SlideShare ist ein Scribd-Unternehmen logo

Advanced Threat Defense Intel Security

X
xband

McAfee Advanced Threat Defense and McAfee Active Response

Technologie
1 von 29
Downloaden Sie, um offline zu lesen
McAfee Advanced Threat Defense Ahmed Sharaf – Managing Director, Xband Enterprises, Inc. 2016
McAfee Confidential Threat Landscape 2 Source: McAfee Labs Q4 2015 New threats every minute, or more than 5 every second316 Daily attempts made to entice McAfee customers to connect to a risky URL157M More new mobile malware samples in Q472% Increase in new ransomware in Q426% Total ransomware samples in McAfee Labs Zoo6M New malware samples in Q4 – second highest on record42M Unique malware samples in the McAfee Labs Zoo as of Q4 2015476,000,000+
McAfee Confidential What Is Advanced Malware? 3Source: Designing an Adaptive Security Architecture for Protection From Advanced Attacks (Published 12 February 2014) Evades Legacy-based Defenses Typically Criminal Discovered After the Fact Key Challenges • Existing blocking and prevention capabilities are insufficient to protect against motivated, advanced attackers. • Many of these attacks are not advanced in techniques; they are simply designed to bypass traditional signature- based mechanisms. Theft Sabotage Espionage Stealthy Targeted Unknown Data loss Costly clean-up Long-term damage
McAfee Confidential Advanced Malware 4 Market wisdom IdentifiedUnknown However, Sandboxing by Itself Should Not be Your Only Defense Resource Intensive Not Real Time Lacks Scalability ? ? ? Because of Behavior AnalysisBecause No Signature Match ? ? ? Sandboxing Safe ? Malware ? Malware ? Alert vs Actions Not effective against all malware
McAfee Confidential Advanced Threat Defense 5 Key differentiators Advanced Threat Defense Comprehensive Approach High-detection Accuracy Centralized Deployment
McAfee Confidential Comprehensive Approach to Malware 6 McAfee Threat Intelligence Exchange Enabled Endpoint McAfee ePO McAfee Network Security Platform McAfee Web Gateway McAfee Threat Intelligence Exchange/ Data Exchange Layer McAfee Advanced Threat Defense McAfee Enterprise Security Manager (SIEM) McAfee Active Response Protect DetectCorrect McAfee ePO McAfee Enterprise Security Manager (SIEM) McAfee Active Response McAfee Threat Intelligence Exchange/ Data Exchange Layer
McAfee Confidential Impacted systems identified in ATD reports New integration: McAfee Advanced Threat Defense and McAfee Active Response 7
McAfee Confidential Advanced Threat Defense 8 Key differentiators Comprehensive Approach High-detection Accuracy Centralized Deployment Advanced Threat Defense
McAfee Confidential Dynamic and Static Code Real-time Emulation Comprehensive Layered Approach Number of Samples You Can Process Known Good Known Bad File ExecutionEmulation White/ Black Listing AVGTI 9 Compute Cycles Needed/Time to Process
McAfee Confidential Dynamic and Static Code Analysis 10 Analyze Static Code AnalysisDynamic Analysis Analyze Unpacking Disassembly of Code Calculate Latent Code Familial Resemblance Run Time DLLs Network Operations File Operations Process Operations Delayed Execution
McAfee Confidential Advanced Threat Defense 11 Key differentiators Advanced Threat Defense Comprehensive Approach High-detection Accuracy Centralized Deployment
McAfee Confidential Numerous appliances Protocol-Specific Deployment Firewall Data Center Servers End-user Endpoints DMZ DNS/App Web Gateway IPS Web Malware Analysis File Server Malware Analysis Internet 12 Endpoint Sandbox Manager Management and Forensics SIEM ePO Malware Analysis/ Forensics Central Manager
McAfee Confidential Lower cost of ownership and scalability Firewall Data Center Servers End-user Endpoints DMZ Management and Forensics DNS/App Web Gateway IPS Malware Analysis/ Forensics Central Manager Web Malware Analysis File Server Malware Analysis Centralized Deployment Advanced Threat Defense Internet 13 SIEM ePO
McAfee Confidential Support for analyst investigation Advanced capabilities • User interactive mode • Enables analysts to interact directly with malware samples • Extensive unpacking capabilities • Reduces investigation time from days to minutes • Full logic path • Enables deeper sample analysis by forcing execution of additional logic paths that remain dormant in typical sandbox environments • Sample submission to multiple virtual environments • Speeds investigation by determining which environment variables are needed for file execution. • Detailed reports provide critical information for analyst investigation • From disassembly output to graphical function call diagrams and embedded or dropped file 14
McAfee Confidential 15 Advanced Threat Defense Better Detection, Better Protection. Lower Total Cost of Ownership. Faster Time to Malware Conviction, Containment, and Remediation.
McAfee Confidential Appendix 17
