SlideShare ist ein Scribd-Unternehmen logo

How to Replace Your Legacy Antivirus Solution with CrowdStrike

Adam Barrera
Adam Barrera

The Time Has Come To Replace Your Antivirus Solution After decades of frustration and failure, the security industry is ready to replace legacy antivirus systems with more effective solutions. As breaches continue to make headlines, we are left to wonder if anything can really stop modern threats. The answer is yes, but it requires us to approach the problem in a new way. Instead of continually adding functionality and complexity to legacy security architectures, we need a complete reset. This is exactly what CrowdStrike offers with its cloud-delivered endpoint protection platform. The key to this new approach is going beyond malware to understanding and address cyber threats at every stage of the kill chain. CrowdStrike does this by combining next-gen antivirus, endpoint detection and response (EDR), and a managed threat hunting service – all cloud-delivered with a single lightweight agent. In this CrowdCast, Dan Larson, Sr. Director of Technical Marketing, will discuss: - The typical challenges with legacy antivirus implementations and how we solve them - How CrowdStrike offers a greater level of protection, especially against modern threats - How cloud-delivered endpoint protection reduces operational burden - How to migrate from legacy antivirus to CrowdStrike Falcon Link to on-demand webcast: https://www.crowdstrike.com/resources/crowdcasts/time-come-replace-antivirus-solution/

