SlideShare a Scribd company logo

Next Generation Advanced Malware Detection and Defense

Download as PPT, PDF
Luca Simonelli
Luca Simonelli

Stop evasive malware, advanced persistent threats and zero-day exploits along web, mail, file, and mobile vectors.

Technology
1 of 30
Next Generation Advanced Malware Detection and Defense Luca Simonelli VP & GM EMEA lsimonelli@lastline.com Company Confidential
Cyberattack (R)Evolution $$ Damage Targeted Attacks and Cyberwarfare Billions Millions Cybercrime Hundreds of Thousands Thousands !!! Cybervandalism $$$ #@! Hundreds Time Company Confidential
Current Defenses Have Failed January 10, 2014 Targeted attacks are mainstream news. Every week, new breaches are reported. Here are just a few examples. Company Confidential 3
Malware is a Problem of Scale … Company Confidential
Why Should You Care? • If you have assets of value it is not a question of whether you are being targeted, but where those blind spots exist in your environment • A compromise results in a backdoor into your network, providing cybercriminals with interactive access • With Lastline’s solutions you can obtain visibility and identify active advanced malware targeting not only your systems, but your key intellectual property and business assets Company Confidential
Targeted Attacks Evasive and Advanced Threats Security Gap Current solutions fail to protect organizations from sophisticated, targeted attacks. Evasive Threats Persistent Threats APT Solutions Opportunistic Attacks Fluxing Polymorphic C&C Packing Plain Virus Simple Threats Antivirus Solutions Sophisticated Threats Company Confidential
Lastline, Inc. Most advanced solution to detect, analyze, and mitigate APTs, targeted attacks, and 0-day threats Company Buzz Company Overview  Founded in 2011, by top security professors and advanced malware researchers to deliver the most proven and advanced protection against evasive malware, zero day and advanced persistent threats.  Founders published 100+ papers, recognized among top 30 Security Researchers in the world  Developers of Anubis / Wepawet, #1 portal for advanced malware analysis and research, used by Fortune 500, government agencies and security vendors  Experienced management team from Fortinet, ISS and Trend Micro “Top 10 coolest security startup of 2013” Read More Company Confidential “Lastline Named a finalist for five Info Security Products Guide Global Excellence Awards”
Lastline, Inc. “Top 10 coolest security startup of 2013” Anubis & Wepawet Research Backroung  Based on 10+ years research on APT  Founders published 100+ papers, recognized among top 30 Security Researchers in the world  Most popular free tools for advanced malware analysis, accessible through web portals  Used by tens of thousands of users (including Fortune 500 companies, government and financial institutions, and security vendors)  Anubis: Advanced malware analysishttp://anubis.cs.ucsb.edu  Wepawet: Drive-by exploit detector http://wepawet.cs.ucsb.edu Company Confidential http://tinyurl.com/ms-top-authors
Anubis & Wepawet Users Company Confidential
Highly Scalable Lastline Products Lastline Enterprise™ Detect Advanced Malware in Your Network • • • • • • • Lastline Analyst™ Upload Files for Analysis Ideal for net and sec ops Deploy on network passively Multi-Protocol support (email, web, etc.) Available on-premise or Hosted by Lastline Software runs on hardware and VMWare Complements NIPS and NGFW products On-premise 30-day trial available • • • • • • • Ideal for forensic, audit, ICR ops Cloud service hosted by Lastline Analyzes objects for advanced malware Inspects URLs for advanced malware No hardware required by customer Available as on-premise solution Free Lastline Analyst accounts Company Confidential 10
Highly Scalable Lastline Solution Lastline Enterprise™ Lastline Components Sensor Engine Manager Threat Intelligence Description On-Premise ✓ monitors network On-Premise Hosted* 4.7 on VMWare detonates objects Hosted* Lastline Analyst™ n/a n/a n/a ✓ Private Cloud ✓ ✓ Private Cloud ✓ correlates & offers APIs ✓ Private Cloud ✓ ✓ Private Cloud ✓ crawls the internet to find APTs Internet-scale, active discovery of APT threats. Models generated through machine-learning and large-scale clustering algorithms. Intelligence is pushed to components. * Hosted by Lastline Company Confidential 11
Lastline Platform Capabilities Lastline Enterprise™ Network and Object Analysis Network Analysis Sensor Engine Manager – Detection and blocking • • • Command & Control traffic Infection vectors, such as drive-by-download attacks Inbound malicious emails – Automated collection of potentially-malicious files for analysis – Analysis of pDNS and netflow data to identify anomalies – Scalable, distributed architecture Netflow Passive DNS Correlation Lastline Analyst™ Object Analysis Object Analysis Executable files Network Fingerprints Web URLs Non-executable files Android APK Anomaly-Based Command & Control Detection Global Threat Intelligence Engine Manager – Dynamic analysis in next generation sandbox • • Executes binaries, accesses web pages, opens documents Monitors and classifies observed behaviors – CPU emulation • • Company Confidential Provides visibility into every instruction that malware executes, not just the operating system calls Provides vastly increased ability to detect malicious and evasive behavior
