Presentation is loading. Please wait.

Presentation is loading. Please wait.

DHS Phase II SBIR Contract Vice President Business Development

Published byElaine Peters Modified over 6 years ago

Similar presentations

Presentation on theme: "DHS Phase II SBIR Contract Vice President Business Development"— Presentation transcript:

1 DHS Phase II SBIR Contract Vice President Business Development
Enterprise Botnet Detection & Mitigation DHS Phase II SBIR Contract Bob Slapnik Vice President Business Development

2 Agenda NABC Technical Accomplishments
Milestones, Deliverables, and Schedule Recent Public Relations Technology Transition Plan Quad Chart

3 Are Cybercriminals Targeting You? Next Generation Software to
Detect, Diagnose, & respond See what you’ve been missing

4 Business Needs Sophisticated attackers
Have time, resources and skill Criminals motivated by financial gain State sponsored espionage Any cyber defense can and will be defeated

5 Business Needs Loss of sensitive data and intellectual property
FBI - $100 Billion lost annually National security is compromised

6 SANS Institute’s Top 5 Attacks for 2008
Web Browser exploits Botnets Cyber Espionage Mobile Phone Threats Insider Threat 6

7 Problems 80% of new malware is not detected
Stealthy rootkits Malware variants Targeted attacks Lack of endpoint visibility Traditional disk security and forensics tools are not enough

8 Traditional Forensics
HBGary’s Approach HBGary Responder Memory Analytics Volatile Data Traditional Forensics Traditional Security Data at rest

9 Information found in RAM
Running processes and drivers Unpacked bots and malware Unencrypted network data Open ports and network sockets Open files and file contents Strings and symbols Passwords and keys in clear text Registry info

10 Why Reverse Engineer Binaries?
Computer Forensics Identify a binary’s capabilities Recover Command & Control functions Recover passwords and encryption keys View decrypted packets and files Computer Network Defense Understand bots and malware Create signatures Bolster defenses Attribution This looks suspicious!

11 HBGary’s Approach Automated host analysis Detect, Diagnose, Respond
Physical Memory (RAM) Binaries, bots and malware Detect, Diagnose, Respond Find the bad guy on computers and tell you what he is doing Workstation product  Enterprise product

12 Benefits Best memory analysis system
Automated behavioral detection to identify suspect binaries Automated bot and malware forensics Lower the skills bar Enterprise host visibility

13 Competition Memory Analysis KnTTools Various open source
Malware Analysis IDA Pro OllyDbg Norman Analyzer CWSandbox

14 NABC Technical Accomplishments Milestones, Deliverables, and Schedule Recent Public Relations Technology Transition Plan Quad Chart

15 Technical Accomplishments
Commercial software released in April 2008 HBGary Responder

16 16

17 RAM Analytics RESPONDER Offline Memory Analysis
Object Manager Reconstruction Rootkit & Zero-Day Detection Object Extraction Live Physical Memory Preservation 17

18 Runtime & Binary Forensics
RESPONDER Runtime & Binary Forensics Automated Malware Analysis & Reporting Runtime Forensics “live binary” Analysis Binary Forensics “static Analysis” Analyze Packed & Obfuscated Malware Recover Malware executed instructions 18

19 Malware Analysis Plugin
RESPONDER Malware Analysis Plugin Stealth Techniques Network Communications How is it installed? File System Access & Modifications Registry Access & Modifications Malware Survivability Cryptographic Routines File Packing & Obfuscation Remote Command and Control Intelligence 19

20 Responder Screenshot

21 Responder Screenshot

22 Interactive Binary Graphing

23 Enterprise Software (Developed, not released)
Host Agent DLL plug-in, Command line utility, or Service Management console Remote node management Concentrator / project server Network Recon module

24 Active Defense (5) HBGary Responder

25 Enterprise Mgt. Console

26 Digital DNA In-memory fuzzy hashing Detect malware variants
Partial matching Calculate DDNA from disk object Detection within memory Detect malware variants Developed with HBGary IR&D private funds outside of the SBIR contract Patent pending

27 Flypaper New runtime analysis system Observe binary behaviors
Causes processes to “stick” in memory Analyze “droppers” Used with Responder Developed with HBGary IR&D private funds outside of the SBIR contract

28 NABC Technical Accomplishments Milestones, Deliverables, and Schedule Recent Public Relations Technology Transition Plan Quad Chart

29 Milestones HBGary Responder™ Enterprise Active Defense
Released April 2008 Enterprise Active Defense Pilot site in Q1 2009 Bayesian Reasoning Engine Q2 2009

30 Schedule Oct 2008 Recover passwords and keys from RAM
Nov 2008 Recover page file Dec 2008 Recover hiberfil.sys file Jan 2009 FIPS compliant encryption (openSSL) Feb Pilot enterprise deployment / “1000 nodes” Mar 2009 Recover NDIS buffers and PCAP files Apr 2009 Complete first set of reasoning models May 2009 Integrate the Bayesian Reasoning Engine Jul 2009 Extend detection rules for indirect indicators

31 NABC Technical Accomplishments Milestones, Deliverables, and Schedule Recent Public Relations Technology Transition Plan Quad Chart

32 Press Releases Guidance Software to Offer HBGary Responder for Live Memory Analysis in Digital Investigations, May 22, 2008 HBGary Joins McAfee Partner Program, the McAfee Security Innovation Alliance, August 25, 2008

33 Conference Trade Shows
Guidance’s CEIC May 2008 BlackHat August 2008 McAfee FOCUS 2008 Oct 20-23, 2008

34 NABC Technical Accomplishments Milestones, Deliverables, and Schedule Recent Public Relations Technology Transition Plan Quad Chart

