Presentation is loading. Please wait.

Presentation is loading. Please wait.

Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle.

Published byAlexis Harrison Modified over 8 years ago

Similar presentations

Presentation on theme: "Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle."— Presentation transcript:

1 Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle Line Title Line Right Margin LineLeft Margin Line. McAfee Confidential Top of Content Box Line Subtitle Line Title Line Scott Spinney  Senior Sales Engineer, Intel Security ​ Selecting an advanced threat solution: What to look for and why

2 Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle Line Title Line Right Margin LineLeft Margin Line. McAfee Confidential Agenda: Request for Information 2

3 Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle Line Title Line Right Margin LineLeft Margin Line. McAfee Confidential 3 Agenda: Request for Information

4 Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle Line Title Line Right Margin LineLeft Margin Line. McAfee Confidential Advanced Malware 4 Market wisdom Identified However, Sandboxing by Itself Should Not be Your Only Defense Resource Intensive Not Real Time Lacks Scalability ??? Because of Behavior Analysis Because No Signature Match ??? Sandboxing Safe ? Malware ? ? Alert vs Actions

5 Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle Line Title Line Right Margin LineLeft Margin Line. McAfee Confidential Dynamic and Static Code Real-time Emulation Protection and Performance Detect Advanced Threats 5 Number of Samples You Can Process Known Good Known Bad File ExecutionEmulation White/ Black Listing AV GTI Compute Cycles Needed/Time to process

6 Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle Line Title Line Right Margin LineLeft Margin Line. McAfee Confidential Dynamic and Static Code Analysis Detect Advanced Threats 6 Analyze Static Code AnalysisDynamic Analysis Analyze Unpacking Disassembly of Code Calculate Latent Code Familial Resemblance Run Time DLLs Network Operations File Operations Process Operations Delayed execution

7 Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle Line Title Line Right Margin LineLeft Margin Line. McAfee Confidential Quarian – Designed for Sandbox Evasion 7 In Action 1.User receives phishing email 2.User Clicks link and downloads PDF 3.Most sandboxes see no bad behavior Malicious Web Server End User Attacker Phishing Email PDF download SANDBOX Quarian leverages older code but designed to identify a sandbox and stay silent. Majority of code remains the same as previously known attack Dynamic Code Analysis

8 Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle Line Title Line Right Margin LineLeft Margin Line. McAfee Confidential Sandbox scans incoming PDF Static Code Analysis unpacks and identifies as from a malicious family of code Alerts Analyst with what was found Stopping Quarian and Sandbox Evasions 8 Static Code Analysis End User Analysis of Unpacked Code Malicious Web Server Attacker Phishing Email Family Name: Trojan.Win32.APT_Guodl Similarity Factor: 66.72 Return

9 Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle Line Title Line Right Margin LineLeft Margin Line. McAfee Confidential 9 Accurate & Action-able Conviction Details Advanced Threat Defense unpacks code and provides a visual representation of executed and unexecuted code

10 Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle Line Title Line Right Margin LineLeft Margin Line. McAfee Confidential Accurate and Action-able Conviction Details Range of reporting options – from high level to highly detailed 10

11 Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle Line Title Line Right Margin LineLeft Margin Line. McAfee Confidential Find, Block and Remediate Comprehensive Approach to Advanced Threats 11 CORRECT DETECT Advanced Threat Defense Endpoint Next Generation Firewall Network IPS/IDS Email Gateway Web Gateway SIEM Active Response Threat Intelligence PROTECT

12 Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle Line Title Line Right Margin LineLeft Margin Line. McAfee Confidential Threat Intelligence: VirusTotal Sandbox Desktops/Laptops Endpoint Manager Operationalizing Threat Intelligence 12 Adapt and immunize—from encounter to containment in milliseconds 3 rd Party Feeds: STIX TAXII Local Threat Intelligence Servers NO YES Adaptive security improves anti-malware protection Better analysis of the gray Crowd-source reputations from your own environment Manage risk tolerance across departments/system types Actionable intelligence Early awareness of first occurrence flags attacks as they begin Know who may be/was compromised when certificate or file reputation changes

13 Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle Line Title Line Right Margin LineLeft Margin Line. McAfee Confidential SIEM Desktops/Laptops Servers Endpoint Manager Sandbox Web Gateway Email Gateway Security Devices: Firewalls IPS/IDS Operationalizing Threat Intelligence 13 Instant protection across the enterprise Threat Intelligence: VirusTotal 3 rd Party Feeds: STIX TAXII Block access based on endpoint convictions Security components operate as one to immediately share relevant data between endpoint, gateway, and other security products Proactively and efficiently protect your organization as soon as a threat is revealed Local Threat Intelligence