McAfee Confidential Advanced detection for stealthy, zero-day malware • Advanced analysis appliance • ATD-3000 • ATD-6000 • Deployment • Enhances security architecture – integrates with inline products • Stand alone research tool • History of innovation • Acquisition of ValidEdge sandbox technology: 2013 – Technology first released in 2004 – Used by primarily by security vendors and government agencies 18 McAfee Advanced Threat Defense
McAfee Confidential AV-TEST Results 19 Sample Size: Malicious Files • 7,616 Microsoft Office docs • 4,752 PDF docs • 131,871 Zoo malware • 12,132 Prevalent malware Sample Size: Clean Files • 96,722 clean files “The appliance showed great performance detecting 99.96% overall and no less than 99.5% in any single tested malware category. It also had a minimum of false positive detections at 0.01%.” 99.96% 96% 97% 98% 99% 100% Prevalent Malware Zoo Malware PDF Documents Microsoft Office Docs Overall Advanced Threat Defense Detection
McAfee Confidential Broad OS Support • Target-specific analysis: Analyze threats under the exact conditions of the actual host profile within the organization • Reducing the chances of missed malware or false positives • Faster results: Scales sandboxing capacity • Customizable sandbox images • Broad support covers corporate environments, including server and mobile traffic 20 Windows 8 32/64 bit Windows 7 32/64 bit Windows XP 32/64bit Windows Server 2003-2008 Android Custom Image McAfee
McAfee Confidential The Packing Challenge • Custom packers used in targeted attacks • Packing or protecting changes the composition of the code or obfuscates it to evade detection and reverse engineering • Need to unpack to get to original executable code for analysis • Packed malware can hide • Delayed execution • Alternative execution paths 21 Source: McAfee Labs Q2 2014
McAfee Confidential Understand Your Adversary • Advanced Threat Defense immediately identifies the file as malicious with 14 specific classifications • Note, that static code analysis also shows the 43% of the code did not execute in the sandbox • So what else is missed if only dynamic analysis is used? 22
McAfee Confidential Static Code Analysis • Advanced Threat Defense unpacks and reverse engineers the file to expose the actual code for analysis • Compares code to known malicious code, identifying this relatively unknown file as part of the Trojan.Win32.simda malware family • Static code analysis finds 96% similarity to known malware family 23
McAfee Confidential Quarian – Designed for Sandbox Evasion 24 In Action 1. User receives phishing email 2. User Clicks link and downloads PDF 3. Other sandboxes see no bad behavior Malicious Web Server End User Attacker Phishing Email PDF download SANDBOX Quarian leverages older code but designed to identify a sandbox and stay silent Majority of code remains the same as previously known attack
McAfee Confidential ATD • Advanced Threat Defense scans incoming PDF • Dynamic Analysis sees no bad behavior • Static Code Analysis unpacks and identifies code as known malicious Stopping Quarian and Sandbox Evasions 25 Advanced Threat Defense and Static Code Analysis ATD End User Analysis of Unpacked Code Malicious Web Server Attacker Phishing Email Family Name: Trojan.Win32.APT_Guodl Similarity Factor: 66.72
McAfee Confidential McAfee Global Threat Intelligence McAfee ATD McAfee VSE Threat Intelligence Module McAfee ePO McAfee Threat Intelligence Exchange 26 Adapt and immunize—from encounter to containment in milliseconds 3rd Party Feeds Data Exchange Layer McAfee TIE Server McAfee VSE Threat Intelligence Module NOYES Adaptive security improves anti-malware protection • Better analysis of the gray • Crowd-source reputations from your own environment • Manage risk tolerance across departments/system types Actionable intelligence • Early awareness of first occurrence flags attacks as they begin • Know who may be/was compromised when certificate or file reputation changes
McAfee Confidential McAfee ESM McAfee VSE Threat Intelligence Module McAfee VSE Threat Intelligence Module McAfee ePO McAfee ATD McAfee Web Gateway McAfee NSP McAfee Threat Intelligence Exchange 27 Instant protection across the enterprise Data Exchange Layer McAfee Global Threat Intelligence 3rd Party Feeds Gateways block access based on endpoint convictions Security components operate as one to immediately share relevant data between endpoint, gateway, and other security products Proactively and efficiently protect your organization as soon as a threat is revealed McAfee TIE Server
McAfee Confidential Adaptive Threat Prevention and Detection 28 Web GatewayNIPS Network & Gateway Endpoints Sandbox SIEM IOC 1 IOC 2 IOC 3 IOC 4 network and endpoints adapt payload is analyzed new IOC intelligence pinpoints historic breaches previously breached systems are isolated and remediated DXL Ecosystem DXL Ecosystem
Advanced Threat Defense Intel Security