Technologie
1 von 27
Downloaden Sie, um offline zu lesen
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. THE TIME HAS COME TO REPLACE YOUR LEGACY AV DAN LARSON, TECHNICAL DIRECTOR
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. CrowdStrike Intro Legacy Anti-Virus Efficacy How CrowdStrike Stops Malware How CrowdStrike Goes Beyond Malware How to Switch to CrowdStrike for AV AV Testing and Industry Collaboration
A QUICK INTRODUCTION TO CROWDSTRIKE 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
Cloud Delivered Endpoint Protection MANAGED HUNTING ENDPOINT DETECTION AND RESPONSE NEXT-GEN ANTIVIRUS CrowdStrike is the only security technology provider to unify next-gen AV and EDR into a single agent, backed by 24/7 proactive threat hunting – all delivered in via the cloud 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
MY ANTI-VIRUS JUST DOESN’T WORK 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. This is the #1 concern raised by customers inquiring with analyst firms Gartner and Forrester about endpoint security. … They simply are not effective in stopping modern threats.
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. INEFFECTIVE AGAINST MODERN THREATS 45% § “Anti-Virus catches about 45 percent of attacks these days” - Brian Dye, former VP at Symantec (now at McAfee) Source: https://goo.gl/hNUCdm
“COMPLEXITY IS THE ENEMY OF SECURITY” Bruce Schneier, 2001 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. TRYING TO GET AHEAD OF THE ATTACKER 80s to 90s Signatures 00s Heuristics 2007 Reputation 2009 App Control 2012 Sandboxing & Isolation 2013 Machine Learning Now Managed Hunting 2011 IOC Sharing 2014 Behavioral Analytics Enterprise Endpoint Security Timeline
LEGACY VENDOR ARCHITECTURE Email Encryption HTTP/WEB GATEWAY Web Security SMTP/EMAIL GATEWAY Mail Security SHAREPOINT Sharepoint Security SERVERS App Control MAIL SERVERS Mail Scanner VDI VDI Plugin FIREWALL/ROUTER UTM GATEWAY ENDPOINT PROTECTION HOST SECURITY SERVICES • Web Security as a Service • Hosted Email Security • Reputation Cloud • Sandbox Service CENTRALIZED MANAGEMENT • Vulnerability Protection • Host Intrusion Prevention • AntiVirus • Endpoint Encryption • Application Control • Web Protection SANDBOX APPLIANCE “NEXT GEN” • Endpoint Activity Visibility Even with all of this, there were 3,141 breaches in 2015. Source: 2016 Verizon Data Breach Investigation Report
CROWDSTRIKE FALCON ARCHITECTURE CLOUD DELIVERED ENDPOINT PROTECTION
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. ANTI-MALWAWRE PREVENTION STACK CROWDSTRIKE FALCON § MACHINE LEARNING § IOA PREVENTION § EXPLOIT BLOCKING § CUSTOM HASH BLOCKING § CONTINUOUS MONITORING § KNOWN MALWARE § UNKNOWN MALWARE § BEYOND MALWARE § MACHINE LEARNING § THREAT INTELLIGENCE § MANAGED HUNTING § THREAT GRAPH PREVENT: ENDPOINT PROTECTION CLOUD PROTECTION
Machine Learning • Increases effectiveness against new, polymorphic or obfuscated malware • Works without daily updates • Works offline • Data models can be smaller than signature files (if done properly) • Performance impact less than on-demand or on-access scanning techniques • Complements • Behavioral analytics, or IOAs • Exploit mitigation
MORE THAN JUST AV REPLACEMENT 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. THE REMAINING CHALLENGES Complexity … Ever expanding infrastructure requirements and agent footprint Always Out of Date … By the time your update is deployed, it is time to start another Blind Spots … Silent failure leads to long dwell times and false sense of security
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. COMPLEXITY Eliminate operational burden with CrowdStrike § No more daily signature updates § Smaller footprint 15MB on disk 10MB in memory § No reboots § No on premise hardware § SaaS scalability
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. ALWAYS OUT OF DATE Outpace the attacker with CrowdStrike § No need to develop AV signatures § Machine learning and IOAs are more persistent protection mechanisms § CrowdStrike only requires 15MB on disk § 70MB-150MB typical for AV signatures § Some ML models balloon to 300MB § Single-sensor design eliminates dependency issues § SaaS delivery ensures real-time updates when necessary
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. EXAMPLE 3 Month Old Machine Learning Model Immediately Blocks Shamoon 2 § ML model delivered to VirusTotal on Aug 25th § Blocked Shamoon 2 on its first appearance in VT on Nov 22nd § CrowdStrike was one of only five vendors to identify it correctly Source: https://goo.gl/nK0VmO
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. BLIND SPOTS Eliminate dwell time with CrowdStrike § AV can only see what it stops § No prevention solution can be 100% effective, not even next-gen solutions § Average dwell time still near 200 days § Go beyond malware to detect and block modern attacker techniques § CrowdStrike’s EDR offers automatic detections, eliminating the need for manual search § CrowdStrike’s Overwatch delivers proactive threat hunting in your environment, 24x7x365
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. NO MORE BLIND SPOTS 100% Exploit Detection in AV-Comparatives Test 90 63 100 57 86 90 63 70 28 82 0 20 40 60 80 100 Symantec* Cylance* CrowdStrike SentinelOne Palo Alto Blocked Detected Source: AV-Comparatives and AV-Comparatives § CrowdStrike is only product with 100% detection efficacy § All other solutions suffered from silent failure § In reality, this leads to long dwell times
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. NO MORE BLIND SPOTS 100% Exploit Detection in AV-Comparatives Test 90 63 100 57 86 90 63 70 28 82 0 20 40 60 80 100 Symantec* Cylance* CrowdStrike SentinelOne Palo Alto Blocked Detected Source: AV-Comparatives and AV-Comparatives § CrowdStrike is only product with 100% detection efficacy § All other solutions suffered from silent failure § In reality, this leads to long dwell times
2015 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. Privilege Escalation from Command Line EXAMPLE
2015 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. Privilege Escalation from Command Line EXAMPLE
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. Privilege Escalation from Command Line EXAMPLE • AV signatures, IOCs and Application Control are ineffective against this kind of threat • Even machine learning can’t stop this because it is a trusted executable • Would you know how to search for this? • Even if you knew how, do you have the bandwidth to search? • CrowdStrike IOAs operate in real time and automate the detection process so that you don’t have to search
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. THINGS TO LOOK OUT FOR If you’re not 100% effective at prevention, then you need strong detection Even some next-gen players have bloated endpoint agents Unverified efficacy claims “Bake in” periods are like HIPS all over again Telemetry without intelligence is worthless Over-emphasis on malware and/or forgetting the rest of the kill chain
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. CAN YOU TRUST US TO REPLACE YOUR AV? 98.2% Malware Block Rate 100% Exploit Detection 0 False Positives Vendor Member Committed to Standards Contribute Leadership First Pure ML Engine Open to Public Scrutiny Contribute to Community SourceSource Source Also certified for PCI, HIPAA, NIST, FFIEC and more…
Largest global companies by revenue Largest global banks by revenue Top Credit card payment processors Top oil and gas companies 3 OF THE 102OF THE 45OF THE 103OF THE 10 CrowdStrike Falcon Deployed in 170 Countries BACKED BY ELITE INVESTORS:
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. START NOW info@crowdstrike.com 1.888.512.8906 (US) +44(0)118.453.0400 (UK) (+61) 1300.792.402 (Australia & New Zealand) / APAC

