Ilija Jovičić Sophos Consultant.

Slides:

Advertisements

Similar presentations

Network Security Attack Analysis. cs490ns - cotter2 Outline Types of Attacks Vulnerabilities Exploited Network Attack Phases Attack Detection Tools.

Advertisements

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

By Hiranmayi Pai Neeraj Jain

Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.

Security for Today’s Threat Landscape Kat Pelak 1.

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

LittleOrange Internet Security an Endpoint Security Appliance.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Kaspersky Lab: The Best of Both Worlds Alexey Denisyuk, pre-sales engineer Kaspersky Lab Eastern Europe 5 th April 2012 / 2 nd InfoCom Security Conference.

©2012 Check Point Software Technologies Ltd. | [Confidential] For Check Point users and approved third parties Building Your Security Strategy with 3D.

eScan Total Security Suite with Cloud Security

©2015 Check Point Software Technologies Ltd. 1 [Restricted] ONLY for designated groups and individuals Preventing the next breach or discovering the one.

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.

1.2 Security. Computer security is a branch of technology known as information security, it is applied to computers and networks. It is used to protect.

Complete Security. Threats changing, still increasing Data everywhere, regulations growing Users everywhere, using everything We’re focused on protecting.

Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz

ANTIVIRUS SOFTWARE.  Antivirus software is the most widespread mechanism for defending individual hosts against threats associated with malicious software,

Recent Internet Viruses & Worms By Doppalapudi Raghu.

Synchronized Security Revolutionizing Advanced Threat Protection

Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.

©2015 HEAT Software. All rights reserved. Proprietary & Confidential. Ransomware: How to Avoid Extortion Matthew Walker – VP Northern Europe.

1 #UPAugusta Today’s Topics What are Deadly IT Sins? Know them. Fear them. Fix them. #UPAugusta201 6.

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

DEVICE MANAGEMENT AND SECURITY NTM 1700/1702. LEARNING OUTCOMES 1. Students will manipulate multiple platforms and troubleshoot problems when they arise.

Kaspersky Small Office Security INTRODUCING New for 2014!

©2015 Check Point Software Technologies Ltd. 1 Website Watering Holes Endpoints are at risk in numerous ways, especially when social engineering is applied.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

1 Sophos Security made simple. Steven Hecht Channel Account Executive Andy Miller Enterprise Account Manager

Cosc 4765 Antivirus Approaches. In a Perfect world The best solution to viruses and worms to prevent infected the system –Generally considered impossible.

Next-Generation Endpoint Protection Enduser Protection

HIPS. Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks,

Intercept X Early Access Program Sophos Tester

WannaCry/WannaCrypt Ransomware

Advanced Endpoint Security Data Connectors-Charlotte January 2016

Sophos Intercept X Matt Cooke – Senior Product Marketing Manager.

Sophos Central for partners and customers: overview and new features

BUILD SECURE PRODUCTS AND SERVICES

WannaCry/WannaCrypt Ransomware

Follow-up issues from the presentation on Anti-virus / Security software TD & SD have encountered problems with AVG, which also is not rated highly in.

Trend Micro Consumer 2010 Easy. Fast. Smart.

Tom Hartig Check Point Software Technologies August 13th, 2015

A Virtual Tour of SophosLabs Building next-generation protection

Sophos Intercept Next-Gen Endpoint Protection

Three Things About Malware

Synchronized Security

Intercept X Early Access Program Root Cause Analysis

Ransomware today: How to protect against Locky and friends

Protection Against Rootkits “Defense In Depth”

Techniques, Tools, and Research Issues

Systems Security Keywords Protecting Systems

Active Cyber Security, OnDemand

Sophos Intercept Next-Gen Endpoint Protection

Trends in Ransomware Distribution

Computer Security Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Intercepting Advanced Threats

Virtualization & Security real solutions

Matt G change over point ?