Empfohlen

Esteban Próspero
Esteban PrósperoEsteban Próspero
Esteban PrósperoClusterCba
 
Data Center Server security
Data Center Server securityData Center Server security
Data Center Server securityxband
 
Talos threat-intelligence
Talos threat-intelligenceTalos threat-intelligence
Talos threat-intelligencexband
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protectionxband
 
Advanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníAdvanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníMarketingArrowECS_CZ
 
FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not MarketingArrowECS_CZ
 
Revolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionRevolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionBlue Coat
 
Issa jason dablow
Issa jason dablowIssa jason dablow
Issa jason dablowISSA LA
 

Empfohlen

Esteban Próspero
Esteban PrósperoEsteban Próspero
Esteban PrósperoClusterCba
 
Data Center Server security
Data Center Server securityData Center Server security
Data Center Server securityxband
 
Talos threat-intelligence
Talos threat-intelligenceTalos threat-intelligence
Talos threat-intelligencexband
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protectionxband
 
Advanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníAdvanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníMarketingArrowECS_CZ
 
FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not MarketingArrowECS_CZ
 
Revolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionRevolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionBlue Coat
 
Issa jason dablow
Issa jason dablowIssa jason dablow
Issa jason dablowISSA LA
 
Advanced Threat Protection
Advanced Threat ProtectionAdvanced Threat Protection
Advanced Threat ProtectionLan & Wan Solutions
 
Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101Blue Coat
 
FireEye Portfolio
FireEye PortfolioFireEye Portfolio
FireEye PortfolioPrime Infoserv
 
Security Implications of the Cloud - CSS Dallas Azure
Security Implications of the Cloud - CSS Dallas AzureSecurity Implications of the Cloud - CSS Dallas Azure
Security Implications of the Cloud - CSS Dallas AzureAlert Logic
 
Disección de amenazas en entornos de nube
Disección de amenazas en entornos de nubeDisección de amenazas en entornos de nube
Disección de amenazas en entornos de nubeCristian Garcia G.
 
Ransomware Resiliency, Recoverability and Availability
Ransomware Resiliency, Recoverability and AvailabilityRansomware Resiliency, Recoverability and Availability
Ransomware Resiliency, Recoverability and AvailabilityLai Yoong Seng
 
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension Inc.
 
Cisco NGFW AMP
Cisco NGFW AMPCisco NGFW AMP
Cisco NGFW AMPCisco Canada
 
FireEye Solutions
FireEye SolutionsFireEye Solutions
FireEye SolutionsPrime Infoserv
 
Antispam aneb plnoleté řešení
Antispam aneb plnoleté řešeníAntispam aneb plnoleté řešení
Antispam aneb plnoleté řešeníMarketingArrowECS_CZ
 
Cloud Crime Ops
Cloud Crime OpsCloud Crime Ops
Cloud Crime OpsGreg Foss
 
Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...
Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...
Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...Cisco Security
 
Infographic: Stop Attacks Hiding Under the Cover of SSL Encryption
Infographic: Stop Attacks Hiding Under the Cover of SSL EncryptionInfographic: Stop Attacks Hiding Under the Cover of SSL Encryption
Infographic: Stop Attacks Hiding Under the Cover of SSL EncryptionBlue Coat
 
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky
 
Advanced Threat Protection Lifecycle Infographic
Advanced Threat Protection Lifecycle InfographicAdvanced Threat Protection Lifecycle Infographic
Advanced Threat Protection Lifecycle InfographicBlue Coat
 
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesInfosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesSkybox Security
 
Panda Security - Endpoint Protection
Panda Security - Endpoint ProtectionPanda Security - Endpoint Protection
Panda Security - Endpoint ProtectionPanda Security
 
Cisco amp for networks
Cisco amp for networksCisco amp for networks
Cisco amp for networksCisco Canada
 
Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurAnticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurSkybox Security
 
ESET on cybersecurity.
ESET on cybersecurity.ESET on cybersecurity.
ESET on cybersecurity.SOCIALware Benelux
 
Mcafee ips nsp-2011
Mcafee ips nsp-2011Mcafee ips nsp-2011
Mcafee ips nsp-2011Luluk Kristiawan
 
Gartner_Critical Capabilities for SIEM 9.21.15
Gartner_Critical Capabilities for SIEM 9.21.15Gartner_Critical Capabilities for SIEM 9.21.15
Gartner_Critical Capabilities for SIEM 9.21.15Jay Steidle
 

Weitere ähnliche Inhalte

Was ist angesagt?

Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101Blue Coat
 
Security Implications of the Cloud - CSS Dallas Azure
Security Implications of the Cloud - CSS Dallas AzureSecurity Implications of the Cloud - CSS Dallas Azure
Security Implications of the Cloud - CSS Dallas AzureAlert Logic
 
Disección de amenazas en entornos de nube
Disección de amenazas en entornos de nubeDisección de amenazas en entornos de nube
Disección de amenazas en entornos de nubeCristian Garcia G.
 
Ransomware Resiliency, Recoverability and Availability
Ransomware Resiliency, Recoverability and AvailabilityRansomware Resiliency, Recoverability and Availability
Ransomware Resiliency, Recoverability and AvailabilityLai Yoong Seng
 
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension Inc.
 
Cloud Crime Ops
Cloud Crime OpsCloud Crime Ops
Cloud Crime OpsGreg Foss
 
Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...
Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...
Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...Cisco Security
 
Infographic: Stop Attacks Hiding Under the Cover of SSL Encryption
Infographic: Stop Attacks Hiding Under the Cover of SSL EncryptionInfographic: Stop Attacks Hiding Under the Cover of SSL Encryption
Infographic: Stop Attacks Hiding Under the Cover of SSL EncryptionBlue Coat
 
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky
 
Advanced Threat Protection Lifecycle Infographic
Advanced Threat Protection Lifecycle InfographicAdvanced Threat Protection Lifecycle Infographic
Advanced Threat Protection Lifecycle InfographicBlue Coat
 
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesInfosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesSkybox Security
 
Panda Security - Endpoint Protection
Panda Security - Endpoint ProtectionPanda Security - Endpoint Protection
Panda Security - Endpoint ProtectionPanda Security
 
Cisco amp for networks
Cisco amp for networksCisco amp for networks
Cisco amp for networksCisco Canada
 
Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurAnticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurSkybox Security
 

Was ist angesagt? (20)

Advanced Threat Protection
Advanced Threat ProtectionAdvanced Threat Protection
Advanced Threat Protection
 
Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101
 
FireEye Portfolio
FireEye PortfolioFireEye Portfolio
FireEye Portfolio
 
Security Implications of the Cloud - CSS Dallas Azure
Security Implications of the Cloud - CSS Dallas AzureSecurity Implications of the Cloud - CSS Dallas Azure
Security Implications of the Cloud - CSS Dallas Azure
 
Disección de amenazas en entornos de nube
Disección de amenazas en entornos de nubeDisección de amenazas en entornos de nube
Disección de amenazas en entornos de nube
 
Ransomware Resiliency, Recoverability and Availability
Ransomware Resiliency, Recoverability and AvailabilityRansomware Resiliency, Recoverability and Availability
Ransomware Resiliency, Recoverability and Availability
 
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA Compliance
 
Cisco NGFW AMP
Cisco NGFW AMPCisco NGFW AMP
Cisco NGFW AMP
 
FireEye Solutions
FireEye SolutionsFireEye Solutions
FireEye Solutions
 
Antispam aneb plnoleté řešení
Antispam aneb plnoleté řešeníAntispam aneb plnoleté řešení
Antispam aneb plnoleté řešení
 
Cloud Crime Ops
Cloud Crime OpsCloud Crime Ops
Cloud Crime Ops
 
Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...
Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...
Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...
 
Infographic: Stop Attacks Hiding Under the Cover of SSL Encryption
Infographic: Stop Attacks Hiding Under the Cover of SSL EncryptionInfographic: Stop Attacks Hiding Under the Cover of SSL Encryption
Infographic: Stop Attacks Hiding Under the Cover of SSL Encryption
 
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
 
Advanced Threat Protection Lifecycle Infographic
Advanced Threat Protection Lifecycle InfographicAdvanced Threat Protection Lifecycle Infographic
Advanced Threat Protection Lifecycle Infographic
 
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesInfosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
 
Panda Security - Endpoint Protection
Panda Security - Endpoint ProtectionPanda Security - Endpoint Protection
Panda Security - Endpoint Protection
 
Cisco amp for networks
Cisco amp for networksCisco amp for networks
Cisco amp for networks
 
Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurAnticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
 
ESET on cybersecurity.
ESET on cybersecurity.ESET on cybersecurity.
ESET on cybersecurity.
 

Andere mochten auch

Gartner_Critical Capabilities for SIEM 9.21.15
Gartner_Critical Capabilities for SIEM 9.21.15Gartner_Critical Capabilities for SIEM 9.21.15
Gartner_Critical Capabilities for SIEM 9.21.15Jay Steidle
 
Hadoop - the data scientist's toolbox
Hadoop - the data scientist's toolboxHadoop - the data scientist's toolbox
Hadoop - the data scientist's toolboxKenneth Geisshirt
 
McAfee Adaptive threat intelligence i ve virtuálním prostředí
McAfee Adaptive threat intelligence i ve virtuálním prostředí McAfee Adaptive threat intelligence i ve virtuálním prostředí
McAfee Adaptive threat intelligence i ve virtuálním prostředí MarketingArrowECS_CZ
 
H@dfex 2015 malware analysis
H@dfex 2015 malware analysisH@dfex 2015 malware analysis
H@dfex 2015 malware analysisCharles Lim
 
Session Sponsored by Intel: Smart Cities, Infrastructure and Health powered b...
Session Sponsored by Intel: Smart Cities, Infrastructure and Health powered b...Session Sponsored by Intel: Smart Cities, Infrastructure and Health powered b...
Session Sponsored by Intel: Smart Cities, Infrastructure and Health powered b...Amazon Web Services
 
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat ProtectionSymantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat ProtectioninfoLock Technologies
 
Understanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor LandscapeUnderstanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor LandscapeSounil Yu
 

Andere mochten auch (8)

Mcafee ips nsp-2011
Mcafee ips nsp-2011Mcafee ips nsp-2011
Mcafee ips nsp-2011
 
Gartner_Critical Capabilities for SIEM 9.21.15
Gartner_Critical Capabilities for SIEM 9.21.15Gartner_Critical Capabilities for SIEM 9.21.15
Gartner_Critical Capabilities for SIEM 9.21.15
 
Hadoop - the data scientist's toolbox
Hadoop - the data scientist's toolboxHadoop - the data scientist's toolbox
Hadoop - the data scientist's toolbox
 
McAfee Adaptive threat intelligence i ve virtuálním prostředí
McAfee Adaptive threat intelligence i ve virtuálním prostředí McAfee Adaptive threat intelligence i ve virtuálním prostředí
McAfee Adaptive threat intelligence i ve virtuálním prostředí
 
H@dfex 2015 malware analysis
H@dfex 2015 malware analysisH@dfex 2015 malware analysis
H@dfex 2015 malware analysis
 
Session Sponsored by Intel: Smart Cities, Infrastructure and Health powered b...
Session Sponsored by Intel: Smart Cities, Infrastructure and Health powered b...Session Sponsored by Intel: Smart Cities, Infrastructure and Health powered b...
Session Sponsored by Intel: Smart Cities, Infrastructure and Health powered b...
 