Empfohlen

State of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers MindsetState of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers MindsetCrowdStrike
 
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...CrowdStrike
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeCrowdStrike
 
Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCrowdStrike
 
Evolving Cybersecurity Threats
Evolving Cybersecurity Threats Evolving Cybersecurity Threats
Evolving Cybersecurity Threats Nevada County Tech Connection
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionCrowdStrike
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...MITRE - ATT&CKcon
 

Empfohlen

State of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers MindsetState of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers MindsetCrowdStrike
 
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...CrowdStrike
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeCrowdStrike
 
Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCrowdStrike
 
Evolving Cybersecurity Threats
Evolving Cybersecurity Threats Evolving Cybersecurity Threats
Evolving Cybersecurity Threats Nevada County Tech Connection
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionCrowdStrike
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...MITRE - ATT&CKcon
 
Cybersecurity Fundamental Course by Haris Chughtai.pdf
Cybersecurity Fundamental Course by Haris Chughtai.pdfCybersecurity Fundamental Course by Haris Chughtai.pdf
Cybersecurity Fundamental Course by Haris Chughtai.pdfHaris Chughtai
 
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop ThemUnderstanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop ThemCrowdStrike
 
ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceMITRE - ATT&CKcon
 
Knowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CKKnowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CKMITRE ATT&CK
 
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together Sqrrl
 
Crowdstrike .pptx
Crowdstrike .pptxCrowdstrike .pptx
Crowdstrike .pptxuthayakumar174828
 
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE - ATT&CKcon
 
Security and management
Security and managementSecurity and management
Security and managementArtiSolanki5
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadarVirginia Fernandez
 
Vulnerability Management Whitepaper PowerPoint Presentation Slides
Vulnerability Management Whitepaper PowerPoint Presentation SlidesVulnerability Management Whitepaper PowerPoint Presentation Slides
Vulnerability Management Whitepaper PowerPoint Presentation SlidesSlideTeam
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CKArpan Raval
 
Cyber Threat Simulation Training
Cyber Threat Simulation TrainingCyber Threat Simulation Training
Cyber Threat Simulation TrainingBryan Len
 
Threat Modelling - It's not just for developers
Threat Modelling - It's not just for developersThreat Modelling - It's not just for developers
Threat Modelling - It's not just for developersMITRE ATT&CK
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
 
Forcepoint Dynamic Data Protection
Forcepoint Dynamic Data ProtectionForcepoint Dynamic Data Protection
Forcepoint Dynamic Data ProtectionMarketingArrowECS_CZ
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protectionxband
 
AlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault MSSP Overview - A Different Approach to Security for MSSP'sAlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault MSSP Overview - A Different Approach to Security for MSSP'sAlienVault
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Frameworkn|u - The Open Security Community
 
The ATT&CK Latin American APT Playbook
The ATT&CK Latin American APT PlaybookThe ATT&CK Latin American APT Playbook
The ATT&CK Latin American APT PlaybookMITRE ATT&CK
 
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMDEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMCrowdStrike
 
Straight Talk on Machine Learning -- What the Marketing Department Doesn’t Wa...
Straight Talk on Machine Learning -- What the Marketing Department Doesn’t Wa...Straight Talk on Machine Learning -- What the Marketing Department Doesn’t Wa...
Straight Talk on Machine Learning -- What the Marketing Department Doesn’t Wa...Sven Krasser
 

Weitere ähnliche Inhalte

Was ist angesagt?

