Company Overview.

Slides:



Advertisements
Similar presentations
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Advertisements

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
Students: Jacek Czeszewski and Marcos Verdini Rosa Professor: José Manuel Magalhães Cruz.
A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.
Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.
Spyware and Viruses Group 6 Magen Price, Candice Fitzgerald, & Brittnee Breze.
©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.
Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.
Monnappa KA  Info Security Cisco  Member of SecurityXploded  Reverse Engineering, Malware Analysis, Memory Forensics 
Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX.
1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.
Nexthink V5 Demo Security – Malicious Anomaly. Situation › Avoid damage resulting from the incident itself and the cost of the unplanned response › Protection.
Sky Advanced Threat Prevention
BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.
ECAT 4.1 – Rule Your Endpoints What’s New Customer Overview.
How to Make Cyber Threat Intelligence Actionable
Artificial Intelligence. Real Threat Prevention.
Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle.
Internet Vulnerabilities & Criminal Activity Internet Forensics 12.1 April 26, 2010 Internet Forensics 12.1 April 26, 2010.
Is Endpoint security dead?
Air Force Research Labs Dept Homeland Security (HSARPA)
“Enterprise Malware Detection”
Air Force Research Labs Dept Homeland Security (HSARPA)
ACTIVE DEFENSE Leveraging Threat Intelligence in the Enterprise
Advanced Endpoint Security Data Connectors-Charlotte January 2016
Sophos Intercept X Matt Cooke – Senior Product Marketing Manager.
History of Industry Leadership
ACTIVE DEFENSE Leveraging Threat Intelligence in the Enterprise
DHS Phase II SBIR Contract Vice President Business Development
Actionable Intelligence
OIT Security Operations
Detecting Tomorrows Threats Today
Live Malware Analysis for the Incident Responder
ARSTRAT Cyber Threat Center
Detect Malware No One Else Can… Rapidly Identify it’s capabilities, Mitigate the Threat with Actionable Risk Intelligence.
A lustrum of malware network communication: Evolution & insights
Malware Reverse Engineering Process
Protection Against Rootkits “Defense In Depth”
Company Overview.
Vikas Uberoy -Channel Director ANZ
Real-time protection for web sites and web apps against ATTACKS
Enterprise Botnet Detection and Mitigation System DHS Phase II SBIR Contract QUESTION: By a show of hands, how many of you believe that your networks.
Enterprise Botnet Detection and Mitigation System
DHS Phase II SBIR Contract Senior Security Engineer
Rootkit Detection and Mitigation
Defeat Tomorrow’s Threats Today
Air Force Research Labs Dept Homeland Security (HSARPA)
Malware Reverse Engineering Process
Active Cyber Security, OnDemand
Overview.
Global Services.
Defeat Tomorrow’s Threats Today
ACTIVE DEFENSE Leveraging Threat Intelligence in the Enterprise
McAfee Security Connected – Next Generation Security
5G Security Training
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Chap 10 Malicious Software.
Professional Malware is Unstoppable
Panda Adaptive Defense Platform and Services
Chapter 4: Protecting the Organization
Building an Integrated Security System Microsoft Forefront code name “Stirling” Ravi Sankar Technology Evangelist | Microsoft
What’s new in the Fall Creators Update for Windows Defender ATP
Chap 10 Malicious Software.
Are your users fed up with your Anti-malware protection software?
Counter APT Counter APT HUNT operations combine best of breed endpoint detection response technology with an experienced cadre of cybersecurity experts.
AIR-T11 What We’ve Learned Building a Cyber Security Operation Center: du Case Study Tamer El Refaey Senior Director, Security Monitoring and Operations.
Cybriant Partner Partner Program White Label Materials
Presentation transcript:

Company Overview

HBGary Background Government Services Founded in 2003 Solutions: Host Intrusion Detection & Incident Response Live Windows Memory Forensics Malicious Code Detection Automated Reverse Engineering Products: HBGary Responder Enterprise (to be announced March 9th, 2009) McAfee ePO (HBSS) Integration HBGary Responder Professional Stand alone application Services & Training Incident Response Malware Analysis 2

Air Force Research Labs Dept Homeland Security (HSARPA) HBGary R&D Funding Air Force Research Labs Next Generation Software Reverse Engineering Tools (Phases I and II) Kernel Virtual Machine Host Analyzer (Phases I and II) Virtual Machine Debugger (Phase I) Dept Homeland Security (HSARPA) Botnet Detection and Mitigation (Phases I and II) H/W Assisted System Security Monitor (Phases I and II) Subcontractor to AFCO Systems Development Small Business Innovative Research (SBIR) Program 3

Growing Cybercrime Problem Sophisticated targeted attacks Criminal and state sponsored Motivated, well funded adversaries Any cyber defense can and will be defeated

We process almost 5,000 malware every 24 hours

Bots Rootkits Process Injectors All infecting Enterprises RIGHT NOW

Anti-virus Shortcomings Source: “Eighty percent of new malware defeats antivirus”, ZDNet Australia, July 19, 2006 Top 3 AV companies don’t detect 80% of new malware The sheer volume and complexity of computer viruses being released on the Internet today has the anti-virus industry on the defensive, experts say, underscoring the need for consumers to avoid relying on anti-virus software alone to keep their…computers safe and secure. Source: “Anti-Virus Firms Scrambling to Keep Up ”, The Washington Post, March 19, 2008 7

What you don’t see can hurt you.