Lastline Enterprise – In action Lastline proactively crawls the Internet for threats and updates the Sensor’s knowledge base Feedback for global threat intelligence Analyzes unknown Engine objects (programs and docs) with high-resolution analysis Manager Correlates alerts and produces actionable intelligence Drive-by attack Spearphishing Command and control Sensor Scans traffic for signs and anomalies that reveal C&C connections and infections Company Confidential
Lastline Enterprise On-Premise Lastline proactively crawls the Internet for threats and updates the Sensor’s knowledge base Analyzes unknown Engine objects (programs and docs) with high-resolution analysis Manager Correlates alerts and produces actionable intelligence Drive-by attack Spearphishing Command and control Sensor Scans traffic for signs and anomalies that reveal C&C connections and infections Company Confidential
Lastline Enterprise Hosted Lastline’s Datacenter Lastline proactively crawls the Internet for threats and updates the Sensor’s knowledge base Analyzes unknown objects Engine (programs and docs) with high-res analysis Manager Correlates alerts and produces actionable intelligence Drive-by attack Spearphishing Command and control Sensor Scans traffic for signs and anomalies that reveal C&C connections and infections Company Confidential
Lastline Analyst User accesses object information via HTTPS Upload Objects and URLs for Analysis Lastline proactively crawls the Internet for threats and updates knowledge base Manager Produces actionable intelligence Analyzes unknown objects Engine (programs and docs) with high-resolution analysis Company Confidential
High-Resolution Security Analysis Visibility without CPU emulation (traditional sandboxing technology) Visibility with CPU emulation (Lastline technology) Important behaviors and evasion happens here Company Confidential
Flexible & Cost Effective Deployment • • • • • Annual subscription, per-user pricing Non-proprietary, low-cost hardware Cost-effective, full network coverage Your choice of on-premise or hosted deployment Future-proofing via a platform approach which provides API access for integration • Scale engines in private cloud on-premise • Deploy anywhere in the network Company Confidential 18
Actionable Intelligence • Lastline Enterprise identifies with confidence the backdoors in your network • Detailed analysis supports the remediation process defined within the Enterprise • Correlated APT information rolls up to network incidents and provides drill down to individual malware events • APT threat severity level is available to identify high priority infections Company Confidential 19
Actionable Intelligence Traffic Infection Trend Analyzed Files Malware Distribution Company Confidential
Actionable Intelligence Mail Events Company Confidential
Posed to stand out from the crowd “Best New Security Start-Up Company of the Year (Software)” Gold Winner “Most Innovative Security Product (Software) of the Year” Bronze Winner “Innovation in Next Generation Security” Bronze Winner “Best Overall Security Company of the Year” Bronze Winner “Most Innovative Security Service of the Year” Silver Winner Company Confidential
Lastline Better By Design Lastline Core • Complete Protection – Analysis of inbound software artifacts – Analysis of outbound traffic using network models – Anomaly detection of suspicious behavior – Actionable Threat Intelligence • Most Advanced Malware Analysis – High-resolution analysis engine (CPU emulation) – Supports multiple operating systems and file formats – Producers detectors (fingerprints) that also handle encrypted traffic • Flexible & Scalable Deployments – Three-Tiered Architecture on premise or hosted – Efficient sensors on premise (for enforcement and collection) – Hosted Solution offers analysis in the cloud – Pricing that is practical for your budget Company Confidential High-Resolution Analysis Correlation Automated Data Collection Netflow DNS Network Fingerprints Non-PE, PE, Web URLs, Android APK Global Threat Intelligence Reputation, … Lastline Enterprise Sensor Manager Engine Lastline Analyst Manager Engine
Lastline Demo Company Confidential 24
Company Confidential 25
Company Confidential 26
Company Confidential 27
Company Confidential 28
Company Confidential 29
For more information visit www.lastline.com or contact us at info@lastline.com Company Confidential