Cybersecurity Fundamental Course by Haris Chughtai.pdf
Cybersecurity Fundamental Course by Haris Chughtai.pdfCybersecurity Fundamental Course by Haris Chughtai.pdf
Cybersecurity Fundamental Course by Haris Chughtai.pdfHaris Chughtai
 
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop ThemUnderstanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop ThemCrowdStrike
 
ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceMITRE - ATT&CKcon
 
Knowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CKKnowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CKMITRE ATT&CK
 
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together Sqrrl
 
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE - ATT&CKcon
 
Security and management
Security and managementSecurity and management
Security and managementArtiSolanki5
 
Vulnerability Management Whitepaper PowerPoint Presentation Slides
Vulnerability Management Whitepaper PowerPoint Presentation SlidesVulnerability Management Whitepaper PowerPoint Presentation Slides
Vulnerability Management Whitepaper PowerPoint Presentation SlidesSlideTeam
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CKArpan Raval
 
Cyber Threat Simulation Training
Cyber Threat Simulation TrainingCyber Threat Simulation Training
Cyber Threat Simulation TrainingBryan Len
 
Threat Modelling - It's not just for developers
Threat Modelling - It's not just for developersThreat Modelling - It's not just for developers
Threat Modelling - It's not just for developersMITRE ATT&CK
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
 
Forcepoint Dynamic Data Protection
Forcepoint Dynamic Data ProtectionForcepoint Dynamic Data Protection
Forcepoint Dynamic Data ProtectionMarketingArrowECS_CZ
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protectionxband
 
AlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault MSSP Overview - A Different Approach to Security for MSSP'sAlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault MSSP Overview - A Different Approach to Security for MSSP'sAlienVault
 
The ATT&CK Latin American APT Playbook
The ATT&CK Latin American APT PlaybookThe ATT&CK Latin American APT Playbook
The ATT&CK Latin American APT PlaybookMITRE ATT&CK
 

Was ist angesagt? (20)

Cybersecurity Fundamental Course by Haris Chughtai.pdf
Cybersecurity Fundamental Course by Haris Chughtai.pdfCybersecurity Fundamental Course by Haris Chughtai.pdf
Cybersecurity Fundamental Course by Haris Chughtai.pdf
 
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop ThemUnderstanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
 
ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
 
Knowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CKKnowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CK
 
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
 
Crowdstrike .pptx
Crowdstrike .pptxCrowdstrike .pptx
Crowdstrike .pptx
 
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
 
Security and management
Security and managementSecurity and management
Security and management
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadar
 
Vulnerability Management Whitepaper PowerPoint Presentation Slides
Vulnerability Management Whitepaper PowerPoint Presentation SlidesVulnerability Management Whitepaper PowerPoint Presentation Slides
Vulnerability Management Whitepaper PowerPoint Presentation Slides
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
 
Cyber Threat Simulation Training
Cyber Threat Simulation TrainingCyber Threat Simulation Training
Cyber Threat Simulation Training
 
Threat Modelling - It's not just for developers
Threat Modelling - It's not just for developersThreat Modelling - It's not just for developers
Threat Modelling - It's not just for developers
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
 
Forcepoint Dynamic Data Protection
Forcepoint Dynamic Data ProtectionForcepoint Dynamic Data Protection
Forcepoint Dynamic Data Protection
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protection
 
AlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault MSSP Overview - A Different Approach to Security for MSSP'sAlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault MSSP Overview - A Different Approach to Security for MSSP's
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
 
The ATT&CK Latin American APT Playbook
The ATT&CK Latin American APT PlaybookThe ATT&CK Latin American APT Playbook
The ATT&CK Latin American APT Playbook
 

Ähnlich wie How to Replace Your Legacy Antivirus Solution with CrowdStrike

DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMDEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMCrowdStrike
 
Straight Talk on Machine Learning -- What the Marketing Department Doesn’t Wa...
Straight Talk on Machine Learning -- What the Marketing Department Doesn’t Wa...Straight Talk on Machine Learning -- What the Marketing Department Doesn’t Wa...
Straight Talk on Machine Learning -- What the Marketing Department Doesn’t Wa...Sven Krasser
 
AppTrana SECaaS (Security as a Service)
AppTrana SECaaS (Security as a Service)AppTrana SECaaS (Security as a Service)
AppTrana SECaaS (Security as a Service)IndusfacePvtLtd
 
Security O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionSecurity O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionBitglass
 
Global ransomware attacks_2017_final msw_g2_sg
Global ransomware attacks_2017_final msw_g2_sgGlobal ransomware attacks_2017_final msw_g2_sg
Global ransomware attacks_2017_final msw_g2_sgChristopher R. Ward
 
Global Ransomware Client Alert
Global Ransomware Client AlertGlobal Ransomware Client Alert
Global Ransomware Client AlertRobyn Melnyk
 
Advanced Endpoint Protection
Advanced Endpoint ProtectionAdvanced Endpoint Protection
Advanced Endpoint ProtectionMustafa YÜKSEL
 
An Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware OutbreakAn Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware OutbreakCrowdStrike
 
Analytical Driven Security - Chip Copper
Analytical Driven Security - Chip CopperAnalytical Driven Security - Chip Copper
Analytical Driven Security - Chip Copperscoopnewsgroup
 
APT Monitoring and Compliance
APT Monitoring and ComplianceAPT Monitoring and Compliance
APT Monitoring and ComplianceMarcus Clarke
 
Web app penetration testing best methods tools used
Web app penetration testing best methods tools usedWeb app penetration testing best methods tools used
Web app penetration testing best methods tools usedZoe Gilbert
 
IMPAKT: Verdediging aangaan t.o.v. (on)bekende ransomware:
IMPAKT: Verdediging aangaan t.o.v. (on)bekende ransomware:IMPAKT: Verdediging aangaan t.o.v. (on)bekende ransomware:
IMPAKT: Verdediging aangaan t.o.v. (on)bekende ransomware:Nancy Nimmegeers
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Scalar Decisions
 
OSB340R: Disrupting an Advanced Attack
OSB340R: Disrupting an Advanced AttackOSB340R: Disrupting an Advanced Attack
OSB340R: Disrupting an Advanced AttackIvanti
 
OSB340: Disrupting an Advanced Attack
OSB340: Disrupting an Advanced AttackOSB340: Disrupting an Advanced Attack
OSB340: Disrupting an Advanced AttackIvanti
 
Why Two-Factor Isn't Enough
Why Two-Factor Isn't EnoughWhy Two-Factor Isn't Enough
Why Two-Factor Isn't EnoughSecureAuth
 
Cisco Security Architecture
Cisco Security ArchitectureCisco Security Architecture
Cisco Security ArchitectureCisco Canada
 

Ähnlich wie How to Replace Your Legacy Antivirus Solution with CrowdStrike (20)

DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMDEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
 
Straight Talk on Machine Learning -- What the Marketing Department Doesn’t Wa...
Straight Talk on Machine Learning -- What the Marketing Department Doesn’t Wa...Straight Talk on Machine Learning -- What the Marketing Department Doesn’t Wa...
Straight Talk on Machine Learning -- What the Marketing Department Doesn’t Wa...
 
AppTrana SECaaS (Security as a Service)
AppTrana SECaaS (Security as a Service)AppTrana SECaaS (Security as a Service)
AppTrana SECaaS (Security as a Service)
 
Security O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionSecurity O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat Protection
 
Global ransomware attacks_2017_final msw_g2_sg
Global ransomware attacks_2017_final msw_g2_sgGlobal ransomware attacks_2017_final msw_g2_sg
Global ransomware attacks_2017_final msw_g2_sg
 
Global Ransomware Client Alert
Global Ransomware Client AlertGlobal Ransomware Client Alert
Global Ransomware Client Alert
 
Advanced Endpoint Protection
Advanced Endpoint ProtectionAdvanced Endpoint Protection
Advanced Endpoint Protection
 
An Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware OutbreakAn Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware Outbreak
 
Continuous security
Continuous securityContinuous security
Continuous security
 
Analytical Driven Security - Chip Copper
Analytical Driven Security - Chip CopperAnalytical Driven Security - Chip Copper
Analytical Driven Security - Chip Copper
 
APT Monitoring and Compliance
APT Monitoring and ComplianceAPT Monitoring and Compliance
APT Monitoring and Compliance
 
Is Antivirus (AV) Dead or Just Missing in Action
Is Antivirus (AV) Dead or Just Missing in Action Is Antivirus (AV) Dead or Just Missing in Action
Is Antivirus (AV) Dead or Just Missing in Action
 
Web app penetration testing best methods tools used
Web app penetration testing best methods tools usedWeb app penetration testing best methods tools used
Web app penetration testing best methods tools used
 
IMPAKT: Verdediging aangaan t.o.v. (on)bekende ransomware:
IMPAKT: Verdediging aangaan t.o.v. (on)bekende ransomware:IMPAKT: Verdediging aangaan t.o.v. (on)bekende ransomware:
IMPAKT: Verdediging aangaan t.o.v. (on)bekende ransomware:
 
Shadow IT
Shadow ITShadow IT
Shadow IT
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
 
