History of Industry Leadership

Slides:



Advertisements
Similar presentations
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Advertisements

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
John Prisco President and CEO Triumfant, Inc. Our defenses are designed to defeat threats we have seen before. We have very little protection against.
FEATURES & FUNCTIONALITY. Page 2 Agenda Main topics Packet Filter Firewall Application Control Other features.
©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.
OPSWAT Presentation for XXX Month Date, Year. OPSWAT & ____________ Agenda  Overview of OPSWAT  Multi-scanning with Metascan  Controlling Data Workflow.
Dealing with Malware By: Brandon Payne Image source: TechTips.com.
Network Security Terms. Perimeter is the fortified boundary of the network that might include the following aspects: 1.Border routers 2.Firewalls 3.IDSs.
How to Make Cyber Threat Intelligence Actionable
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Antivirus Software Technology By Mitchell Zell. Intro  Computers are vulnerable to attack  Most common type of attack is Malware  Short for malicious.
Cosc 4765 Antivirus Approaches. In a Perfect world The best solution to viruses and worms to prevent infected the system –Generally considered impossible.
Some Great Open Source Intrusion Detection Systems (IDSs)
Internet Vulnerabilities & Criminal Activity Internet Forensics 12.1 April 26, 2010 Internet Forensics 12.1 April 26, 2010.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Cyber Security Phillip Davies Head of Content, Cyber and Investigations.
Global Cyber Security Market by Manufacturers, Regions, Type and Application, Forecast to 2021 Published: December 2016 Single User PDF: US$ 3480 Order.
Air Force Research Labs Dept Homeland Security (HSARPA)
“Enterprise Malware Detection”
Air Force Research Labs Dept Homeland Security (HSARPA)
ACTIVE DEFENSE Leveraging Threat Intelligence in the Enterprise
Continuous Protection
Continuous Protection
ACTIVE DEFENSE Leveraging Threat Intelligence in the Enterprise
Actionable Intelligence
IoT Security Part 2, The Malware
OIT Security Operations
Management Presentation
Company Overview.
Detecting Tomorrows Threats Today
ARSTRAT Cyber Threat Center
Detect Malware No One Else Can… Rapidly Identify it’s capabilities, Mitigate the Threat with Actionable Risk Intelligence.
Today’s cyber security landscape
Malware Reverse Engineering Process
Protection Against Rootkits “Defense In Depth”
Shared Services with Spotfire
Company Overview.
Windows Server 2016 Secure IaaS Microsoft Build /1/2018 4:00 AM
Management Presentation
Enterprise Botnet Detection and Mitigation System DHS Phase II SBIR Contract QUESTION: By a show of hands, how many of you believe that your networks.
Enterprise Botnet Detection and Mitigation System
DHS Phase II SBIR Contract Senior Security Engineer
Rootkit Detection and Mitigation
Compliance with hardening standards
Defeat Tomorrow’s Threats Today
Air Force Research Labs Dept Homeland Security (HSARPA)
Intelligence Driven Defense, The Next Generation SOC
Malware Reverse Engineering Process
Active Cyber Security, OnDemand
Overview.
Global Services.
Defeat Tomorrow’s Threats Today
Conquering all phases of the attack lifecycle
ACTIVE DEFENSE Leveraging Threat Intelligence in the Enterprise
Principles of Computer Security
Closing the Breach Detection Gap
IS4550 Security Policies and Implementation
By: Dr. Visavnath, Lecturer Comp. Engg. Deptt.
Advanced Services Cyber Security 101 © ABB February, | Slide 1.
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Chap 10 Malicious Software.
The Next Generation Cyber Security in the 4th Industrial Revolution
Building an Integrated Security System Microsoft Forefront code name “Stirling” Ravi Sankar Technology Evangelist | Microsoft
What’s new in the Fall Creators Update for Windows Defender ATP
Windows 10 Enterprise subscriptions in CSP – Messaging Summary
Increase and Improve your PC management with Windows Intune
Intrusion Detection system
Chap 10 Malicious Software.
By: Dr. Visavnath, Lecturer Comp. Engg. Deptt.
AIR-T11 What We’ve Learned Building a Cyber Security Operation Center: du Case Study Tamer El Refaey Senior Director, Security Monitoring and Operations.
Presentation transcript:

History of Industry Leadership Founded in 2003 to perform offensive cyber security consulting for high profile government agencies Shifted focus from government consulting to developing security software products Launched first product, Responder Pro, April 2008 Offices in Sacramento, and DC Area Now serve critical infrastructure customers across the government and private sectors including entertainment, financial, healthcare 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010

Management Team Greg Hoglund, Founder, CEO Penny Leavy, President Sam Maccherola, VP Worldwide Sales Jim Butterworth, VP of Services 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010

High Profile Customers Government Agencies: Fortune 500 Corporations: Government Contractors: Department of Homeland Security Morgan Stanley L-3 National Security Agency Blue Team Sony General Dynamics 92nd Airborne Citigroup Merlin International Federal Bureau of Investigation IBM Northrop Grumman Congressional Budget Office General Electric SAIC Department of Justice Cox Cable Booz Allen Hamilton Centers for Disease Control eBay United Technologies Transportation Security Administration JP Morgan ManTech Defense Intelligence Agency Best Buy TASC Defense Information Systems Agency Pfizer Blackbird Technologies US Immigration and Customs Enforcement Baker Hughes COB US Air Force Fidelity 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010 3