Recommended

Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Lastline, Inc.
 
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
Lastline, Inc.
 
Malware in the Wild: Evolving to Evade Detection
Malware in the Wild: Evolving to Evade DetectionMalware in the Wild: Evolving to Evade Detection
Malware in the Wild: Evolving to Evade Detection
Lastline, Inc.
 
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in FirmwareUsing Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
Lastline, Inc.
 
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Lastline, Inc.
 
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015 Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Lastline, Inc.
 
H@dfex 2015 malware analysis
H@dfex 2015 malware analysisH@dfex 2015 malware analysis
H@dfex 2015 malware analysis
Charles Lim
 
Introduction to Malware - Part 1
Introduction to Malware - Part 1 Introduction to Malware - Part 1
Introduction to Malware - Part 1
Lastline, Inc.
 

Recommended

Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Lastline, Inc.
 
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
Lastline, Inc.
 
Malware in the Wild: Evolving to Evade Detection
Malware in the Wild: Evolving to Evade DetectionMalware in the Wild: Evolving to Evade Detection
Malware in the Wild: Evolving to Evade Detection
Lastline, Inc.
 
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in FirmwareUsing Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
Lastline, Inc.
 
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Lastline, Inc.
 
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015 Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Lastline, Inc.
 
H@dfex 2015 malware analysis
H@dfex 2015 malware analysisH@dfex 2015 malware analysis
H@dfex 2015 malware analysis
Charles Lim
 
Introduction to Malware - Part 1
Introduction to Malware - Part 1 Introduction to Malware - Part 1
Introduction to Malware - Part 1
Lastline, Inc.
 
Lastline Case Study
Lastline Case StudyLastline Case Study
Lastline Case Study
Lastline, Inc.
 
Detecting Evasive Malware in Sandbox
Detecting Evasive Malware in SandboxDetecting Evasive Malware in Sandbox
Detecting Evasive Malware in Sandbox
Rahul Mohandas
 
My Keynote from BSidesTampa 2015 (video in description)
My Keynote from BSidesTampa 2015 (video in description)My Keynote from BSidesTampa 2015 (video in description)
My Keynote from BSidesTampa 2015 (video in description)
Andrew Case
 
Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554
TISA
 
Creating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & Visualization
Raffael Marty
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent Threats
ESET
 
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
RootedCON
 
2014: Mid-Year Threat Review
2014: Mid-Year Threat Review2014: Mid-Year Threat Review
2014: Mid-Year Threat Review
ESET
 
Penetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability ScanningPenetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability Scanning
SecurityMetrics
 
Detection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day ThreatsDetection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day Threats
Invincea, Inc.
 