OSB340R: Disrupting an Advanced Attack
OSB340R: Disrupting an Advanced AttackOSB340R: Disrupting an Advanced Attack
OSB340R: Disrupting an Advanced Attack
 
OSB340: Disrupting an Advanced Attack
OSB340: Disrupting an Advanced AttackOSB340: Disrupting an Advanced Attack
OSB340: Disrupting an Advanced Attack
 
Why Two-Factor Isn't Enough
Why Two-Factor Isn't EnoughWhy Two-Factor Isn't Enough
Why Two-Factor Isn't Enough
 
Cisco Security Architecture
Cisco Security ArchitectureCisco Security Architecture
Cisco Security Architecture
 

Kürzlich hochgeladen

From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 

Kürzlich hochgeladen (20)

From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 

How to Replace Your Legacy Antivirus Solution with CrowdStrike

  • 1. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. THE TIME HAS COME TO REPLACE YOUR LEGACY AV DAN LARSON, TECHNICAL DIRECTOR
  • 2. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. CrowdStrike Intro Legacy Anti-Virus Efficacy How CrowdStrike Stops Malware How CrowdStrike Goes Beyond Malware How to Switch to CrowdStrike for AV AV Testing and Industry Collaboration
  • 3. A QUICK INTRODUCTION TO CROWDSTRIKE 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 4. Cloud Delivered Endpoint Protection MANAGED HUNTING ENDPOINT DETECTION AND RESPONSE NEXT-GEN ANTIVIRUS CrowdStrike is the only security technology provider to unify next-gen AV and EDR into a single agent, backed by 24/7 proactive threat hunting – all delivered in via the cloud 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 5. MY ANTI-VIRUS JUST DOESN’T WORK 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. This is the #1 concern raised by customers inquiring with analyst firms Gartner and Forrester about endpoint security. … They simply are not effective in stopping modern threats.
  • 6. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. INEFFECTIVE AGAINST MODERN THREATS 45% § “Anti-Virus catches about 45 percent of attacks these days” - Brian Dye, former VP at Symantec (now at McAfee) Source: https://goo.gl/hNUCdm
  • 7. “COMPLEXITY IS THE ENEMY OF SECURITY” Bruce Schneier, 2001 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 8. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. TRYING TO GET AHEAD OF THE ATTACKER 80s to 90s Signatures 00s Heuristics 2007 Reputation 2009 App Control 2012 Sandboxing & Isolation 2013 Machine Learning Now Managed Hunting 2011 IOC Sharing 2014 Behavioral Analytics Enterprise Endpoint Security Timeline
  • 9. LEGACY VENDOR ARCHITECTURE Email Encryption HTTP/WEB GATEWAY Web Security SMTP/EMAIL GATEWAY Mail Security SHAREPOINT Sharepoint Security SERVERS App Control MAIL SERVERS Mail Scanner VDI VDI Plugin FIREWALL/ROUTER UTM GATEWAY ENDPOINT PROTECTION HOST SECURITY SERVICES • Web Security as a Service • Hosted Email Security • Reputation Cloud • Sandbox Service CENTRALIZED MANAGEMENT • Vulnerability Protection • Host Intrusion Prevention • AntiVirus • Endpoint Encryption • Application Control • Web Protection SANDBOX APPLIANCE “NEXT GEN” • Endpoint Activity Visibility Even with all of this, there were 3,141 breaches in 2015. Source: 2016 Verizon Data Breach Investigation Report
  • 10. CROWDSTRIKE FALCON ARCHITECTURE CLOUD DELIVERED ENDPOINT PROTECTION
  • 11. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. ANTI-MALWAWRE PREVENTION STACK CROWDSTRIKE FALCON § MACHINE LEARNING § IOA PREVENTION § EXPLOIT BLOCKING § CUSTOM HASH BLOCKING § CONTINUOUS MONITORING § KNOWN MALWARE § UNKNOWN MALWARE § BEYOND MALWARE § MACHINE LEARNING § THREAT INTELLIGENCE § MANAGED HUNTING § THREAT GRAPH PREVENT: ENDPOINT PROTECTION CLOUD PROTECTION
  • 12. Machine Learning • Increases effectiveness against new, polymorphic or obfuscated malware • Works without daily updates • Works offline • Data models can be smaller than signature files (if done properly) • Performance impact less than on-demand or on-access scanning techniques • Complements • Behavioral analytics, or IOAs • Exploit mitigation
  • 13. MORE THAN JUST AV REPLACEMENT 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 14. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. THE REMAINING CHALLENGES Complexity … Ever expanding infrastructure requirements and agent footprint Always Out of Date … By the time your update is deployed, it is time to start another Blind Spots … Silent failure leads to long dwell times and false sense of security