Install Base/2011 CONFIDENTIAL Covered by NDA DDNA Nodes 400 standalone/800 DDNA for ePO- 71,000/moving to AD for ePO DDNA OEM-12000/300,000 Active Defense-54,000/800,000 Responder Pro 320/530 Responder Field 1200/2400 FastDumpPro-3000 (plus FastDump Pro is included in all of above) 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010

High-Value Partnerships Drive Strong Growth in Sales 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010 5

History of Solid Revenue Growth HBGary has experienced tremendous revenue growth since 2006, driven primarily by the strong growth in product revenue: 6

Continuous Protection Inoculate Update NIDS Adverse Event Breakdown #3 Check AV Log Breakdown #1 More Compromise Check with AD Scan for BI’s Breakdown #2 Compromise Detected Reimage Machine Get Threat Intel 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010

The Breakdowns #1 – Trusting the AV/HIDS AV doesn’t detect most malware, even variants of malware that it’s supposed to detect. HIDS/HIPS are too cumbersome and throw a lot false +’s #2 – Not using threat intelligence The only way to get better at detecting intrusion is to learn how to detect them next time #3 – Not preventing re-infection If you don’t harden your network then you are just throwing money away 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010

HBGary’s take on all this Focus on malicious behavior, not signatures Based upon disassembled and RE’d software Bad guys don’t write 50,000 new malware every morning Their techniques, algorithms, and protocols stay the same, day in day out Once executing in PHYSICAL memory (not virtual), the software is just software Physmem is the best information source available 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010

Intel Value Window Lifetime  Minutes Hours Days Weeks Months Years Blacklists ATTRIBUTION-Derived Developer Toolmarks Signatures Algorithms NIDS sans address Hooks Protocol Install DNS name IP Address Checksums 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010

Threat Intelligence Data Flow Inoculate Update NIDS Intelligent Perimeter COMS Adverse Event More Compromise Compromise Detected Scan Hosts Artifacts Malware Analysis Timelines Host Analysis Reimage Machine Get Threat Intel 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010

Key Competitive Differentiators Behavior based detection Lowest level possible (physical memory) Disassembled and RE programs on fly Attribution-IR, feeds and malware Visibility into all areas of computer Highly scalable, high speed, concurrent Easy to use and full OS support No open source/product quality, (not a bunch of scripts) 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010

Products 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010

Reimage or Remove Malware HBGary Products Inoculate Update Perimeter IDS Razor (TBD) Inoculator Active Defense™ More Compromise Inoculator Active Defense™ for the cloud (TBD) Responder™ Active Defense™ Digital DNA™ Active Defense™ Scan Hosts Compromise Detected Digital DNA™ Inoculator Reimage or Remove Malware Get Threat Intel 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010

Active Defense 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010

Active Defense 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010

Active Defense in ePO 4.5 Copyright HBGary, Inc 2008, 2009, 2010 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010

Inoculator™ 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010

Responder Professional 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010

Responder w/ REcon Records the entire lifecycle of a software program, from first instruction to the last. It records data samples at every step, including arguments to functions and pointers to objects. Offline physical memory analysis: Rebuilding windows without windows All physical to virtual address translations 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010

Digital DNA™ 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010

Digital DNA™ Performance 4 gigs per minute, thousands of patterns in parallel, NTFS raw disk, end node 2 gig memory, 5 minute scan, end node Hi/Med/Low throttle = 10,000 machine scan completes in < 1 hour 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010

Under the hood These images show the volume of decompiled information produced by the DDNA engine. Both malware use stealth to hide on the system. To DDNA, they read like an open book. 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010

Ranking Software Modules by Threat Severity Software Behavioral Traits Digital DNA™ Ranking Software Modules by Threat Severity 0B 8A C2 05 0F 51 03 0F 64 27 27 7B ED 06 19 42 00 C2 02 21 3D 00 63 02 21 8A C2 Malware shows up as a red alert. Suspicious binaries are orange. For each binary we show its underlying behavioral traits. Examples of traits might be “packed with UPX”, “uses IRC to communicate”, or “uses kernel hooking with may indicate a presence of a rootkit”. The blue bar shows the Digital DNA sequence for the binary iimo.sys. 0F 51 0F 64 Software Behavioral Traits 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010

B[00 24 73 ??]k ANDS[>004] C”QueueAPC”{arg0:0A,arg} What’s in a Trait? 04 0F 51 B[00 24 73 ??]k ANDS[>004] C”QueueAPC”{arg0:0A,arg} The rule is a specified like a regular expression, it matches against automatically reverse engineered details and contains boolean logic. These rules are considered intellectual property and not shown to the user. Unique hash code Weight / Control flags The trait, description, and underlying rule are held in a database 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010

Managed Services 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010

Managed Service Weekly, enterprise-wide scanning with DDNA & updated IOC’s (using HBGary Product) Includes extraction of threat-intelligence from compromised systems and malware Includes creation of new IDS signatures Includes inoculation shot development Includes option for network monitoring specifically for C2 traffic and exfiltration

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.