Presentation is loading. Please wait.

Presentation is loading. Please wait.

Company Overview.

Published byGodwin Grant Modified over 6 years ago

Similar presentations

Presentation on theme: "Company Overview."— Presentation transcript:

1 Company Overview

2 HBGary Background Government Services Founded in 2003 Solutions:
Host Intrusion Detection & Incident Response Live Windows Memory Forensics Malicious Code Detection Automated Reverse Engineering Products: HBGary Responder Enterprise (to be announced March 9th, 2009) McAfee ePO (HBSS) Integration HBGary Responder Professional Stand alone application Services & Training Incident Response Malware Analysis 2

3 Air Force Research Labs Dept Homeland Security (HSARPA)
HBGary R&D Funding Air Force Research Labs Next Generation Software Reverse Engineering Tools (Phases I and II) Kernel Virtual Machine Host Analyzer (Phases I and II) Virtual Machine Debugger (Phase I) Dept Homeland Security (HSARPA) Botnet Detection and Mitigation (Phases I and II) H/W Assisted System Security Monitor (Phases I and II) Subcontractor to AFCO Systems Development Small Business Innovative Research (SBIR) Program 3

4 Growing Cybercrime Problem
Sophisticated targeted attacks Criminal and state sponsored Motivated, well funded adversaries Any cyber defense can and will be defeated

5 We process almost 5,000 malware every 24 hours

6 Bots Rootkits Process Injectors All infecting Enterprises RIGHT NOW

7 Anti-virus Shortcomings
Source: “Eighty percent of new malware defeats antivirus”, ZDNet Australia, July 19, 2006 Top 3 AV companies don’t detect 80% of new malware The sheer volume and complexity of computer viruses being released on the Internet today has the anti-virus industry on the defensive, experts say, underscoring the need for consumers to avoid relying on anti-virus software alone to keep their…computers safe and secure. Source: “Anti-Virus Firms Scrambling to Keep Up ”, The Washington Post, March 19, 2008 7

8 What you don’t see can hurt you.

9 HBGary’s Approach Detect, Diagnose, Respond Host-centric approach
Find the bad guy on computers and tell you what he is doing Host-centric approach Physical memory (RAM) analysis Binary analysis Detection with Digital DNA Enterprise endpoint detection and visibility

10 Benefits Enterprise detection of compromised hosts
Visibility of remote hosts Lowers the skill bar for incident response Better cyber defense

11 HBGary Software Products
HBGary Responder Enterprise Enterprise host intrusion detection system Integrated with McAfee ePolicy Orchestrator HBGary Responder Professional Investigator’s tool for computer incident response

12 Ranking Software Modules by Threat Severity Software Behavioral Traits
Digital DNA Ranking Software Modules by Threat Severity Software Behavioral Traits

13 Why Digital DNA? Detect New and Advanced Threats
Malware Variants Polymorphic code Memory-Resident Code Rootkits Complements Anti-Virus

14 Successful Technology Transition HBGary Responder Customers
Customer Type DoD Civilian Agencies Government Contractors Fortune 500 Foreign Governments Universities No. of Customers 18 17 5 12 4

15 Strategic Partners McAfee Guidance Software (Encase) Agilex

16 Offline Physical Memory Analysis
The Core Technology Offline Physical Memory Analysis Rootkit Detection Automated Malware Analysis DNA Digital Alerting & Reporting Offline physical memory analysis: Rebuilding windows without windows All physical to virtual address translations This is The Advantage! Rebuilds underlying undocumented data structures Rebuilds running state of machine “exposes all objects ” Malware cannot hide itself actively

17 The Core Technology Hook Detection IDT/SSDT/Driver Chains
Offline Physical Memory Analysis Rootkit Detection Automated Malware Analysis DNA Digital Alerting & Reporting Offline physical memory analysis: Rebuilding windows without windows All physical to virtual address translations Direct Kernel Object Manipulation Detection Hook Detection IDT/SSDT/Driver Chains These tricks expose themselves by interacting with OS Crossview Based Analysis

18 The Core Technology Suspicious Code is extracted from RAM
Offline Physical Memory Analysis Rootkit Detection Malware Analysis Automated DNA Digital Alerting & Reporting Offline physical memory analysis: Rebuilding windows without windows All physical to virtual address translations Code is Disassembled, broken apart, and analyzed Integration with Flypaper & Flypaper Pro Suspicious Code is extracted from RAM Code Control Flow Graphing

