watering Hole Attacks: Detect End-User Compromise Before the Damage is DoneWatering Hole Attacks: Detect End-User Compromise Before the Damage is Done
Watering Hole Attacks: Detect End-User Compromise Before the Damage is Done
 
Toward revealing Advanced Persistence Threats in your organization - Public
Toward revealing Advanced Persistence Threats in your organization - PublicToward revealing Advanced Persistence Threats in your organization - Public
Toward revealing Advanced Persistence Threats in your organization - Public
 
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
 
Hiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known VulnerabilitiesHiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known Vulnerabilities
 
How to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USMHow to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USM
 
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)
 
Chapter 1, Transformasi antivirus
Chapter 1, Transformasi antivirusChapter 1, Transformasi antivirus
Chapter 1, Transformasi antivirus
 
Alienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworks
 
How Malware Works
How Malware WorksHow Malware Works
How Malware Works
 
Is Antivirus (AV) Dead or Just Missing in Action
Is Antivirus (AV) Dead or Just Missing in Action Is Antivirus (AV) Dead or Just Missing in Action
Is Antivirus (AV) Dead or Just Missing in Action
 
What is Next-Generation Antivirus?
What is Next-Generation Antivirus?What is Next-Generation Antivirus?
What is Next-Generation Antivirus?
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
 
2017 Cyber Risk Grades by Industry: Normshield Executive Presentation
2017 Cyber Risk Grades by Industry: Normshield Executive Presentation2017 Cyber Risk Grades by Industry: Normshield Executive Presentation
2017 Cyber Risk Grades by Industry: Normshield Executive Presentation
 
Is Anti-Virus Dead?
Is Anti-Virus Dead?Is Anti-Virus Dead?
Is Anti-Virus Dead?
 

Viewers also liked

Threats to the Grid | Cyber Challenges Impacting the Energy Sector
Threats to the Grid | Cyber Challenges Impacting the Energy Sector Threats to the Grid | Cyber Challenges Impacting the Energy Sector
Threats to the Grid | Cyber Challenges Impacting the Energy Sector Invincea, Inc.
 
S4 krotofil afternoon_sesh_2017
S4 krotofil afternoon_sesh_2017S4 krotofil afternoon_sesh_2017
S4 krotofil afternoon_sesh_2017Marina Krotofil
 
Analytics for Smart Grid Cyber security
Analytics for Smart Grid Cyber securityAnalytics for Smart Grid Cyber security
Analytics for Smart Grid Cyber securityBoston Global Forum
 
BGF-UNESCO-at-UCLA conference - Madness - The dynamics of International Cyber...
BGF-UNESCO-at-UCLA conference - Madness - The dynamics of International Cyber...BGF-UNESCO-at-UCLA conference - Madness - The dynamics of International Cyber...
BGF-UNESCO-at-UCLA conference - Madness - The dynamics of International Cyber...Boston Global Forum
 
Smart Grid Cyber Security
Smart Grid Cyber SecuritySmart Grid Cyber Security
Smart Grid Cyber SecurityJAZEEL K T
 

Viewers also liked (6)

Threats to the Grid | Cyber Challenges Impacting the Energy Sector
Threats to the Grid | Cyber Challenges Impacting the Energy Sector Threats to the Grid | Cyber Challenges Impacting the Energy Sector
Threats to the Grid | Cyber Challenges Impacting the Energy Sector
 
Cyber attacks in Ukraine
Cyber attacks in UkraineCyber attacks in Ukraine
Cyber attacks in Ukraine
 
S4 krotofil afternoon_sesh_2017
S4 krotofil afternoon_sesh_2017S4 krotofil afternoon_sesh_2017
S4 krotofil afternoon_sesh_2017
 
Analytics for Smart Grid Cyber security
Analytics for Smart Grid Cyber securityAnalytics for Smart Grid Cyber security
Analytics for Smart Grid Cyber security
 
BGF-UNESCO-at-UCLA conference - Madness - The dynamics of International Cyber...
BGF-UNESCO-at-UCLA conference - Madness - The dynamics of International Cyber...BGF-UNESCO-at-UCLA conference - Madness - The dynamics of International Cyber...
BGF-UNESCO-at-UCLA conference - Madness - The dynamics of International Cyber...
 
Smart Grid Cyber Security
Smart Grid Cyber SecuritySmart Grid Cyber Security
Smart Grid Cyber Security
 

Similar to Detection and Analysis of 0-Day Threats

Tech Throwdown: Secure Containerization vs Whitelisting
Tech Throwdown: Secure Containerization vs WhitelistingTech Throwdown: Secure Containerization vs Whitelisting
Tech Throwdown: Secure Containerization vs WhitelistingInvincea, Inc.
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security IntelligenceSplunk
 
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0Invincea, Inc.
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresCarl B. Forkner, Ph.D.
 