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat ProtectionSymantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
 
Understanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor LandscapeUnderstanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor Landscape
 

Ähnlich wie Advanced Threat Defense Intel Security

Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Scalar Decisions
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security IntelligenceSplunk
 
Steve Porter : cloud Computing Security
Steve Porter : cloud Computing SecuritySteve Porter : cloud Computing Security
Steve Porter : cloud Computing SecurityGurbir Singh
 
Ransomware: Mitigation Through Preparation
Ransomware: Mitigation Through PreparationRansomware: Mitigation Through Preparation
Ransomware: Mitigation Through PreparationHostway|HOSTING
 
AMP_Security_ Malware Protection Presentatiion
AMP_Security_ Malware Protection PresentatiionAMP_Security_ Malware Protection Presentatiion
AMP_Security_ Malware Protection PresentatiionSohanGole1
 
Cisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approach
Cisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approachCisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approach
Cisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approachNetworkCollaborators
 
Endpoint Protection as a Service (EPaaS)
Endpoint Protection as a Service (EPaaS)Endpoint Protection as a Service (EPaaS)
Endpoint Protection as a Service (EPaaS)PT Datacomm Diangraha
 
MID_Complex_Network_Security_Alex_de_Graaf_EN
MID_Complex_Network_Security_Alex_de_Graaf_ENMID_Complex_Network_Security_Alex_de_Graaf_EN
MID_Complex_Network_Security_Alex_de_Graaf_ENVladyslav Radetsky
 
FireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment ExperienceFireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment ExperienceValery Yelanin
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself Alert Logic
 
Automating Event Driven Security in the AWS Cloud
Automating Event Driven Security in the AWS CloudAutomating Event Driven Security in the AWS Cloud
Automating Event Driven Security in the AWS CloudAmazon Web Services
 
The state of endpoint defense in 2021
The state of endpoint defense in 2021The state of endpoint defense in 2021
The state of endpoint defense in 2021Adrian Sanabria
 
Trend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning PresentationTrend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning PresentationGraeme Wood
 
Lacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security ThreatsLacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security ThreatsLacework
 
Custom defense - Blake final
Custom defense - Blake finalCustom defense - Blake final
Custom defense - Blake finalMinh Le
 
FireEye Report.ppt
FireEye Report.pptFireEye Report.ppt
FireEye Report.pptDubemJavapi
 

Ähnlich wie Advanced Threat Defense Intel Security (20)

MID_SIEM_Boubker_EN
MID_SIEM_Boubker_ENMID_SIEM_Boubker_EN
MID_SIEM_Boubker_EN
 
Malware
MalwareMalware
Malware
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
 
Steve Porter : cloud Computing Security
Steve Porter : cloud Computing SecuritySteve Porter : cloud Computing Security
Steve Porter : cloud Computing Security
 
Ransomware: Mitigation Through Preparation
Ransomware: Mitigation Through PreparationRansomware: Mitigation Through Preparation
Ransomware: Mitigation Through Preparation
 
AMP_Security_ Malware Protection Presentatiion
AMP_Security_ Malware Protection PresentatiionAMP_Security_ Malware Protection Presentatiion
AMP_Security_ Malware Protection Presentatiion
 
Symantec Endpoint Suite
Symantec Endpoint SuiteSymantec Endpoint Suite
Symantec Endpoint Suite
 
Cisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approach
Cisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approachCisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approach
Cisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approach
 
Endpoint Protection as a Service (EPaaS)
Endpoint Protection as a Service (EPaaS)Endpoint Protection as a Service (EPaaS)
Endpoint Protection as a Service (EPaaS)
 
MID_Complex_Network_Security_Alex_de_Graaf_EN
MID_Complex_Network_Security_Alex_de_Graaf_ENMID_Complex_Network_Security_Alex_de_Graaf_EN
MID_Complex_Network_Security_Alex_de_Graaf_EN
 
FireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment ExperienceFireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment Experience
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself
 
Post Wannacry Update
Post Wannacry UpdatePost Wannacry Update
Post Wannacry Update
 
Automating Event Driven Security in the AWS Cloud
Automating Event Driven Security in the AWS CloudAutomating Event Driven Security in the AWS Cloud
Automating Event Driven Security in the AWS Cloud
 
The state of endpoint defense in 2021
The state of endpoint defense in 2021The state of endpoint defense in 2021
The state of endpoint defense in 2021
 
Trend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning PresentationTrend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning Presentation
 
Lacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security ThreatsLacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security Threats
 
Custom defense - Blake final
Custom defense - Blake finalCustom defense - Blake final
Custom defense - Blake final
 
FireEye Report.ppt
FireEye Report.pptFireEye Report.ppt
FireEye Report.ppt
 

Mehr von xband

Preventing Data Breaches
Preventing Data BreachesPreventing Data Breaches
Preventing Data Breachesxband
 
Security Transformation Services
Security Transformation ServicesSecurity Transformation Services
Security Transformation Servicesxband
 
Security Operations and Response
Security Operations and ResponseSecurity Operations and Response
Security Operations and Responsexband
 
Information Risk and Protection
Information Risk and ProtectionInformation Risk and Protection
Information Risk and Protectionxband
 
IBM Security Strategy Overview
IBM Security Strategy OverviewIBM Security Strategy Overview
IBM Security Strategy Overviewxband
 
API Connect Presentation
API Connect PresentationAPI Connect Presentation
API Connect Presentationxband
 
Verizon Data Breach Investigation Report
Verizon Data Breach Investigation ReportVerizon Data Breach Investigation Report
Verizon Data Breach Investigation Reportxband
 