Setup Your Personal Malware Lab
Setup Your Personal Malware LabSetup Your Personal Malware Lab
Setup Your Personal Malware Lab
Digit Oktavianto
 
IoT Malware: Comprehensive Survey, Analysis Framework and Case Studies
IoT Malware: Comprehensive Survey, Analysis Framework and Case StudiesIoT Malware: Comprehensive Survey, Analysis Framework and Case Studies
IoT Malware: Comprehensive Survey, Analysis Framework and Case Studies
Priyanka Aash
 
Mengenal ZEUS Botnet Lebih Dekat
Mengenal ZEUS Botnet Lebih DekatMengenal ZEUS Botnet Lebih Dekat
Mengenal ZEUS Botnet Lebih Dekat
Charles Lim
 
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
CODE BLUE
 
Persistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsPersistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent Threats
Sameer Thadani
 
The Honeynet Project Introduction
The Honeynet Project IntroductionThe Honeynet Project Introduction
The Honeynet Project Introduction
Julia Yu-Chin Cheng
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016
Matthew Dunwoody
 
Hunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark ArtsHunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark Arts
Spyglass Security
 
Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivism
Global Micro Solutions
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)
mmubashirkhan
 
AMP_Security_ Malware Protection Presentatiion
AMP_Security_ Malware Protection PresentatiionAMP_Security_ Malware Protection Presentatiion
AMP_Security_ Malware Protection Presentatiion
SohanGole1
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security Presentation
Simplex
 

More Related Content

What's hot

Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554
TISA
 
Creating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & Visualization
Raffael Marty
 
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
RootedCON
 
Penetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability ScanningPenetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability Scanning
SecurityMetrics
 
Detection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day ThreatsDetection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day Threats
Invincea, Inc.
 
IoT Malware: Comprehensive Survey, Analysis Framework and Case Studies
IoT Malware: Comprehensive Survey, Analysis Framework and Case StudiesIoT Malware: Comprehensive Survey, Analysis Framework and Case Studies
IoT Malware: Comprehensive Survey, Analysis Framework and Case Studies
Priyanka Aash
 
Mengenal ZEUS Botnet Lebih Dekat
Mengenal ZEUS Botnet Lebih DekatMengenal ZEUS Botnet Lebih Dekat
Mengenal ZEUS Botnet Lebih Dekat
Charles Lim
 
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
CODE BLUE
 
Hunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark ArtsHunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark Arts
Spyglass Security
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)
mmubashirkhan
 

What's hot (20)

Lastline Case Study
Lastline Case StudyLastline Case Study
Lastline Case Study
 
Detecting Evasive Malware in Sandbox
Detecting Evasive Malware in SandboxDetecting Evasive Malware in Sandbox
Detecting Evasive Malware in Sandbox
 
My Keynote from BSidesTampa 2015 (video in description)
My Keynote from BSidesTampa 2015 (video in description)My Keynote from BSidesTampa 2015 (video in description)
My Keynote from BSidesTampa 2015 (video in description)
 
Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554
 
Creating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & Visualization
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent Threats
 
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
 
2014: Mid-Year Threat Review
2014: Mid-Year Threat Review2014: Mid-Year Threat Review
2014: Mid-Year Threat Review
 
Penetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability ScanningPenetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability Scanning
 
Detection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day ThreatsDetection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day Threats
 
Setup Your Personal Malware Lab
Setup Your Personal Malware LabSetup Your Personal Malware Lab
Setup Your Personal Malware Lab
 
IoT Malware: Comprehensive Survey, Analysis Framework and Case Studies
IoT Malware: Comprehensive Survey, Analysis Framework and Case StudiesIoT Malware: Comprehensive Survey, Analysis Framework and Case Studies
IoT Malware: Comprehensive Survey, Analysis Framework and Case Studies
 
Mengenal ZEUS Botnet Lebih Dekat
Mengenal ZEUS Botnet Lebih DekatMengenal ZEUS Botnet Lebih Dekat
Mengenal ZEUS Botnet Lebih Dekat
 
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
 
Persistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsPersistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent Threats
 
The Honeynet Project Introduction
The Honeynet Project IntroductionThe Honeynet Project Introduction
The Honeynet Project Introduction
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016
 
Hunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark ArtsHunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark Arts
 
Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivism
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)
 

Similar to Next Generation Advanced Malware Detection and Defense

AMP_Security_ Malware Protection Presentatiion
AMP_Security_ Malware Protection PresentatiionAMP_Security_ Malware Protection Presentatiion
AMP_Security_ Malware Protection Presentatiion
SohanGole1
 
Tech Throwdown: Secure Containerization vs Whitelisting
Tech Throwdown: Secure Containerization vs WhitelistingTech Throwdown: Secure Containerization vs Whitelisting
Tech Throwdown: Secure Containerization vs Whitelisting
Invincea, Inc.
 
