Presentation is loading. Please wait.

Presentation is loading. Please wait.

History of Industry Leadership

PublishHubert McGee Modified over 6 years ago

Similar presentations

Presentation on theme: "History of Industry Leadership"— Presentation transcript:

1 History of Industry Leadership
Founded in 2003 to perform offensive cyber security consulting for high profile government agencies Shifted focus from government consulting to developing security software products Launched first product, Responder Pro, April 2008 Offices in Sacramento, and DC Area Now serve critical infrastructure customers across the government and private sectors including entertainment, financial, healthcare 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010

2 Management Team Greg Hoglund, Founder, CEO Penny Leavy, President
Sam Maccherola, VP Worldwide Sales Jim Butterworth, VP of Services 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010

3 High Profile Customers
Government Agencies: Fortune 500 Corporations: Government Contractors: Department of Homeland Security Morgan Stanley L-3 National Security Agency Blue Team Sony General Dynamics 92nd Airborne Citigroup Merlin International Federal Bureau of Investigation IBM Northrop Grumman Congressional Budget Office General Electric SAIC Department of Justice Cox Cable Booz Allen Hamilton Centers for Disease Control eBay United Technologies Transportation Security Administration JP Morgan ManTech Defense Intelligence Agency Best Buy TASC Defense Information Systems Agency Pfizer Blackbird Technologies US Immigration and Customs Enforcement Baker Hughes COB US Air Force Fidelity 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010 3

4 Install Base/2011 CONFIDENTIAL Covered by NDA
DDNA Nodes 400 standalone/800 DDNA for ePO- 71,000/moving to AD for ePO DDNA OEM-12000/300,000 Active Defense-54,000/800,000 Responder Pro 320/530 Responder Field 1200/2400 FastDumpPro-3000 (plus FastDump Pro is included in all of above) 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010

5 High-Value Partnerships Drive Strong Growth in Sales
1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010 5

6 History of Solid Revenue Growth
HBGary has experienced tremendous revenue growth since 2006, driven primarily by the strong growth in product revenue: 6

7 Continuous Protection
Inoculate Update NIDS Adverse Event Breakdown #3 Check AV Log Breakdown #1 More Compromise Check with AD Scan for BI’s Breakdown #2 Compromise Detected Reimage Machine Get Threat Intel 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010

8 The Breakdowns #1 – Trusting the AV/HIDS
AV doesn’t detect most malware, even variants of malware that it’s supposed to detect. HIDS/HIPS are too cumbersome and throw a lot false +’s #2 – Not using threat intelligence The only way to get better at detecting intrusion is to learn how to detect them next time #3 – Not preventing re-infection If you don’t harden your network then you are just throwing money away 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010

9 HBGary’s take on all this
Focus on malicious behavior, not signatures Based upon disassembled and RE’d software Bad guys don’t write 50,000 new malware every morning Their techniques, algorithms, and protocols stay the same, day in day out Once executing in PHYSICAL memory (not virtual), the software is just software Physmem is the best information source available 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010

10 Intel Value Window Lifetime  Minutes Hours Days Weeks Months Years
Blacklists ATTRIBUTION-Derived Developer Toolmarks Signatures Algorithms NIDS sans address Hooks Protocol Install DNS name IP Address Checksums 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010

11 Threat Intelligence Data Flow
Inoculate Update NIDS Intelligent Perimeter COMS Adverse Event More Compromise Compromise Detected Scan Hosts Artifacts Malware Analysis Timelines Host Analysis Reimage Machine Get Threat Intel 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010

12 Key Competitive Differentiators
Behavior based detection Lowest level possible (physical memory) Disassembled and RE programs on fly Attribution-IR, feeds and malware Visibility into all areas of computer Highly scalable, high speed, concurrent Easy to use and full OS support No open source/product quality, (not a bunch of scripts) 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010

13 Products 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010

14 Reimage or Remove Malware
HBGary Products Inoculate Update Perimeter IDS Razor (TBD) Inoculator Active Defense™ More Compromise Inoculator Active Defense™ for the cloud (TBD) Responder™ Active Defense™ Digital DNA™ Active Defense™ Scan Hosts Compromise Detected Digital DNA™ Inoculator Reimage or Remove Malware Get Threat Intel 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010

15 Active Defense 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010

16 Active Defense 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010

17 Active Defense in ePO 4.5 Copyright HBGary, Inc 2008, 2009, 2010
1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010

18 Inoculator™ 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010

19 Responder Professional
1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010

20 Responder w/ REcon Records the entire lifecycle of a software program, from first instruction to the last. It records data samples at every step, including arguments to functions and pointers to objects. Offline physical memory analysis: Rebuilding windows without windows All physical to virtual address translations 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010

21 Digital DNA™ 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010

22 Digital DNA™ Performance
4 gigs per minute, thousands of patterns in parallel, NTFS raw disk, end node 2 gig memory, 5 minute scan, end node Hi/Med/Low throttle = 10,000 machine scan completes in < 1 hour 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010

23 Under the hood These images show the volume of decompiled information produced by the DDNA engine. Both malware use stealth to hide on the system. To DDNA, they read like an open book. 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010