HBGary’s Approach Detect, Diagnose, Respond Host-centric approach Find the bad guy on computers and tell you what he is doing Host-centric approach Physical memory (RAM) analysis Binary analysis Detection with Digital DNA Enterprise endpoint detection and visibility

Benefits Enterprise detection of compromised hosts Visibility of remote hosts Lowers the skill bar for incident response Better cyber defense

HBGary Software Products HBGary Responder Enterprise Enterprise host intrusion detection system Integrated with McAfee ePolicy Orchestrator HBGary Responder Professional Investigator’s tool for computer incident response

Ranking Software Modules by Threat Severity Software Behavioral Traits Digital DNA Ranking Software Modules by Threat Severity Software Behavioral Traits

Why Digital DNA? Detect New and Advanced Threats Malware Variants Polymorphic code Memory-Resident Code Rootkits Complements Anti-Virus

Successful Technology Transition HBGary Responder Customers Customer Type DoD Civilian Agencies Government Contractors Fortune 500 Foreign Governments Universities No. of Customers 18 17 5 12 4

Strategic Partners McAfee Guidance Software (Encase) Agilex

Offline Physical Memory Analysis The Core Technology Offline Physical Memory Analysis Rootkit Detection Automated Malware Analysis DNA Digital Alerting & Reporting Offline physical memory analysis: Rebuilding windows without windows All physical to virtual address translations This is The Advantage! Rebuilds underlying undocumented data structures Rebuilds running state of machine “exposes all objects ” Malware cannot hide itself actively

The Core Technology Hook Detection IDT/SSDT/Driver Chains Offline Physical Memory Analysis Rootkit Detection Automated Malware Analysis DNA Digital Alerting & Reporting Offline physical memory analysis: Rebuilding windows without windows All physical to virtual address translations Direct Kernel Object Manipulation Detection Hook Detection IDT/SSDT/Driver Chains These tricks expose themselves by interacting with OS Crossview Based Analysis

The Core Technology Suspicious Code is extracted from RAM Offline Physical Memory Analysis Rootkit Detection Malware Analysis Automated DNA Digital Alerting & Reporting Offline physical memory analysis: Rebuilding windows without windows All physical to virtual address translations Code is Disassembled, broken apart, and analyzed Integration with Flypaper & Flypaper Pro Suspicious Code is extracted from RAM Code Control Flow Graphing

The Core Technology DDNA created for all executable code Offline Physical Memory Analysis Rootkit Detection Automated Malware Analysis DNA Digital Alerting & Reporting Offline physical memory analysis: Rebuilding windows without windows All physical to virtual address translations DDNA created for all executable code A Threat Score is provided for all code Identifies executable code behaviors White & Black List Code /Behaviors

The Core Technology Custom Reports in XML, RTF, PDF, other Offline Physical Memory Analysis Rootkit Detection Automated Malware Analysis DNA Digital Alerting & Reporting Reports can be sent to Enterprise Console Behavioral Analysis Scan and others Custom Reports in XML, RTF, PDF, other Alert on Suspicious Behaviors and coding tricks

Responder Professional v1.3 The only comprehensive memory analysis platform on the market Host Intrusion Detection, Incident Response, Live Windows Forensics, Automated Malware Analysis Enterprise Responder v1.0 - McAfee EPO 4.0 Integration Enterprise Malware & Rootkit Detection & Reporting HBGary / EnCase Enterprise Integration Enterprise solution for remote physical memory analysis Remotely Scan physical memory for suspicious items Advanced Malware & Rootkit Detection

Fastdump Pro v1.3 Flypaper Pro v1.0 Physical Memory Acquisition tool 32 and 64 bit Windows Operating Systems Supports systems with more than 4GB RAM Process Probe Feature Flypaper Pro v1.0 Log Viewer with enhanced logging File system Registry Network Activity Memory Tar Pit

Threat Assessment Engines Integration with McAfee ePO GA March Phase Two Threat Assessment Engines HBGary Portal ePO Console Responder Workstation ePO Server ePO Agents (Endpoints) Schedule HBGary Evidence Server SQL Events HBG Extension HBG WPMA WPMA = Windows Physical Memory Analysis

Fuzzy Search

Behavioral Traits DDNA Trait codes are like this: 04 0F 51 Weight / Control flags Unique hash code Description is held in a database

DDNA Sequences 02 82 78 02 D6 F7 07 CD E3 05 51 87 05 A8 F1 02 FB 99 02 45 5B 02 7C 9A 02 AC CF 00 9F… This is a series of 3 octet trait codes Each trait can have a weight from -15 to +15. + means suspicious – means trusted The entire sequence is weighted by summing the weights of each trait. Discrete weight decay algorithm The summing of weights is performed using an algorithm known as the This algorithm will decay the effects of a repeated weight value over time. +40 points or more in weight = Suspicious or potentially “Evil”

Digital DNA Screenshot

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.