Panda Security2008
Panda Security2008Panda Security2008
Panda Security2008
tswong
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security Simple
Gregory Hanis
 

Similar to Next Generation Advanced Malware Detection and Defense (20)

AMP_Security_ Malware Protection Presentatiion
AMP_Security_ Malware Protection PresentatiionAMP_Security_ Malware Protection Presentatiion
AMP_Security_ Malware Protection Presentatiion
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security Presentation
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNOliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
 
Managing Cyber Security Risks
Managing Cyber Security RisksManaging Cyber Security Risks
Managing Cyber Security Risks
 
Tech Throwdown: Secure Containerization vs Whitelisting
Tech Throwdown: Secure Containerization vs WhitelistingTech Throwdown: Secure Containerization vs Whitelisting
Tech Throwdown: Secure Containerization vs Whitelisting
 
Kaspersky Lab Transparency Principles
Kaspersky Lab Transparency PrinciplesKaspersky Lab Transparency Principles
Kaspersky Lab Transparency Principles
 
NetWitness
NetWitnessNetWitness
NetWitness
 
Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.
 
Panda Security2008
Panda Security2008Panda Security2008
Panda Security2008
 
Custom defense - Blake final
Custom defense - Blake finalCustom defense - Blake final
Custom defense - Blake final
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security Simple
 
It's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint SecurityIt's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint Security
 
How Malware Works - Understanding Software Vulnerabilities
How Malware Works - Understanding Software VulnerabilitiesHow Malware Works - Understanding Software Vulnerabilities
How Malware Works - Understanding Software Vulnerabilities
 
AlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault MSSP Overview - A Different Approach to Security for MSSP'sAlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault MSSP Overview - A Different Approach to Security for MSSP's
 
Top 13 hacking software for beginners.pdf
Top 13 hacking software for beginners.pdfTop 13 hacking software for beginners.pdf
Top 13 hacking software for beginners.pdf
 
SplunkLive Auckland 2015 - Splunk for Security
SplunkLive Auckland 2015 - Splunk for SecuritySplunkLive Auckland 2015 - Splunk for Security
SplunkLive Auckland 2015 - Splunk for Security
 
SplunkLive Wellington 2015 - Splunk for Security
SplunkLive Wellington 2015 - Splunk for SecuritySplunkLive Wellington 2015 - Splunk for Security
SplunkLive Wellington 2015 - Splunk for Security
 
Splunk for Security
Splunk for SecuritySplunk for Security
Splunk for Security
 
Cisco amp everywhere
Cisco amp everywhereCisco amp everywhere
Cisco amp everywhere
 
Cisco amp for networks
Cisco amp for networksCisco amp for networks
Cisco amp for networks
 

Recently uploaded

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 

Recently uploaded (20)

