The Time Has Come To Replace Your Antivirus Solution
After decades of frustration and failure, the security industry is ready to replace legacy antivirus systems with more effective solutions. As breaches continue to make headlines, we are left to wonder if anything can really stop modern threats. The answer is yes, but it requires us to approach the problem in a new way. Instead of continually adding functionality and complexity to legacy security architectures, we need a complete reset. This is exactly what CrowdStrike offers with its cloud-delivered endpoint protection platform.
The key to this new approach is going beyond malware to understanding and address cyber threats at every stage of the kill chain. CrowdStrike does this by combining next-gen antivirus, endpoint detection and response (EDR), and a managed threat hunting service – all cloud-delivered with a single lightweight agent.
In this CrowdCast, Dan Larson, Sr. Director of Technical Marketing, will discuss:
- The typical challenges with legacy antivirus implementations and how we solve them
- How CrowdStrike offers a greater level of protection, especially against modern threats
- How cloud-delivered endpoint protection reduces operational burden
- How to migrate from legacy antivirus to CrowdStrike Falcon
Link to on-demand webcast: https://www.crowdstrike.com/resources/crowdcasts/time-come-replace-antivirus-solution/
Unleash Your Potential - Namagunga Girls Coding Club
How to Replace Your Legacy Antivirus Solution with CrowdStrike
1. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
THE TIME HAS COME TO
REPLACE YOUR LEGACY AV
DAN LARSON, TECHNICAL DIRECTOR
2. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
CrowdStrike Intro
Legacy Anti-Virus Efficacy
How CrowdStrike Stops Malware
How CrowdStrike Goes Beyond Malware
How to Switch to CrowdStrike for AV
AV Testing and Industry Collaboration
4. Cloud Delivered Endpoint Protection
MANAGED
HUNTING
ENDPOINT DETECTION
AND RESPONSE
NEXT-GEN
ANTIVIRUS
CrowdStrike is the only security technology provider to unify next-gen AV and EDR into a
single agent, backed by 24/7 proactive threat hunting – all delivered in via the cloud
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
5. MY ANTI-VIRUS JUST DOESN’T WORK
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
This is the #1 concern raised by customers inquiring with analyst firms Gartner and
Forrester about endpoint security.
…
They simply are not effective in stopping modern threats.
6. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
INEFFECTIVE AGAINST MODERN THREATS
45%
§ “Anti-Virus catches about 45 percent of attacks
these days”
- Brian Dye, former VP at Symantec (now at McAfee)
Source: https://goo.gl/hNUCdm
7. “COMPLEXITY IS THE ENEMY OF SECURITY”
Bruce Schneier, 2001
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
8. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
TRYING TO GET AHEAD OF THE ATTACKER
80s to
90s
Signatures
00s
Heuristics
2007
Reputation
2009
App
Control
2012
Sandboxing
& Isolation
2013
Machine
Learning
Now
Managed
Hunting
2011
IOC
Sharing
2014
Behavioral
Analytics
Enterprise Endpoint Security Timeline
9. LEGACY VENDOR ARCHITECTURE
Email
Encryption
HTTP/WEB
GATEWAY
Web
Security SMTP/EMAIL
GATEWAY
Mail Security
SHAREPOINT
Sharepoint
Security
SERVERS
App Control
MAIL
SERVERS
Mail Scanner
VDI
VDI Plugin
FIREWALL/ROUTER
UTM GATEWAY
ENDPOINT
PROTECTION
HOST SECURITY SERVICES
• Web Security as a Service
• Hosted Email Security
• Reputation Cloud
• Sandbox Service
CENTRALIZED
MANAGEMENT
• Vulnerability Protection
• Host Intrusion Prevention
• AntiVirus
• Endpoint Encryption
• Application Control
• Web Protection
SANDBOX
APPLIANCE
“NEXT GEN”
• Endpoint Activity Visibility
Even with all of this, there were 3,141 breaches in 2015.