14 Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle Line Title Line Right Margin LineLeft Margin Line. McAfee Confidential McAfee SIEM McAfee VSE Threat Intelligence Module McAfee VSE Threat Intelligence Module McAfee ePolicy Orchestrator McAfee Advanced Threat Defense Sandbox McAfee Web Gateway McAfee Email Gateway 3rd Party: TITUS ForeScout CloudHASH McAfee IPS/IDS McAfee Threat Intelligence Ecosystem 14 Instant protection across the enterprise McAfee Global Threat Intelligence/ VirusTotal 3 rd Party Feeds: STIX TAXII Block access based on endpoint convictions Security components operate as one to immediately share relevant data between endpoint, gateway, and other security products Proactively and efficiently protect your organization as soon as a threat is revealed McAfee Threat Intelligence Server

15 Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle Line Title Line Right Margin LineLeft Margin Line. McAfee Confidential IOC 1 IOC 2 IOC 3 IOC 4 ATD Sandbox ESM SIEM Detection, Protection and Correction Adaptive Response Web Gateway Email Gateway 3d Party IPS/IDS Network & Gateway Endpoints network and endpoints adapt payload is analyzed IOC intelligence pinpoints historic breaches previously breached systems are isolated and remediated TIE Endpoint Module

16 Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle Line Title Line Right Margin LineLeft Margin Line. McAfee Confidential 16 McAfee Advanced Threat Defense Better Detection, Better Protection. Lower Total Cost of Ownership. Faster Time to Malware Conviction, Containment, and Remediation.

17 Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle Line Title Line Right Margin LineLeft Margin Line. McAfee Confidential 17

Download ppt "Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle."

Similar presentations

Security Life Cycle for Advanced Threats

Security Life Cycle for Advanced Threats
Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle.

Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle.

Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle.
Joshua Senzer, CISSP Sr. Systems Engineer – North East Channel

Joshua Senzer, CISSP Sr. Systems Engineer – North East Channel
Top of Content Box Line Subtitle Line Title Line Ruslans Barbasins| Territory Manager – CIS, Central Asia, Caucasus Leading The World Into Connected Security.

Top of Content Box Line Subtitle Line Title Line Ruslans Barbasins| Territory Manager – CIS, Central Asia, Caucasus Leading The World Into Connected Security.
Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.

Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
 Malicious or unsolicited mail sent to a mailbox without the option to unsubscribe  Often used as a catch-all of any undesired or questionable mail.

 Malicious or unsolicited mail sent to a mailbox without the option to unsubscribe  Often used as a catch-all of any undesired or questionable mail.
IBM Security Network Protection (XGS)

IBM Security Network Protection (XGS)
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
Kaspersky Lab: The Best of Both Worlds Alexey Denisyuk, pre-sales engineer Kaspersky Lab Eastern Europe 5 th April 2012 / 2 nd InfoCom Security Conference.

Kaspersky Lab: The Best of Both Worlds Alexey Denisyuk, pre-sales engineer Kaspersky Lab Eastern Europe 5 th April 2012 / 2 nd InfoCom Security Conference.
©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.

©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.
MANAGEMENT ANTIMALWARE PLATFORM Microsoft Malware Protection Center Dynamic Signature Svc Available only in Windows 8 Endpoint Protection Management.

MANAGEMENT ANTIMALWARE PLATFORM Microsoft Malware Protection Center Dynamic Signature Svc Available only in Windows 8 Endpoint Protection Management.
Pre-Release Information Aug 17, 2009 Trend Micro Web Gateway Security InterScan Web Security Virtual Appliance v5 Advanced Reporting and Management v1.

Pre-Release Information Aug 17, 2009 Trend Micro Web Gateway Security InterScan Web Security Virtual Appliance v5 Advanced Reporting and Management v1.
Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz

Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz
The Changing World of Endpoint Protection

The Changing World of Endpoint Protection
E-mail Crimeware: An Emerging, Acute Threat Dave Green.

Crimeware: An Emerging, Acute Threat Dave Green.
Network security Product Group 2 McAfee Network Security Platform.

Network security Product Group 2 McAfee Network Security Platform.
Nexthink V5 Demo Security – Malicious Anomaly. Situation › Avoid damage resulting from the incident itself and the cost of the unplanned response › Protection.

Nexthink V5 Demo Security – Malicious Anomaly. Situation › Avoid damage resulting from the incident itself and the cost of the unplanned response › Protection.

Similar presentations

Ads by Google