Big Fix Q-Radar Ahmed Sharaf - EmbeddedSecurity.net
Big Fix Q-Radar Ahmed Sharaf - EmbeddedSecurity.netBig Fix Q-Radar Ahmed Sharaf - EmbeddedSecurity.net
Big Fix Q-Radar Ahmed Sharaf - EmbeddedSecurity.netxband
 
Bridging the Data Security Gap
Bridging the Data Security GapBridging the Data Security Gap
Bridging the Data Security Gapxband
 
Hipaa Omnibus Final-Rule-eResource
Hipaa Omnibus Final-Rule-eResourceHipaa Omnibus Final-Rule-eResource
Hipaa Omnibus Final-Rule-eResourcexband
 
The Total Economic Impact™ Of Cisco Data Virtualization
The Total Economic Impact™ Of Cisco Data VirtualizationThe Total Economic Impact™ Of Cisco Data Virtualization
The Total Economic Impact™ Of Cisco Data Virtualizationxband
 
Assessing the Business Value of SDN Datacenter Security Solutions
Assessing the Business Value of SDN Datacenter Security SolutionsAssessing the Business Value of SDN Datacenter Security Solutions
Assessing the Business Value of SDN Datacenter Security Solutionsxband
 
Big Data, Little Data, and Everything in Between
Big Data, Little Data, and Everything in BetweenBig Data, Little Data, and Everything in Between
Big Data, Little Data, and Everything in Betweenxband
 
2015 cost of data breach study global analysis
2015 cost of data breach study global analysis2015 cost of data breach study global analysis
2015 cost of data breach study global analysisxband
 
Charles la trobe_college_learning_without_limits
Charles la trobe_college_learning_without_limitsCharles la trobe_college_learning_without_limits
Charles la trobe_college_learning_without_limitsxband
 
Fujitsu spain revolutionizing_public_administration
Fujitsu spain revolutionizing_public_administrationFujitsu spain revolutionizing_public_administration
Fujitsu spain revolutionizing_public_administrationxband
 
Iter supercomputing beyond_horizon
Iter supercomputing beyond_horizonIter supercomputing beyond_horizon
Iter supercomputing beyond_horizonxband
 
Ben gurion university_data_desert
Ben gurion university_data_desertBen gurion university_data_desert
Ben gurion university_data_desertxband
 
Shanghai health bureau_big_data_healthcare
Shanghai health bureau_big_data_healthcareShanghai health bureau_big_data_healthcare
Shanghai health bureau_big_data_healthcarexband
 
Bilim Pharmaceuticals Books 2-in-1 Convertibles
Bilim Pharmaceuticals Books 2-in-1 ConvertiblesBilim Pharmaceuticals Books 2-in-1 Convertibles
Bilim Pharmaceuticals Books 2-in-1 Convertiblesxband
 

Mehr von xband (20)

Preventing Data Breaches
Preventing Data BreachesPreventing Data Breaches
Preventing Data Breaches
 
Security Transformation Services
Security Transformation ServicesSecurity Transformation Services
Security Transformation Services
 
Security Operations and Response
Security Operations and ResponseSecurity Operations and Response
Security Operations and Response
 
Information Risk and Protection
Information Risk and ProtectionInformation Risk and Protection
Information Risk and Protection
 
IBM Security Strategy Overview
IBM Security Strategy OverviewIBM Security Strategy Overview
IBM Security Strategy Overview
 
API Connect Presentation
API Connect PresentationAPI Connect Presentation
API Connect Presentation
 
Verizon Data Breach Investigation Report
Verizon Data Breach Investigation ReportVerizon Data Breach Investigation Report
Verizon Data Breach Investigation Report
 
Big Fix Q-Radar Ahmed Sharaf - EmbeddedSecurity.net
Big Fix Q-Radar Ahmed Sharaf - EmbeddedSecurity.netBig Fix Q-Radar Ahmed Sharaf - EmbeddedSecurity.net
Big Fix Q-Radar Ahmed Sharaf - EmbeddedSecurity.net
 
Bridging the Data Security Gap
Bridging the Data Security GapBridging the Data Security Gap
Bridging the Data Security Gap
 
Hipaa Omnibus Final-Rule-eResource
Hipaa Omnibus Final-Rule-eResourceHipaa Omnibus Final-Rule-eResource
Hipaa Omnibus Final-Rule-eResource
 
The Total Economic Impact™ Of Cisco Data Virtualization
The Total Economic Impact™ Of Cisco Data VirtualizationThe Total Economic Impact™ Of Cisco Data Virtualization
The Total Economic Impact™ Of Cisco Data Virtualization
 
Assessing the Business Value of SDN Datacenter Security Solutions
Assessing the Business Value of SDN Datacenter Security SolutionsAssessing the Business Value of SDN Datacenter Security Solutions
Assessing the Business Value of SDN Datacenter Security Solutions
 
Big Data, Little Data, and Everything in Between
Big Data, Little Data, and Everything in BetweenBig Data, Little Data, and Everything in Between
Big Data, Little Data, and Everything in Between
 
2015 cost of data breach study global analysis
2015 cost of data breach study global analysis2015 cost of data breach study global analysis
2015 cost of data breach study global analysis
 
Charles la trobe_college_learning_without_limits
Charles la trobe_college_learning_without_limitsCharles la trobe_college_learning_without_limits
Charles la trobe_college_learning_without_limits
 