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 

Next Generation Advanced Malware Detection and Defense

  • 1. Next Generation Advanced Malware Detection and Defense Luca Simonelli VP & GM EMEA lsimonelli@lastline.com Company Confidential
  • 2. Cyberattack (R)Evolution $$ Damage Targeted Attacks and Cyberwarfare Billions Millions Cybercrime Hundreds of Thousands Thousands !!! Cybervandalism $$$ #@! Hundreds Time Company Confidential
  • 3. Current Defenses Have Failed January 10, 2014 Targeted attacks are mainstream news. Every week, new breaches are reported. Here are just a few examples. Company Confidential 3
  • 4. Malware is a Problem of Scale … Company Confidential
  • 5. Why Should You Care? • If you have assets of value it is not a question of whether you are being targeted, but where those blind spots exist in your environment • A compromise results in a backdoor into your network, providing cybercriminals with interactive access • With Lastline’s solutions you can obtain visibility and identify active advanced malware targeting not only your systems, but your key intellectual property and business assets Company Confidential
  • 6. Targeted Attacks Evasive and Advanced Threats Security Gap Current solutions fail to protect organizations from sophisticated, targeted attacks. Evasive Threats Persistent Threats APT Solutions Opportunistic Attacks Fluxing Polymorphic C&C Packing Plain Virus Simple Threats Antivirus Solutions Sophisticated Threats Company Confidential
  • 7. Lastline, Inc. Most advanced solution to detect, analyze, and mitigate APTs, targeted attacks, and 0-day threats Company Buzz Company Overview  Founded in 2011, by top security professors and advanced malware researchers to deliver the most proven and advanced protection against evasive malware, zero day and advanced persistent threats.  Founders published 100+ papers, recognized among top 30 Security Researchers in the world  Developers of Anubis / Wepawet, #1 portal for advanced malware analysis and research, used by Fortune 500, government agencies and security vendors  Experienced management team from Fortinet, ISS and Trend Micro “Top 10 coolest security startup of 2013” Read More Company Confidential “Lastline Named a finalist for five Info Security Products Guide Global Excellence Awards”
  • 8. Lastline, Inc. “Top 10 coolest security startup of 2013” Anubis & Wepawet Research Backroung  Based on 10+ years research on APT  Founders published 100+ papers, recognized among top 30 Security Researchers in the world  Most popular free tools for advanced malware analysis, accessible through web portals  Used by tens of thousands of users (including Fortune 500 companies, government and financial institutions, and security vendors)  Anubis: Advanced malware analysishttp://anubis.cs.ucsb.edu  Wepawet: Drive-by exploit detector http://wepawet.cs.ucsb.edu Company Confidential http://tinyurl.com/ms-top-authors
  • 9. Anubis & Wepawet Users Company Confidential
  • 10. Highly Scalable Lastline Products Lastline Enterprise™ Detect Advanced Malware in Your Network • • • • • • • Lastline Analyst™ Upload Files for Analysis Ideal for net and sec ops Deploy on network passively Multi-Protocol support (email, web, etc.) Available on-premise or Hosted by Lastline Software runs on hardware and VMWare Complements NIPS and NGFW products On-premise 30-day trial available • • • • • • • Ideal for forensic, audit, ICR ops Cloud service hosted by Lastline Analyzes objects for advanced malware Inspects URLs for advanced malware No hardware required by customer Available as on-premise solution Free Lastline Analyst accounts Company Confidential 10
  • 11. Highly Scalable Lastline Solution Lastline Enterprise™ Lastline Components Sensor Engine Manager Threat Intelligence Description On-Premise ✓ monitors network On-Premise Hosted* 4.7 on VMWare detonates objects Hosted* Lastline Analyst™ n/a n/a n/a ✓ Private Cloud ✓ ✓ Private Cloud ✓ correlates & offers APIs ✓ Private Cloud ✓ ✓ Private Cloud ✓ crawls the internet to find APTs Internet-scale, active discovery of APT threats. Models generated through machine-learning and large-scale clustering algorithms. Intelligence is pushed to components. * Hosted by Lastline Company Confidential 11
