3. • Total employee strength – about 100 worldwide.
• Revenues exceeding $10 million on an annual basis.
• Very strong growth – Operations across 6 countries.
• Cash positive, profitable, every year since inception.
• Working with the largest Fortune 100 firms and governments
worldwide
• We are self funded and stable. Not reliant on external funding.
TekMonks – A bit about us
3
4. • In 2016, 89% of breaches had a financial or espionage motive.
• 85% of hacks are external actors, and 15% are internal
• Majority of attacks use phishing and known vulnerabilities in
the security appliances to steal the initial passwords.
• 82% of all Cyberattacks started with stealing passwords.
• $280 Billion - Total loss to businesses from Cyber-attacks in 2016*2
• $2.1 Trillion - Estimated Cyber Losses in 2019*2
• $74.54 Billion – Google’s 2015 Revenue
Hacking industry is a business that is 3.75 times bigger than Google! Hackers today are a well funded
multi-Billion dollar illegal corporations with significant computing and research power, all dedicated to
hacking you for profits. from 2016 Data Breach Investigations Report
Cybersecurity – Some startling facts…*
4*2 Forbes: http://www.forbes.com/sites/stevemorgan/2016/01/17/cyber-crime-costs-projected-to-reach-2-trillion-by-2019/#2e21dd3f3bb0
5. • It takes days for an attacker to “exfiltrate” data – i.e. steal valuable data post attack. It is not the
initial breach per-se which causes damage, it is this step of stealing valuable company data –
where the attacker is then compromising internal systems and stealing data from them. This step
takes days to succeed. It is not instantaneous, but it doesn’t take 3 or 6 months either.
Cybersecurity – time is not on our side…
5
7. 7
A short analysis of the hacker
landscape
Just why are things getting worse?
Why do hackers succeed more easily lately?
Or – what’s the cause, and thus, the solution
to stop these hacks.
8. • The continued, high frequency of successful cyberattacks against today’s enterprises has
made it abundantly clear that traditional, perimeter-centric security strategies e.g.
Firewalls, VPNs, while necessary, are no longer sufficient.
• When a hacker is inside the corporate network it is much easier
to hide and hack the internal core business applications and
assets.
• Internal applications, which run core business today, were designed 10 years ago, or 5
years ago, even 3 years ago – we are in a different world today.
• Rewriting core business applications is not a solution – plus it is a cat and mouse game,
by the time they are rewritten, security threats and standards would have evolved.
Network layer security: Necessary but not sufficient
8
9. • Crackers today are really efficient at breaking passwords.
• Deep Blue Supercomputer - around 1999 - beat Garry Kasparov - 11.38 GFLOPS.
• Samsung Galaxy S7 with SnapDragon 820 packs 498.5 GFLOPS. The Samsung
Smartphone is approximately 44 times faster than the Deep Blue.
• GPU Radeon R9 Fury X2 = 17,204 GLOPS. 1,511 times faster than Deep Blue.
• Hackers routinely build rigs with up to 25 of these GPUs, which is 430 TeraFLOPS.
https://goo.gl/1nVst6. This is same power as Blue Gene Supercomputer at
Livermore Nuclear Laboratory used to simulate nuclear reactions.
• If one thinks passwords are secure because decrypting them will take a lot of
computing power – one is not living in the reality of 2016.
9
Just how easy are passwords to hack?
11. • Biometric and Thumb? Every thing you touch will now contain your password.
This is one of the easiest "security measures" to break. There are at least 7
different currently known ways to defeat this. For example, simple inkjets can be
used to defeat fingerprint based authentication.
• Iris Scanning? Megapixel cameras can steal your Iris patterns.
• Facial Identification? Face masks take care of defeating this security measure.
• Token / RSA? No longer secure. Quantum computers can hack it very easily. US
Government has already abandoned it. MIT has already developed a Quantum
Computer capable of easily hacking RSA.
What about other technologies? Biometrics?
11
13. • How do we secure existing applications, which were written in a different security
landscape, use insecure logins and algorithms SHA1, SHA5 or even MD5? We thought we
could hide them behind a firewall but clearly that doesn’t work when the hacker is inside!
• We don’t want to modify our critical business applications and add risk – can we secure
existing applications as is?
Core Issues
13
14. • What do we do today to deal with this? Policy to change passwords every 3 months.
• But … it takes a hacker days – not months to crack passwords and steal internal data.
3 months is too long!
• Why not change them every day? Or every hour? With really complex computer
generated passwords which are very hard to crack.
• A Cybersecurity solution is required to fight such password attacks pro-actively. This
solution should be zero trust, and work at the application layer, and it should secures
existing applications, without requiring modifications.
This is what LoginCat does.
14
Zero Trust and Application Layer Level Cybersecurity
16. How can people do their work, if passwords change every hour?
LoginCat comes with a built in SSO solution which works across all major Cloud
and in-house applications. Users no longer need to be aware of their constantly
changing passwords, since LoginCat will log them into the end systems.
And … we win even when we lose
When an application is hacked, LoginCat will either lock out the attackers
automatically by changing the credentials – or detect the hack (if the hacker
has locked the account) – either way preventing damages.
Secure by design
16
17. • LoginCat scripting based authentication adapters will work with all your existing
applications – Web based, terminal or cloud.
• For the first time have a unified security policy across internal applications and the
cloud.
• No changes needed to existing applications. Do they use MD5? SHA1? We still secure
them without having to recode them.
• We manage the passwords, change them on a frequent basis, making your existing
application un-hackable, and quickly detect any hack attempts.
• Appliance or Cloud Based – bring us on premise with an appliance, or run LoginCat via
from our hosted cloud.
17
Easily integrate to your existing applications – Cloud or
Appliance
19. • First we eliminates passwords.
• Pass phrase based authentication – Mathematically proven to be extremely hard to hack,
even with today’s computing power.
• Human brains can’t remember good passwords e.g. $@)Nq;F*(.JRwd#$ , but even babies
learn to put together two or three words quickly and make short sentences
• Second we eliminates User IDs as well.
We provide no hack targets, zero exposure, zero trust.
Securing LoginCat
19
20. As the processing speed has increased,
passwords are notoriously easy to hack. 8
character passwords take 15 hours to
crack.
Secure by design – End of Passwords
20
LoginCat exclusively uses pass phrases instead of passwords.
Pass phrases are next to impossible to crack, even with the
fastest computers today and tomorrow!
21. • Edge of network security features.
• Deep security algorithms – beyond IP
firewalls LoginCat will analyze incoming login
attempts and ban hackers using habit and
heuristic analysis.
• Some examples
• Pattern analysis of incoming request headers to ban distributed attacks, for example same
request headers from multiple IPs, will trigger off the DDoS attack prevention monitor.
• Login from unknown locations, or locations that don’t match mobile devices.,
• Login at times which don’t match habits, etc.
Secure by design – Algorithm based hack detection
21
22. • User ID provisioning and instant locking from all internal applications, if
needed.
• Constantly updated – TekMonks will provide firmware updates to include
latest security and AI algorithms to protect against emerging threats.
• Both mobile (iOS and Android) and web based.
• Readily auditable – provides entire audit history of who logged in, when did
someone access an internal application, how long they were active, their IP,
mobile or web based access and even their location!
22
Other Benefits