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Microfestival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Microfestival ICT 2016
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineLastline, Inc.
 
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...REVULN
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security PresentationSimplex
 
H@dfex 2015 malware analysis
H@dfex 2015 malware analysisH@dfex 2015 malware analysis
H@dfex 2015 malware analysisCharles Lim
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultAlienVault
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Securitysudip pudasaini
 
Custom defense - Blake final
Custom defense - Blake finalCustom defense - Blake final
Custom defense - Blake finalMinh Le
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attackMark Silver
 
Spice world 2014 hacker smackdown
Spice world 2014 hacker smackdown Spice world 2014 hacker smackdown
Spice world 2014 hacker smackdown AlienVault
 
endpoint-detection-and-response-datasheet.pdf
endpoint-detection-and-response-datasheet.pdfendpoint-detection-and-response-datasheet.pdf
endpoint-detection-and-response-datasheet.pdfOlufemi37
 
Pervasive Security Across Your Extended Network
Pervasive Security Across Your Extended NetworkPervasive Security Across Your Extended Network
Pervasive Security Across Your Extended NetworkCisco Security
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliveryBlack Duck by Synopsys
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliveryTim Mackey
 

Similar to Detection and Analysis of 0-Day Threats (20)

Tech Throwdown: Secure Containerization vs Whitelisting
Tech Throwdown: Secure Containerization vs WhitelistingTech Throwdown: Secure Containerization vs Whitelisting
Tech Throwdown: Secure Containerization vs Whitelisting
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
 
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
 
NetWitness
NetWitnessNetWitness
NetWitness
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security Measures
 
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Microfestival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
 
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security Presentation
 
H@dfex 2015 malware analysis
H@dfex 2015 malware analysisH@dfex 2015 malware analysis
H@dfex 2015 malware analysis
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVault
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
Custom defense - Blake final
Custom defense - Blake finalCustom defense - Blake final
Custom defense - Blake final
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
 
Spice world 2014 hacker smackdown
Spice world 2014 hacker smackdown Spice world 2014 hacker smackdown
Spice world 2014 hacker smackdown
 
endpoint-detection-and-response-datasheet.pdf
endpoint-detection-and-response-datasheet.pdfendpoint-detection-and-response-datasheet.pdf
endpoint-detection-and-response-datasheet.pdf
 
Declaration of malWARe
Declaration of malWAReDeclaration of malWARe
Declaration of malWARe
 
Pervasive Security Across Your Extended Network
Pervasive Security Across Your Extended NetworkPervasive Security Across Your Extended Network
Pervasive Security Across Your Extended Network
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous delivery
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous delivery
 

More from Invincea, Inc.

Webcast: The Similarity Evidence Explorer For Malware
Webcast: The Similarity Evidence Explorer For Malware Webcast: The Similarity Evidence Explorer For Malware
Webcast: The Similarity Evidence Explorer For Malware Invincea, Inc.
 
Minimizing Dwell Time On Networks In IR With Tapio
Minimizing Dwell Time On Networks In IR With TapioMinimizing Dwell Time On Networks In IR With Tapio
Minimizing Dwell Time On Networks In IR With TapioInvincea, Inc.
 
Endpoint Security Evasion
Endpoint Security EvasionEndpoint Security Evasion
Endpoint Security EvasionInvincea, Inc.
 
Invincea: Reasoning in Incident Response in Tapio
Invincea: Reasoning in Incident Response in TapioInvincea: Reasoning in Incident Response in Tapio
Invincea: Reasoning in Incident Response in TapioInvincea, Inc.
 
PoS Malware and Other Threats to the Retail Industry
PoS Malware and Other Threats to the Retail IndustryPoS Malware and Other Threats to the Retail Industry
PoS Malware and Other Threats to the Retail IndustryInvincea, Inc.
 
Webinar: Operation DeathClick: Uncovering Micro-Targeted Malvertising Against...
Webinar: Operation DeathClick: Uncovering Micro-Targeted Malvertising Against...Webinar: Operation DeathClick: Uncovering Micro-Targeted Malvertising Against...
Webinar: Operation DeathClick: Uncovering Micro-Targeted Malvertising Against...Invincea, Inc.
 