  • 12. Lastline Platform Capabilities Lastline Enterprise™ Network and Object Analysis Network Analysis Sensor Engine Manager – Detection and blocking • • • Command & Control traffic Infection vectors, such as drive-by-download attacks Inbound malicious emails – Automated collection of potentially-malicious files for analysis – Analysis of pDNS and netflow data to identify anomalies – Scalable, distributed architecture Netflow Passive DNS Correlation Lastline Analyst™ Object Analysis Object Analysis Executable files Network Fingerprints Web URLs Non-executable files Android APK Anomaly-Based Command & Control Detection Global Threat Intelligence Engine Manager – Dynamic analysis in next generation sandbox • • Executes binaries, accesses web pages, opens documents Monitors and classifies observed behaviors – CPU emulation • • Company Confidential Provides visibility into every instruction that malware executes, not just the operating system calls Provides vastly increased ability to detect malicious and evasive behavior
  • 13. Lastline Enterprise – In action Lastline proactively crawls the Internet for threats and updates the Sensor’s knowledge base Feedback for global threat intelligence Analyzes unknown Engine objects (programs and docs) with high-resolution analysis Manager Correlates alerts and produces actionable intelligence Drive-by attack Spearphishing Command and control Sensor Scans traffic for signs and anomalies that reveal C&C connections and infections Company Confidential
  • 14. Lastline Enterprise On-Premise Lastline proactively crawls the Internet for threats and updates the Sensor’s knowledge base Analyzes unknown Engine objects (programs and docs) with high-resolution analysis Manager Correlates alerts and produces actionable intelligence Drive-by attack Spearphishing Command and control Sensor Scans traffic for signs and anomalies that reveal C&C connections and infections Company Confidential
  • 15. Lastline Enterprise Hosted Lastline’s Datacenter Lastline proactively crawls the Internet for threats and updates the Sensor’s knowledge base Analyzes unknown objects Engine (programs and docs) with high-res analysis Manager Correlates alerts and produces actionable intelligence Drive-by attack Spearphishing Command and control Sensor Scans traffic for signs and anomalies that reveal C&C connections and infections Company Confidential
  • 16. Lastline Analyst User accesses object information via HTTPS Upload Objects and URLs for Analysis Lastline proactively crawls the Internet for threats and updates knowledge base Manager Produces actionable intelligence Analyzes unknown objects Engine (programs and docs) with high-resolution analysis Company Confidential
  • 17. High-Resolution Security Analysis Visibility without CPU emulation (traditional sandboxing technology) Visibility with CPU emulation (Lastline technology) Important behaviors and evasion happens here Company Confidential
  • 18. Flexible & Cost Effective Deployment • • • • • Annual subscription, per-user pricing Non-proprietary, low-cost hardware Cost-effective, full network coverage Your choice of on-premise or hosted deployment Future-proofing via a platform approach which provides API access for integration • Scale engines in private cloud on-premise • Deploy anywhere in the network Company Confidential 18
  • 19. Actionable Intelligence • Lastline Enterprise identifies with confidence the backdoors in your network • Detailed analysis supports the remediation process defined within the Enterprise • Correlated APT information rolls up to network incidents and provides drill down to individual malware events • APT threat severity level is available to identify high priority infections Company Confidential 19
  • 20. Actionable Intelligence Traffic Infection Trend Analyzed Files Malware Distribution Company Confidential
  • 22. Posed to stand out from the crowd “Best New Security Start-Up Company of the Year (Software)” Gold Winner “Most Innovative Security Product (Software) of the Year” Bronze Winner “Innovation in Next Generation Security” Bronze Winner “Best Overall Security Company of the Year” Bronze Winner “Most Innovative Security Service of the Year” Silver Winner Company Confidential
  • 23. Lastline Better By Design Lastline Core • Complete Protection – Analysis of inbound software artifacts – Analysis of outbound traffic using network models – Anomaly detection of suspicious behavior – Actionable Threat Intelligence • Most Advanced Malware Analysis – High-resolution analysis engine (CPU emulation) – Supports multiple operating systems and file formats – Producers detectors (fingerprints) that also handle encrypted traffic • Flexible & Scalable Deployments – Three-Tiered Architecture on premise or hosted – Efficient sensors on premise (for enforcement and collection) – Hosted Solution offers analysis in the cloud – Pricing that is practical for your budget Company Confidential High-Resolution Analysis Correlation Automated Data Collection Netflow DNS Network Fingerprints Non-PE, PE, Web URLs, Android APK Global Threat Intelligence Reputation, … Lastline Enterprise Sensor Manager Engine Lastline Analyst Manager Engine
  • 30. For more information visit www.lastline.com or contact us at info@lastline.com Company Confidential