Faizel Lakhani | President & COO SS8 BreachDetect Faizel Lakhani | President & COO

Vulnerability Weaponized The Current Model Traditional threat intelligence feeds raise alarms when known threats are detected in the future Some offer a very short window to go backwards to determine if the vulnerability was used to access the network Your Exposure Your visibility to this vulnerability History Vulnerability Weaponized Malware Discovered Threat Definition

Vulnerability Weaponized The SS8 Difference Time Machine for Breach Detection SS8 identifies when vulnerabilities were exploited in the past. We alert you to those vulnerabilities being exploited now and in the future. Leading threat intelligence feeds Your Exposure Your visibility to this vulnerability Your visibility to this vulnerability History Vulnerability Weaponized Threat Definition Malware Discovered

Introducing SS8 BreachDetect Time Machine for Breach Detection Lightweight Sensors Learning Analytics Automated Discovery Application-aware sensors deploy on the network to generate High-Definition Records (HDRs) that can be stored for years Enriches, analyzes, learns, and matches HDR data with user, device and threat intelligence information Simplified workflows and visualization built for the security analyst take the guesswork out of hunting for breaches

BreachDetect at Work Find breaches now you didn’t know about before Firewall Anti-Malware Intrusion Detection Anti-Virus Web session from 1.2.3.4 to 9.8.7.6 using Internet Explorer on a Windows 8.1 computer Email session from 12.13.14.15 to 91.84.73.62 with attachment, “Your Benefits Statement.pdf” File upload using Dropbox over HTTPS from 55.62.73.84 to 10.19.18.17, “employee information.pdf” Uncovered as a Command and Control Network Uncovered weeks later as a Phishing Attack Found to be a source of Malware installation

Differentiators 1 Workflows Built for Breach Hunting

HIGH-DEFINITION RECORDS (HDRs) Differentiators 2 HDRs Provide App-Level Visibility Layer 7 intelligence (not NetFlow) Decodes thousands of protocols 10 million HDRs processed per second HIGH-DEFINITION RECORDS (HDRs) Date Time User Device App Attachment Size 03-12-16 23:22:16 John Locno iPhone - 140 kb 03-13-16 07:10:55 Dennis Li Dell Laptop book.doc 20 MB 04-04-16 10:30:03 Tim Blattly Dev Server prez2.zip 43.7 MB 04-10-16 09:20:02 Bill Simons MacBook results.ppt 3 MB 04-15-16 20:09:01 Sandy Stall 198 kb

Conventional Packet Storage Differentiators 3 Extensive Data Storage for Retrospection Full Packets, and Coarse or No Metadata Conventional Packet Storage 2 Weeks of Data No Enrichment with Device or User Information - Investigation-grade, High-Definition Records from Every Packet Enrichment with User and Device information + 8-10 Years of Data

HDRs 4 Differentiators Network, Device, Identity, Application Not just replaying history, learning from and applying it HDRs Network, Device, Identity, Application Threat Feeds SS8 Applies Today’s Knowledge to History SS8 Supports Any Threat Feeds Other devices with the same connections? Did any employees go to newly learnt malvertising sites? SAP ThreatDetect, AlienVault, iSIGHT Partners, Critical Stack, and more… Did anyone else receive this same phishing email and attachment? Did anyone take advantage of this vulnerability in the past?

Thank You www.SS8.com