Invincea Dell Protected Workspace blocks Spear-Phish Word-doc-Mar-2014
Invincea Dell Protected Workspace blocks Spear-Phish Word-doc-Mar-2014Invincea Dell Protected Workspace blocks Spear-Phish Word-doc-Mar-2014
Invincea Dell Protected Workspace blocks Spear-Phish Word-doc-Mar-2014Invincea, Inc.
 
Invincea fake british airways ticket spear-phish malware 03-21-2014
Invincea fake british airways ticket spear-phish malware 03-21-2014Invincea fake british airways ticket spear-phish malware 03-21-2014
Invincea fake british airways ticket spear-phish malware 03-21-2014Invincea, Inc.
 
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...Invincea, Inc.
 
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by DownloadsStop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by DownloadsInvincea, Inc.
 

More from Invincea, Inc. (10)

Webcast: The Similarity Evidence Explorer For Malware
Webcast: The Similarity Evidence Explorer For Malware Webcast: The Similarity Evidence Explorer For Malware
Webcast: The Similarity Evidence Explorer For Malware
 
Minimizing Dwell Time On Networks In IR With Tapio
Minimizing Dwell Time On Networks In IR With TapioMinimizing Dwell Time On Networks In IR With Tapio
Minimizing Dwell Time On Networks In IR With Tapio
 
Endpoint Security Evasion
Endpoint Security EvasionEndpoint Security Evasion
Endpoint Security Evasion
 
Invincea: Reasoning in Incident Response in Tapio
Invincea: Reasoning in Incident Response in TapioInvincea: Reasoning in Incident Response in Tapio
Invincea: Reasoning in Incident Response in Tapio
 
PoS Malware and Other Threats to the Retail Industry
PoS Malware and Other Threats to the Retail IndustryPoS Malware and Other Threats to the Retail Industry
PoS Malware and Other Threats to the Retail Industry
 
Webinar: Operation DeathClick: Uncovering Micro-Targeted Malvertising Against...
Webinar: Operation DeathClick: Uncovering Micro-Targeted Malvertising Against...Webinar: Operation DeathClick: Uncovering Micro-Targeted Malvertising Against...
Webinar: Operation DeathClick: Uncovering Micro-Targeted Malvertising Against...
 
Invincea Dell Protected Workspace blocks Spear-Phish Word-doc-Mar-2014
Invincea Dell Protected Workspace blocks Spear-Phish Word-doc-Mar-2014Invincea Dell Protected Workspace blocks Spear-Phish Word-doc-Mar-2014
Invincea Dell Protected Workspace blocks Spear-Phish Word-doc-Mar-2014
 
Invincea fake british airways ticket spear-phish malware 03-21-2014
Invincea fake british airways ticket spear-phish malware 03-21-2014Invincea fake british airways ticket spear-phish malware 03-21-2014
Invincea fake british airways ticket spear-phish malware 03-21-2014
 
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
 
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by DownloadsStop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
 

Recently uploaded

WSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in sowetomasabamasaba
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...SelfMade bd
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...Shane Coughlan
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplatePresentation.STUDIO
 
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benonimasabamasaba
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastPapp Krisztián
 
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburgmasabamasaba
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationJuha-Pekka Tolvanen
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2
 
WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...
WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...
WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...WSO2
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...masabamasaba
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...masabamasaba
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2
 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...chiefasafspells
 

Recently uploaded (20)

WSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AI
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...
WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...
WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
 