  • 15. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. COMPLEXITY Eliminate operational burden with CrowdStrike § No more daily signature updates § Smaller footprint 15MB on disk 10MB in memory § No reboots § No on premise hardware § SaaS scalability
  • 16. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. ALWAYS OUT OF DATE Outpace the attacker with CrowdStrike § No need to develop AV signatures § Machine learning and IOAs are more persistent protection mechanisms § CrowdStrike only requires 15MB on disk § 70MB-150MB typical for AV signatures § Some ML models balloon to 300MB § Single-sensor design eliminates dependency issues § SaaS delivery ensures real-time updates when necessary
  • 17. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. EXAMPLE 3 Month Old Machine Learning Model Immediately Blocks Shamoon 2 § ML model delivered to VirusTotal on Aug 25th § Blocked Shamoon 2 on its first appearance in VT on Nov 22nd § CrowdStrike was one of only five vendors to identify it correctly Source: https://goo.gl/nK0VmO
  • 18. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. BLIND SPOTS Eliminate dwell time with CrowdStrike § AV can only see what it stops § No prevention solution can be 100% effective, not even next-gen solutions § Average dwell time still near 200 days § Go beyond malware to detect and block modern attacker techniques § CrowdStrike’s EDR offers automatic detections, eliminating the need for manual search § CrowdStrike’s Overwatch delivers proactive threat hunting in your environment, 24x7x365
  • 19. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. NO MORE BLIND SPOTS 100% Exploit Detection in AV-Comparatives Test 90 63 100 57 86 90 63 70 28 82 0 20 40 60 80 100 Symantec* Cylance* CrowdStrike SentinelOne Palo Alto Blocked Detected Source: AV-Comparatives and AV-Comparatives § CrowdStrike is only product with 100% detection efficacy § All other solutions suffered from silent failure § In reality, this leads to long dwell times
  • 20. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. NO MORE BLIND SPOTS 100% Exploit Detection in AV-Comparatives Test 90 63 100 57 86 90 63 70 28 82 0 20 40 60 80 100 Symantec* Cylance* CrowdStrike SentinelOne Palo Alto Blocked Detected Source: AV-Comparatives and AV-Comparatives § CrowdStrike is only product with 100% detection efficacy § All other solutions suffered from silent failure § In reality, this leads to long dwell times
  • 21. 2015 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. Privilege Escalation from Command Line EXAMPLE
  • 22. 2015 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. Privilege Escalation from Command Line EXAMPLE
  • 23. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. Privilege Escalation from Command Line EXAMPLE • AV signatures, IOCs and Application Control are ineffective against this kind of threat • Even machine learning can’t stop this because it is a trusted executable • Would you know how to search for this? • Even if you knew how, do you have the bandwidth to search? • CrowdStrike IOAs operate in real time and automate the detection process so that you don’t have to search
  • 24. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. THINGS TO LOOK OUT FOR If you’re not 100% effective at prevention, then you need strong detection Even some next-gen players have bloated endpoint agents Unverified efficacy claims “Bake in” periods are like HIPS all over again Telemetry without intelligence is worthless Over-emphasis on malware and/or forgetting the rest of the kill chain
  • 25. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. CAN YOU TRUST US TO REPLACE YOUR AV? 98.2% Malware Block Rate 100% Exploit Detection 0 False Positives Vendor Member Committed to Standards Contribute Leadership First Pure ML Engine Open to Public Scrutiny Contribute to Community SourceSource Source Also certified for PCI, HIPAA, NIST, FFIEC and more…
  • 26. Largest global companies by revenue Largest global banks by revenue Top Credit card payment processors Top oil and gas companies 3 OF THE 102OF THE 45OF THE 103OF THE 10 CrowdStrike Falcon Deployed in 170 Countries BACKED BY ELITE INVESTORS:
  • 27. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. START NOW info@crowdstrike.com 1.888.512.8906 (US) +44(0)118.453.0400 (UK) (+61) 1300.792.402 (Australia & New Zealand) / APAC