Fujitsu spain revolutionizing_public_administration
Fujitsu spain revolutionizing_public_administrationFujitsu spain revolutionizing_public_administration
Fujitsu spain revolutionizing_public_administration
 
Iter supercomputing beyond_horizon
Iter supercomputing beyond_horizonIter supercomputing beyond_horizon
Iter supercomputing beyond_horizon
 
Ben gurion university_data_desert
Ben gurion university_data_desertBen gurion university_data_desert
Ben gurion university_data_desert
 
Shanghai health bureau_big_data_healthcare
Shanghai health bureau_big_data_healthcareShanghai health bureau_big_data_healthcare
Shanghai health bureau_big_data_healthcare
 
Bilim Pharmaceuticals Books 2-in-1 Convertibles
Bilim Pharmaceuticals Books 2-in-1 ConvertiblesBilim Pharmaceuticals Books 2-in-1 Convertibles
Bilim Pharmaceuticals Books 2-in-1 Convertibles
 

Kürzlich hochgeladen

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 

Kürzlich hochgeladen (20)

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 

Advanced Threat Defense Intel Security

  • 1. McAfee Advanced Threat Defense Ahmed Sharaf – Managing Director, Xband Enterprises, Inc. 2016
  • 2. McAfee Confidential Threat Landscape 2 Source: McAfee Labs Q4 2015 New threats every minute, or more than 5 every second316 Daily attempts made to entice McAfee customers to connect to a risky URL157M More new mobile malware samples in Q472% Increase in new ransomware in Q426% Total ransomware samples in McAfee Labs Zoo6M New malware samples in Q4 – second highest on record42M Unique malware samples in the McAfee Labs Zoo as of Q4 2015476,000,000+
  • 3. McAfee Confidential What Is Advanced Malware? 3Source: Designing an Adaptive Security Architecture for Protection From Advanced Attacks (Published 12 February 2014) Evades Legacy-based Defenses Typically Criminal Discovered After the Fact Key Challenges • Existing blocking and prevention capabilities are insufficient to protect against motivated, advanced attackers. • Many of these attacks are not advanced in techniques; they are simply designed to bypass traditional signature- based mechanisms. Theft Sabotage Espionage Stealthy Targeted Unknown Data loss Costly clean-up Long-term damage
  • 4. McAfee Confidential Advanced Malware 4 Market wisdom IdentifiedUnknown However, Sandboxing by Itself Should Not be Your Only Defense Resource Intensive Not Real Time Lacks Scalability ? ? ? Because of Behavior AnalysisBecause No Signature Match ? ? ? Sandboxing Safe ? Malware ? Malware ? Alert vs Actions Not effective against all malware
  • 5. McAfee Confidential Advanced Threat Defense 5 Key differentiators Advanced Threat Defense Comprehensive Approach High-detection Accuracy Centralized Deployment
  • 6. McAfee Confidential Comprehensive Approach to Malware 6 McAfee Threat Intelligence Exchange Enabled Endpoint McAfee ePO McAfee Network Security Platform McAfee Web Gateway McAfee Threat Intelligence Exchange/ Data Exchange Layer McAfee Advanced Threat Defense McAfee Enterprise Security Manager (SIEM) McAfee Active Response Protect DetectCorrect McAfee ePO McAfee Enterprise Security Manager (SIEM) McAfee Active Response McAfee Threat Intelligence Exchange/ Data Exchange Layer
  • 7. McAfee Confidential Impacted systems identified in ATD reports New integration: McAfee Advanced Threat Defense and McAfee Active Response 7
  • 8. McAfee Confidential Advanced Threat Defense 8 Key differentiators Comprehensive Approach High-detection Accuracy Centralized Deployment Advanced Threat Defense
  • 9. McAfee Confidential Dynamic and Static Code Real-time Emulation Comprehensive Layered Approach Number of Samples You Can Process Known Good Known Bad File ExecutionEmulation White/ Black Listing AVGTI 9 Compute Cycles Needed/Time to Process
  • 10. McAfee Confidential Dynamic and Static Code Analysis 10 Analyze Static Code AnalysisDynamic Analysis Analyze Unpacking Disassembly of Code Calculate Latent Code Familial Resemblance Run Time DLLs Network Operations File Operations Process Operations Delayed Execution
  • 11. McAfee Confidential Advanced Threat Defense 11 Key differentiators Advanced Threat Defense Comprehensive Approach High-detection Accuracy Centralized Deployment
  • 12. McAfee Confidential Numerous appliances Protocol-Specific Deployment Firewall Data Center Servers End-user Endpoints DMZ DNS/App Web Gateway IPS Web Malware Analysis File Server Malware Analysis Internet 12 Endpoint Sandbox Manager Management and Forensics SIEM ePO Malware Analysis/ Forensics Central Manager
  • 13. McAfee Confidential Lower cost of ownership and scalability Firewall Data Center Servers End-user Endpoints DMZ Management and Forensics DNS/App Web Gateway IPS Malware Analysis/ Forensics Central Manager Web Malware Analysis File Server Malware Analysis Centralized Deployment Advanced Threat Defense Internet 13 SIEM ePO
  • 14. McAfee Confidential Support for analyst investigation Advanced capabilities • User interactive mode • Enables analysts to interact directly with malware samples • Extensive unpacking capabilities • Reduces investigation time from days to minutes • Full logic path • Enables deeper sample analysis by forcing execution of additional logic paths that remain dormant in typical sandbox environments • Sample submission to multiple virtual environments • Speeds investigation by determining which environment variables are needed for file execution. • Detailed reports provide critical information for analyst investigation • From disassembly output to graphical function call diagrams and embedded or dropped file 14