19 The Core Technology DDNA created for all executable code
Offline Physical Memory Analysis Rootkit Detection Automated Malware Analysis DNA Digital Alerting & Reporting Offline physical memory analysis: Rebuilding windows without windows All physical to virtual address translations DDNA created for all executable code A Threat Score is provided for all code Identifies executable code behaviors White & Black List Code /Behaviors

20 The Core Technology Custom Reports in XML, RTF, PDF, other
Offline Physical Memory Analysis Rootkit Detection Automated Malware Analysis DNA Digital Alerting & Reporting Reports can be sent to Enterprise Console Behavioral Analysis Scan and others Custom Reports in XML, RTF, PDF, other Alert on Suspicious Behaviors and coding tricks

21 Responder Professional v1.3
The only comprehensive memory analysis platform on the market Host Intrusion Detection, Incident Response, Live Windows Forensics, Automated Malware Analysis Enterprise Responder v1.0 - McAfee EPO 4.0 Integration Enterprise Malware & Rootkit Detection & Reporting HBGary / EnCase Enterprise Integration Enterprise solution for remote physical memory analysis Remotely Scan physical memory for suspicious items Advanced Malware & Rootkit Detection

22 Fastdump Pro v1.3 Flypaper Pro v1.0 Physical Memory Acquisition tool
32 and 64 bit Windows Operating Systems Supports systems with more than 4GB RAM Process Probe Feature Flypaper Pro v1.0 Log Viewer with enhanced logging File system Registry Network Activity Memory Tar Pit

23 Threat Assessment Engines
Integration with McAfee ePO GA March Phase Two Threat Assessment Engines HBGary Portal ePO Console Responder Workstation ePO Server ePO Agents (Endpoints) Schedule HBGary Evidence Server SQL Events HBG Extension HBG WPMA WPMA = Windows Physical Memory Analysis

24

25 Fuzzy Search

26

27 Behavioral Traits DDNA
Trait codes are like this: 04 0F 51 Weight / Control flags Unique hash code Description is held in a database

28 DDNA Sequences D6 F7 07 CD E A8 F1 02 FB B 02 7C 9A 02 AC CF 00 9F… This is a series of 3 octet trait codes Each trait can have a weight from -15 to +15. + means suspicious – means trusted The entire sequence is weighted by summing the weights of each trait. Discrete weight decay algorithm The summing of weights is performed using an algorithm known as the This algorithm will decay the effects of a repeated weight value over time. +40 points or more in weight = Suspicious or potentially “Evil”

29 Digital DNA Screenshot

Download ppt "Company Overview."

Similar presentations

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
Students: Jacek Czeszewski and Marcos Verdini Rosa Professor: José Manuel Magalhães Cruz.

Students: Jacek Czeszewski and Marcos Verdini Rosa Professor: José Manuel Magalhães Cruz.
A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.

A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.
Www.encase.com Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.

Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.
Spyware and Viruses Group 6 Magen Price, Candice Fitzgerald, & Brittnee Breze.

Spyware and Viruses Group 6 Magen Price, Candice Fitzgerald, & Brittnee Breze.
©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.

©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.
Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.

Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.
Monnappa KA  Info Security Cisco  Member of SecurityXploded  Reverse Engineering, Malware Analysis, Memory Forensics 

Monnappa KA  Info Security Cisco  Member of SecurityXploded  Reverse Engineering, Malware Analysis, Memory Forensics 
Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX.

Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX.
1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.

1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.
Nexthink V5 Demo Security – Malicious Anomaly. Situation › Avoid damage resulting from the incident itself and the cost of the unplanned response › Protection.

Nexthink V5 Demo Security – Malicious Anomaly. Situation › Avoid damage resulting from the incident itself and the cost of the unplanned response › Protection.
Sky Advanced Threat Prevention

Sky Advanced Threat Prevention
BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.

BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.
ECAT 4.1 – Rule Your Endpoints What’s New Customer Overview.

ECAT 4.1 – Rule Your Endpoints What’s New Customer Overview.
How to Make Cyber Threat Intelligence Actionable

How to Make Cyber Threat Intelligence Actionable
Artificial Intelligence. Real Threat Prevention.

Artificial Intelligence. Real Threat Prevention.

Similar presentations

Ads by Google