Detection and Analysis of 0-Day Threats

  • 1. Detection and Analysis of 0- day Threats STEVE TAYLOR, PRINCIPAL SOFTWARE ENGINEER
  • 2. Meet the Presenter Steve Taylor Steve is a Principal Software Engineer at Invincea who helped build the foundation for Invincea’s innovative security solution. As an employee since the company’s inception, he designed and implemented major portions of the product’s core architecture and malware detection engine. The containerization platform he helped develop is currently used by large enterprises to protect against web-based attacks, such as spear-phishing. He is named on a provisional patent for his role in building a behavior-based approach to detect and analyze threats.
  • 3. Summary • Anatomy of a breach • Containment • Detection • Analysis • Demo
  • 4. Incidental Contact Invincea Closes the Gap Targeted Attacks (APTs) Spear-phishing (95% of all APTs*) - Links to drive-by downloads - Weaponized document attachments Watering hole attacks - Hijacked, trusted sites - Poisoned Search Engine Results - Malicious Websites - Hijacked Legitimate Sites - 30,000 takeovers DAILY** - Social Networking Worms *Both Mandiant and Trend Micro – 2013 Reports ** Sophos – June 2013 Zero-days and New Malware Strains Targeting Browsers, Plug-ins, PDFs and Office Docs
  • 5. Most Vulnerable Products 2013 Source: National Vulnerability Database and GFI
  • 6. Malware Evolution (1980s – 1990s) Mass Targeting Pinpoint Targeting High Sophisticatio n Low Script Kiddies Lone Wolves “Hacktivists” Anti-Virus defenses
  • 7. Malware Evolution (2000s) Mass Targeting Pinpoint Targeting High Sophisticatio n Low Script Kiddies Lone Wolves Organized Crime “Hacktivists” Nation States (Tier 2) Nation States (Tier 1) Anti-Virus defenses Network Sandboxing White Listing
  • 8. Malware Evolution (circa 2010) Mass Targeting Pinpoint Targeting High Sophisticatio n Low Script Kiddies Lone Wolves Organized Crime “Hacktivists” Nation States (Tier 2) Nation States (Tier 1) Anti-Virus defenses Network Sandboxing Threat Curve circa 2010 White Listing
  • 9. 2014+ changing Threat Curve Mass Targeting Pinpoint Targeting High Sophisticatio n Low Script Kiddies Lone Wolves Organized Crime “Hacktivists” Nation States (Tier 2) Nation States (Tier 1) Anti-Virus defenses Threat Curve (today) Takeaway: Less advanced adversaries now have access to very sophisticated malware Network Sandboxing White Listing
  • 10. New Defenses are Needed Mass Targeting Pinpoint Targeting High Sophisticatio n Low Script Kiddies Lone Wolves Organized Crime “Hacktivists” Nation States (Tier 2) Nation States (Tier 1) Anti-Virus defenses Threat Curve (today) Advanced Endpoint Protection Network Sandboxing White Listing
  • 12. Re-thinking Endpoint Security DETECTION | PREVENTION | INTELLIGENCE
  • 13. Why Endpoints Are Easy to Exploit Adobe Acrobat Reader …
  • 14. Why Endpoints Are Easy to Exploit Browser Toolbars & Widgets
  • 15. Why Endpoints Are Easy to Exploit Browser Plugins
  • 16. Why Endpoints Are Easy to Exploit
  • 17. Using Virtual Container Architecture to Cover the Largest Attack Surfaces Invincea Communications Interface Secure Virtual Container • Virtual File System • Behavioral sensors (process, file, network) • Command and Control • Forensic data capture
  • 18. Using Virtual Container Architecture to Cover the Largest Attack Surfaces Contained Threats Attacks against the browser, PDF reader, Office suite are air-locked from the host operating system. Detection, kill and forensic capture occurs inside the secure virtual container. Detection Containerized application behavior is meticulously whitelisted. Any deviation from known behavior is immediately flagged as suspicious. This means no signatures are required and 0-day threat detection is realized.
  • 19. Using Virtual Container Architecture to Cover the Largest Attack Surfaces Malware Killed & Collected • Virtual File System • IOCs • Command and Control • Forensic data capture
  • 20. Real-time Forensic Data Feeds Invincea Management Server• Virtual appliance • Software • Physical appliance • Hosted
  • 22. • Each app has a profile of possible behaviors • Behavior that deviates from expected is a likely IOC • Malware will create artifacts as it executes including file system, registry, in-memory, and network activities • These artifacts are triggers to start collecting intel and alert the user How Detection Works
  • 23. Malware-Free Intrusion IOCs • Unexpected process launches • Dropping and launching processes • Code injection into running processes • Loading modules reflectively in memory • Loading modules from the network • …
  • 24. Leveraging Containerization For Behavioral Detection • Behavioral detection traditionally tricky – Hard to define expected behaviors for the entire system • Only behaviors of contained apps need to be mapped • The container is a controlled environment with predictable outcomes
  • 25. The Source of Attack • Attribute any source website or document • Any iframes embedded in the website are traced • Links/Documents opened in Outlook that lead to a detection are indicators of spear phishing
  • 26. Collecting Intel • All activity from suspect processes is collected – File/registry/network/execution • Execution and code injections are traced to filter only behaviors stemming from the attack • Process and network metadata is gathered
  • 28. Questions? Invincea Research Edition: www.invincea.com/researchedition Webinar Recording : www.invincea.com/2014/12/detection-and-analysis-of-0-day-threats-with- invincea-freespace Demo Request: www.invincea.com/demo
  • 29. #12daysofSploitmas www.invincea.com/12-days-of- sploitmas 'Tis the season for eggnog, holiday music... and online exploits. Learn about all the ways Invincea has detected and stopped cyber attacks in 2014.