Enhancing Malware Detection

Intercept X for Server Early Access Program Sophos Tester

Malware, Phishing and Network Policies

Intercept X Install alongside competitive AV

Intercept X Early Access Program Root Cause Analysis

Secure once, run anywhere Simplify your security with Sophos

Chapter 4: Protecting the Organization

Per Söderqvist Per Söderqvist Sales Engineer

Cybersecurity Simplified: Ransomware

Presentation transcript:

Ilija Jovičić Sophos Consultant

Where Malware is stopped at the Endpoint 80% 10% 5% Reduce attack surface URL Filtering Download Reputation Device Control Pre-execution analysis Heuristics Rule based Signatures Known Malware families 3% 2% Runtime Behaviour monitoring Exploit Prevention Detection of exploit techniques Traditional Malware Modern Threats

Sophos Stops Crypto-Malware Anti-Ransomware Anti-Exploit LIMITED VISIBILITY RANSOMWARE ZERO DAY EXPLOITS Stops Crypto-Malware Detects and prevents unauthorized encryption Restores unencrypted original files Anti-Ransomware Anti-Exploit Stops unknown Malware Signatureless prevention of 0-Day Malware No performance impact Removes the threat Forensic detection and signatureless removal of yet unknown Malware Extended Cleanup Analyzes the attack What has happened? What is affected? How do I prevent this in the future? Root Cause Analysis CRIME SCENE CLEANUP Intercept X CryptoGuard technology protects you from ransomware that encrypts your data. Now we are adding boot record and disk wipe protection to further defend your computer against tampering. CryptoGuard for servers CryptoGuard now stops ransomware from encrypting data on Windows servers, including network shares. It can protect against ransomware running locally or remotely. You'll need a Server Protection Advanced license https://news.sophos.com/en-us/2016/09/26/what-is-an-exploit/

CryptoGuard - local Ransomware Unecrypted file before write operation File write Encrypted file after write operation Secure file backup Root Cause Analysis Extended Cleanup with Sophos Clean

Where is the real threat? Haha! All your files are encrypted! Give me money! Let‘s see what we can find here..

Exploit Prevention Detection of new Malware via Exploit Techniques Patches Patches Exploit Prevention Signatures, Heuristics Reputation Behavioral Detection Time Vulnerabilities Bugs in applications or the operating system 1,000*n /Year Zero-Day-Exploits Code, that uses unknown vulnerabilities ? 100*n /Year Known Exploits Code, that exploits known vulnerabilities Malware Typically uses exploits to infect target systems and executes malicious payload (e.g. encryption, data theft) 100.000.000 /Year 25 Exploit Techniques Techniques to run malicious code within vulnerable applications, e.g. via buffer overflows

Exploit Prevention Detection of new Malware via Exploit Techniques Patches Patches Exploit Prevention Signatures, Heuristics Exploit Prevention Signatureless protection against 0-day attacks No performance impact Prevents the exploitation of vulnerabilities in insecure or unpatched applications Stops the attack Reputation Behavioral detection Time Vulnerabilities Bugs in applications or the operating system 1,000*n /Year 100*n /Year Known Exploits Code, that exploits known vulnerabilities 25 Exploit Techniques Techniques to run malicious code within vulnerable applications, e.g. via buffer overflows Zero-Day-Exploits Code, that exploits unknown vulnerabilities ? Available in Sophos Intercept X Endpoint eXploit Prevention

Analysis of the incident Root Cause Analysis Analysis of the incident Identification of relevant processes, registry keys, files and communication Graphical display of chain of events Identifies source of infection What happened? What is affected? Affected Ressources Which files and systems are affected? Which file shares or removable media are affected? What other systems do I have to clean up? Consequences Which malware entry channels do I have to close? How can I prevent malware from spreading inside my network? How do I prevent this in the future?

Intercept X Root Cause Analysis

Synchronized Security replaces best of breed Sophos Central Next-Gen Firewall UTM Endpoint Wireless Next-Gen Endpoint Analysis Web Mobile Email Server File Encryption Disk Encryption

Security Heartbeat – Virus infection Virus detected Remove keys Client in network quarantine

Demo