24 Ranking Software Modules by Threat Severity Software Behavioral Traits
Digital DNA™ Ranking Software Modules by Threat Severity 0B 8A C2 05 0F F B ED C D 8A C2 Malware shows up as a red alert. Suspicious binaries are orange. For each binary we show its underlying behavioral traits. Examples of traits might be “packed with UPX”, “uses IRC to communicate”, or “uses kernel hooking with may indicate a presence of a rootkit”. The blue bar shows the Digital DNA sequence for the binary iimo.sys. 0F 51 0F 64 Software Behavioral Traits 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010

25 B[00 24 73 ??]k ANDS[>004] C”QueueAPC”{arg0:0A,arg}
What’s in a Trait? 04 0F 51 B[ ??]k ANDS[>004] C”QueueAPC”{arg0:0A,arg} The rule is a specified like a regular expression, it matches against automatically reverse engineered details and contains boolean logic. These rules are considered intellectual property and not shown to the user. Unique hash code Weight / Control flags The trait, description, and underlying rule are held in a database 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010

26 Managed Services 1/23/2018 Copyright HBGary, Inc 2008, 2009, 2010

27 Managed Service Weekly, enterprise-wide scanning with DDNA & updated IOC’s (using HBGary Product) Includes extraction of threat-intelligence from compromised systems and malware Includes creation of new IDS signatures Includes inoculation shot development Includes option for network monitoring specifically for C2 traffic and exfiltration

Download ppt "History of Industry Leadership"

Similar presentations

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
John Prisco President and CEO Triumfant, Inc. Our defenses are designed to defeat threats we have seen before. We have very little protection against.

John Prisco President and CEO Triumfant, Inc. Our defenses are designed to defeat threats we have seen before. We have very little protection against.
FEATURES & FUNCTIONALITY. Page 2 Agenda Main topics Packet Filter Firewall Application Control Other features.

FEATURES & FUNCTIONALITY. Page 2 Agenda Main topics Packet Filter Firewall Application Control Other features.
©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.

©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.
OPSWAT Presentation for XXX Month Date, Year. OPSWAT & ____________ Agenda  Overview of OPSWAT  Multi-scanning with Metascan  Controlling Data Workflow.

OPSWAT Presentation for XXX Month Date, Year. OPSWAT & ____________ Agenda  Overview of OPSWAT  Multi-scanning with Metascan  Controlling Data Workflow.
Dealing with Malware By: Brandon Payne Image source: TechTips.com.

Dealing with Malware By: Brandon Payne Image source: TechTips.com.
Network Security Terms. Perimeter is the fortified boundary of the network that might include the following aspects: 1.Border routers 2.Firewalls 3.IDSs.

Network Security Terms. Perimeter is the fortified boundary of the network that might include the following aspects: 1.Border routers 2.Firewalls 3.IDSs.
How to Make Cyber Threat Intelligence Actionable

How to Make Cyber Threat Intelligence Actionable
Unit 2 Personal Cyber Security and Social Engineering Part 2.

Unit 2 Personal Cyber Security and Social Engineering Part 2.
Antivirus Software Technology By Mitchell Zell. Intro  Computers are vulnerable to attack  Most common type of attack is Malware  Short for malicious.

Antivirus Software Technology By Mitchell Zell. Intro  Computers are vulnerable to attack  Most common type of attack is Malware  Short for malicious.
Cosc 4765 Antivirus Approaches. In a Perfect world The best solution to viruses and worms to prevent infected the system –Generally considered impossible.

Cosc 4765 Antivirus Approaches. In a Perfect world The best solution to viruses and worms to prevent infected the system –Generally considered impossible.
Some Great Open Source Intrusion Detection Systems (IDSs)

Some Great Open Source Intrusion Detection Systems (IDSs)
Internet Vulnerabilities & Criminal Activity Internet Forensics 12.1 April 26, 2010 Internet Forensics 12.1 April 26, 2010.

Internet Vulnerabilities & Criminal Activity Internet Forensics 12.1 April 26, 2010 Internet Forensics 12.1 April 26, 2010.
Common System Exploits Tom Chothia Computer Security, Lecture 17.

Common System Exploits Tom Chothia Computer Security, Lecture 17.
Cyber Security Phillip Davies Head of Content, Cyber and Investigations.

Cyber Security Phillip Davies Head of Content, Cyber and Investigations.
Global Cyber Security Market by Manufacturers, Regions, Type and Application, Forecast to 2021 Published: December 2016 Single User PDF: US$ 3480 Order.

Global Cyber Security Market by Manufacturers, Regions, Type and Application, Forecast to 2021 Published: December 2016 Single User PDF: US$ 3480 Order.
Air Force Research Labs Dept Homeland Security (HSARPA)

Air Force Research Labs Dept Homeland Security (HSARPA)
“Enterprise Malware Detection”

“Enterprise Malware Detection”
Air Force Research Labs Dept Homeland Security (HSARPA)

Air Force Research Labs Dept Homeland Security (HSARPA)

Similar presentations

Ads by Google