35 Technology Transition Plan
Sell HBGary Responder as a workstation product now Go to market with an enterprise product in near future Sell direct and through partners

36 Technology Transition Current Customers
Customer Type DoD Civilian Agencies Government Contractors Fortune 500 Foreign Governments Universities No. of Customers 13 12 5 4 3

37 Multiple strategies for enterprise deployable solution
Strategic Partners Guidance Software (Encase) Reselling Responder worldwide Integrating Responder to Encase Enterprise McAfee Integration with ePolicy Orchestrator DoD’s HBSS Program Multiple strategies for enterprise deployable solution

38 NABC Technical Accomplishments Milestones, Deliverables, and Schedule Recent Public Relations Technology Transition Plan Quad Chart

39 SBIR H-SB Title: Enterprise Botnet Detection and Mitigation Contractor Name: HBGary, Inc. Date: September 10, 2008 Operational Capabilities: Host agents deployed throughout the enterprise Achieve enterprise scalability with hierarchical concentrators Remotely configurable agent operation Centralized, hierarchical, automated reasoners Actionable information for computer incident response teams Low Total Cost of Ownership: Lightweight host agents deployable as command line utility Provide host visibility remotely across the enterprise Distributed reasoning with centralized control Performance Targets: Deploy first enterprise pilot installations for at least 500 nodes Detect previously undetected bots and botnets Proposed Technical Approach: Automated physical memory analysis Collect vast amount of evidence from physical memory Organize evidence into a structured user interface Start with workstation product and expand to enterprise solution Reason over evidence using Bayesian Network models Automated bot and malware analysis Leverage enterprise technologies of large strategic partners Status: Had alpha workstation software before start of Phase II contract Released workstation product, HBGary Responder, April 2008 Excellent marketplace acceptance with growing customer base Enterprise pilot deployment scheduled for Q1 2009 Schedule and Cost: Year 1 Development Year 2 Development Year 2 Deployment Total: Team: HBGary, SAIC Contact: Deliverables: Software Code, User Manuals, Empirical Test Data, Reports, and Solution Demonstration Bob Slapnik Vice President x104 HBGary, Inc. 3941 Park Drive, Suite El Dorado Hills, CA 95762

40 Thank you Any Questions? 40

Download ppt "DHS Phase II SBIR Contract Vice President Business Development"

Similar presentations

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
The Technology Tool Kit version 2.0 August 2014 Presenter: Deborah Watson InfraGard Houston Chapter - SIG Security Guide & Tool Development Manager.

The Technology Tool Kit version 2.0 August 2014 Presenter: Deborah Watson InfraGard Houston Chapter - SIG Security Guide & Tool Development Manager.
© 2014 The MITRE Corporation. All rights reserved. Approved for Public Release: Case #13-4177 iOS App Integrity – Got Any? Research Team: Gregg Ganley(PI)

© 2014 The MITRE Corporation. All rights reserved. Approved for Public Release: Case # iOS App Integrity – Got Any? Research Team: Gregg Ganley(PI)
Www.encase.com Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
© 2009 IBM Corporation Delivering Quality Service with IBM Service Management April 13 th, 2009.

© 2009 IBM Corporation Delivering Quality Service with IBM Service Management April 13 th, 2009.
Www.SecurityXploded.com. Disclaimer The Content, Demonstration, Source Code and Programs presented here is AS IS without any warranty or conditions.

Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.
APT29 HAMMERTOSS Jayakrishnan M.

APT29 HAMMERTOSS Jayakrishnan M.
©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.

©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.
OPSWAT Presentation for XXX Month Date, Year. OPSWAT & ____________ Agenda  Overview of OPSWAT  Multi-scanning with Metascan  Controlling Data Workflow.

OPSWAT Presentation for XXX Month Date, Year. OPSWAT & ____________ Agenda  Overview of OPSWAT  Multi-scanning with Metascan  Controlling Data Workflow.
User Manager Pro Suite Taking Control of Your Systems Joe Vachon Sales Engineer November 8, 2007.

User Manager Pro Suite Taking Control of Your Systems Joe Vachon Sales Engineer November 8, 2007.
OPSWAT Presentation for XXX Month Date, Year. OPSWAT & ____________ Agenda  Overview of OPSWAT  Multi-scanning with Metascan  Controlling Data Workflow.

OPSWAT Presentation for XXX Month Date, Year. OPSWAT & ____________ Agenda  Overview of OPSWAT  Multi-scanning with Metascan  Controlling Data Workflow.
The Changing World of Endpoint Protection

The Changing World of Endpoint Protection
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Transforming video & photo collections into valuable resources John Waugaman President - Tygart Technology, Inc.

Transforming video & photo collections into valuable resources John Waugaman President - Tygart Technology, Inc.
Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.

Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.
Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.

Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.
BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.

BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.
©2015 Check Point Software Technologies Ltd. 1 Website Watering Holes Endpoints are at risk in numerous ways, especially when social engineering is applied.

©2015 Check Point Software Technologies Ltd. 1 Website Watering Holes Endpoints are at risk in numerous ways, especially when social engineering is applied.
©2015 Check Point Software Technologies Ltd. 1 [Restricted] ONLY for designated groups and individuals CHECK POINT MOBILE THREAT PREVENTION.

©2015 Check Point Software Technologies Ltd. 1 [Restricted] ONLY for designated groups and individuals CHECK POINT MOBILE THREAT PREVENTION.

Similar presentations

Ads by Google