Source: 2016 Verizon Data Breach Investigation Report
12. Machine Learning
• Increases effectiveness against new, polymorphic or obfuscated malware
• Works without daily updates
• Works offline
• Data models can be smaller than signature files (if done properly)
• Performance impact less than on-demand or on-access scanning techniques
• Complements
• Behavioral analytics, or IOAs
• Exploit mitigation
13. MORE THAN JUST AV REPLACEMENT
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
14. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
THE REMAINING CHALLENGES
Complexity
…
Ever expanding infrastructure
requirements and agent footprint
Always Out of Date
…
By the time your update is
deployed, it is time to start another
Blind Spots
…
Silent failure leads to long dwell
times and false sense of security
15. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
COMPLEXITY
Eliminate operational burden with CrowdStrike
§ No more daily signature updates
§ Smaller footprint
15MB on disk
10MB in memory
§ No reboots
§ No on premise hardware
§ SaaS scalability
16. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
ALWAYS OUT OF DATE
Outpace the attacker with CrowdStrike
§ No need to develop AV signatures
§ Machine learning and IOAs are more
persistent protection mechanisms
§ CrowdStrike only requires 15MB on disk
§ 70MB-150MB typical for AV signatures
§ Some ML models balloon to 300MB
§ Single-sensor design eliminates
dependency issues
§ SaaS delivery ensures real-time
updates when necessary
17. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
EXAMPLE
3 Month Old Machine Learning Model Immediately Blocks Shamoon 2
§ ML model delivered to
VirusTotal on Aug 25th
§ Blocked Shamoon 2 on its first
appearance in VT on Nov 22nd
§ CrowdStrike was one of only
five vendors to identify it
correctly
Source: https://goo.gl/nK0VmO
18. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
BLIND SPOTS
Eliminate dwell time with CrowdStrike
§ AV can only see what it stops
§ No prevention solution can be 100%
effective, not even next-gen solutions
§ Average dwell time still near 200 days
§ Go beyond malware to detect and block
modern attacker techniques
§ CrowdStrike’s EDR offers automatic
detections, eliminating the need for
manual search
§ CrowdStrike’s Overwatch delivers
proactive threat hunting in your
environment, 24x7x365
19. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
NO MORE BLIND SPOTS
100% Exploit Detection in AV-Comparatives Test
90
63
100
57
86
90
63
70
28
82
0 20 40 60 80 100
Symantec*
Cylance*
CrowdStrike
SentinelOne
Palo Alto
Blocked Detected
Source: AV-Comparatives and AV-Comparatives
§ CrowdStrike is only product
with 100% detection efficacy
§ All other solutions suffered
from silent failure
§ In reality, this leads to long
dwell times
20. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
NO MORE BLIND SPOTS
100% Exploit Detection in AV-Comparatives Test
90
63
100
57
86
90
63
70
28
82
0 20 40 60 80 100
Symantec*
Cylance*
CrowdStrike
SentinelOne
Palo Alto
Blocked Detected
Source: AV-Comparatives and AV-Comparatives
§ CrowdStrike is only product
with 100% detection efficacy
§ All other solutions suffered
from silent failure
§ In reality, this leads to long
dwell times
21. 2015 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
Privilege Escalation from Command Line
EXAMPLE
22. 2015 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
Privilege Escalation from Command Line
EXAMPLE
23. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
Privilege Escalation from Command Line
EXAMPLE
• AV signatures, IOCs and Application
Control are ineffective against this kind
of threat
• Even machine learning can’t stop this
because it is a trusted executable
• Would you know how to search for this?
• Even if you knew how, do you have the
bandwidth to search?
• CrowdStrike IOAs operate in real time and
automate the detection process so that
you don’t have to search
24. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
THINGS TO LOOK OUT FOR
If you’re not 100% effective at
prevention, then you need
strong detection
Even some next-gen players
have bloated endpoint agents
Unverified efficacy claims
“Bake in” periods are like HIPS
all over again
Telemetry without intelligence
is worthless
Over-emphasis on malware
and/or forgetting the rest of
the kill chain
25. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
CAN YOU TRUST US TO REPLACE YOUR AV?
98.2% Malware Block Rate
100% Exploit Detection
0 False Positives
Vendor Member
Committed to Standards
Contribute Leadership
First Pure ML Engine
Open to Public Scrutiny
Contribute to Community
SourceSource Source
Also certified for PCI, HIPAA, NIST, FFIEC and more…
26. Largest global
companies by revenue
Largest global
banks by revenue
Top Credit card
payment processors
Top oil and
gas companies
3 OF THE
102OF THE
45OF THE
103OF THE
10
CrowdStrike Falcon Deployed in 170 Countries
BACKED BY
ELITE
INVESTORS:
27. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
START NOW
info@crowdstrike.com
1.888.512.8906 (US)
+44(0)118.453.0400 (UK)
(+61) 1300.792.402 (Australia & New Zealand) / APAC