  • 15. McAfee Confidential 15 Advanced Threat Defense Better Detection, Better Protection. Lower Total Cost of Ownership. Faster Time to Malware Conviction, Containment, and Remediation.
  • 16.
  • 18. McAfee Confidential Advanced detection for stealthy, zero-day malware • Advanced analysis appliance • ATD-3000 • ATD-6000 • Deployment • Enhances security architecture – integrates with inline products • Stand alone research tool • History of innovation • Acquisition of ValidEdge sandbox technology: 2013 – Technology first released in 2004 – Used by primarily by security vendors and government agencies 18 McAfee Advanced Threat Defense
  • 19. McAfee Confidential AV-TEST Results 19 Sample Size: Malicious Files • 7,616 Microsoft Office docs • 4,752 PDF docs • 131,871 Zoo malware • 12,132 Prevalent malware Sample Size: Clean Files • 96,722 clean files “The appliance showed great performance detecting 99.96% overall and no less than 99.5% in any single tested malware category. It also had a minimum of false positive detections at 0.01%.” 99.96% 96% 97% 98% 99% 100% Prevalent Malware Zoo Malware PDF Documents Microsoft Office Docs Overall Advanced Threat Defense Detection
  • 20. McAfee Confidential Broad OS Support • Target-specific analysis: Analyze threats under the exact conditions of the actual host profile within the organization • Reducing the chances of missed malware or false positives • Faster results: Scales sandboxing capacity • Customizable sandbox images • Broad support covers corporate environments, including server and mobile traffic 20 Windows 8 32/64 bit Windows 7 32/64 bit Windows XP 32/64bit Windows Server 2003-2008 Android Custom Image McAfee
  • 21. McAfee Confidential The Packing Challenge • Custom packers used in targeted attacks • Packing or protecting changes the composition of the code or obfuscates it to evade detection and reverse engineering • Need to unpack to get to original executable code for analysis • Packed malware can hide • Delayed execution • Alternative execution paths 21 Source: McAfee Labs Q2 2014
  • 22. McAfee Confidential Understand Your Adversary • Advanced Threat Defense immediately identifies the file as malicious with 14 specific classifications • Note, that static code analysis also shows the 43% of the code did not execute in the sandbox • So what else is missed if only dynamic analysis is used? 22
  • 23. McAfee Confidential Static Code Analysis • Advanced Threat Defense unpacks and reverse engineers the file to expose the actual code for analysis • Compares code to known malicious code, identifying this relatively unknown file as part of the Trojan.Win32.simda malware family • Static code analysis finds 96% similarity to known malware family 23
  • 24. McAfee Confidential Quarian – Designed for Sandbox Evasion 24 In Action 1. User receives phishing email 2. User Clicks link and downloads PDF 3. Other sandboxes see no bad behavior Malicious Web Server End User Attacker Phishing Email PDF download SANDBOX Quarian leverages older code but designed to identify a sandbox and stay silent Majority of code remains the same as previously known attack
  • 25. McAfee Confidential ATD • Advanced Threat Defense scans incoming PDF • Dynamic Analysis sees no bad behavior • Static Code Analysis unpacks and identifies code as known malicious Stopping Quarian and Sandbox Evasions 25 Advanced Threat Defense and Static Code Analysis ATD End User Analysis of Unpacked Code Malicious Web Server Attacker Phishing Email Family Name: Trojan.Win32.APT_Guodl Similarity Factor: 66.72
  • 26. McAfee Confidential McAfee Global Threat Intelligence McAfee ATD McAfee VSE Threat Intelligence Module McAfee ePO McAfee Threat Intelligence Exchange 26 Adapt and immunize—from encounter to containment in milliseconds 3rd Party Feeds Data Exchange Layer McAfee TIE Server McAfee VSE Threat Intelligence Module NOYES Adaptive security improves anti-malware protection • Better analysis of the gray • Crowd-source reputations from your own environment • Manage risk tolerance across departments/system types Actionable intelligence • Early awareness of first occurrence flags attacks as they begin • Know who may be/was compromised when certificate or file reputation changes
  • 27. McAfee Confidential McAfee ESM McAfee VSE Threat Intelligence Module McAfee VSE Threat Intelligence Module McAfee ePO McAfee ATD McAfee Web Gateway McAfee NSP McAfee Threat Intelligence Exchange 27 Instant protection across the enterprise Data Exchange Layer McAfee Global Threat Intelligence 3rd Party Feeds Gateways block access based on endpoint convictions Security components operate as one to immediately share relevant data between endpoint, gateway, and other security products Proactively and efficiently protect your organization as soon as a threat is revealed McAfee TIE Server
  • 28. McAfee Confidential Adaptive Threat Prevention and Detection 28 Web GatewayNIPS Network & Gateway Endpoints Sandbox SIEM IOC 1 IOC 2 IOC 3 IOC 4 network and endpoints adapt payload is analyzed new IOC intelligence pinpoints historic breaches previously breached systems are isolated and remediated DXL Ecosystem DXL Ecosystem