Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ilija Jovičić Sophos Consultant.

Published byDavid Newman Modified over 6 years ago

Similar presentations

Presentation on theme: "Ilija Jovičić Sophos Consultant."— Presentation transcript:

1 Ilija Jovičić Sophos Consultant

2 Where Malware is stopped at the Endpoint
80% 10% 5% Reduce attack surface URL Filtering Download Reputation Device Control Pre-execution analysis Heuristics Rule based Signatures Known Malware families 3% 2% Runtime Behaviour monitoring Exploit Prevention Detection of exploit techniques Traditional Malware Modern Threats

3 Sophos Stops Crypto-Malware Anti-Ransomware Anti-Exploit
LIMITED VISIBILITY RANSOMWARE ZERO DAY EXPLOITS Stops Crypto-Malware Detects and prevents unauthorized encryption Restores unencrypted original files Anti-Ransomware Anti-Exploit Stops unknown Malware Signatureless prevention of 0-Day Malware No performance impact Removes the threat Forensic detection and signatureless removal of yet unknown Malware Extended Cleanup Analyzes the attack What has happened? What is affected? How do I prevent this in the future? Root Cause Analysis CRIME SCENE CLEANUP Intercept X CryptoGuard technology protects you from ransomware that encrypts your data. Now we are adding boot record and disk wipe protection to further defend your computer against tampering. CryptoGuard for servers CryptoGuard now stops ransomware from encrypting data on Windows servers, including network shares. It can protect against ransomware running locally or remotely. You'll need a Server Protection Advanced license

4 CryptoGuard - local Ransomware
Unecrypted file before write operation File write Encrypted file after write operation Secure file backup Root Cause Analysis Extended Cleanup with Sophos Clean

5 Where is the real threat?
Haha! All your files are encrypted! Give me money! Let‘s see what we can find here..

6 Exploit Prevention Detection of new Malware via Exploit Techniques
Patches Patches Exploit Prevention Signatures, Heuristics Reputation Behavioral Detection Time Vulnerabilities Bugs in applications or the operating system 1,000*n /Year Zero-Day-Exploits Code, that uses unknown vulnerabilities ? 100*n /Year Known Exploits Code, that exploits known vulnerabilities Malware Typically uses exploits to infect target systems and executes malicious payload (e.g. encryption, data theft) /Year 25 Exploit Techniques Techniques to run malicious code within vulnerable applications, e.g. via buffer overflows

7 Exploit Prevention Detection of new Malware via Exploit Techniques
Patches Patches Exploit Prevention Signatures, Heuristics Exploit Prevention Signatureless protection against 0-day attacks No performance impact Prevents the exploitation of vulnerabilities in insecure or unpatched applications Stops the attack Reputation Behavioral detection Time Vulnerabilities Bugs in applications or the operating system 1,000*n /Year 100*n /Year Known Exploits Code, that exploits known vulnerabilities 25 Exploit Techniques Techniques to run malicious code within vulnerable applications, e.g. via buffer overflows Zero-Day-Exploits Code, that exploits unknown vulnerabilities ? Available in Sophos Intercept X Endpoint eXploit Prevention

8 Analysis of the incident
Root Cause Analysis Analysis of the incident Identification of relevant processes, registry keys, files and communication Graphical display of chain of events Identifies source of infection What happened? What is affected? Affected Ressources Which files and systems are affected? Which file shares or removable media are affected? What other systems do I have to clean up? Consequences Which malware entry channels do I have to close? How can I prevent malware from spreading inside my network? How do I prevent this in the future?

9 Intercept X Root Cause Analysis

10 Synchronized Security replaces best of breed
Sophos Central Next-Gen Firewall UTM Endpoint Wireless Next-Gen Endpoint Analysis Web Mobile Server File Encryption Disk Encryption

11 Security Heartbeat – Virus infection
Virus detected Remove keys Client in network quarantine

12 Demo

Download ppt "Ilija Jovičić Sophos Consultant."

Similar presentations

Network Security Attack Analysis. cs490ns - cotter2 Outline Types of Attacks Vulnerabilities Exploited Network Attack Phases Attack Detection Tools.

Network Security Attack Analysis. cs490ns - cotter2 Outline Types of Attacks Vulnerabilities Exploited Network Attack Phases Attack Detection Tools.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
Day 4-1-1 anti-virus 3-3-1.anti-virus 1 detecting a malicious file malware, detection, hiding, removing.

Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.
©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.
Security for Today’s Threat Landscape Kat Pelak 1.

Security for Today’s Threat Landscape Kat Pelak 1.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
LittleOrange Internet Security an Endpoint Security Appliance.

LittleOrange Internet Security an Endpoint Security Appliance.
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Kaspersky Lab: The Best of Both Worlds Alexey Denisyuk, pre-sales engineer Kaspersky Lab Eastern Europe 5 th April 2012 / 2 nd InfoCom Security Conference.

Kaspersky Lab: The Best of Both Worlds Alexey Denisyuk, pre-sales engineer Kaspersky Lab Eastern Europe 5 th April 2012 / 2 nd InfoCom Security Conference.
©2012 Check Point Software Technologies Ltd. | [Confidential] For Check Point users and approved third parties Building Your Security Strategy with 3D.

©2012 Check Point Software Technologies Ltd. | [Confidential] For Check Point users and approved third parties Building Your Security Strategy with 3D.
eScan Total Security Suite with Cloud Security

eScan Total Security Suite with Cloud Security
©2015 Check Point Software Technologies Ltd. 1 [Restricted] ONLY for designated groups and individuals Preventing the next breach or discovering the one.

©2015 Check Point Software Technologies Ltd. 1 [Restricted] ONLY for designated groups and individuals Preventing the next breach or discovering the one.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.

©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.
1.2 Security. Computer security is a branch of technology known as information security, it is applied to computers and networks. It is used to protect.

1.2 Security. Computer security is a branch of technology known as information security, it is applied to computers and networks. It is used to protect.
Complete Security. Threats changing, still increasing Data everywhere, regulations growing Users everywhere, using everything We’re focused on protecting.

Complete Security. Threats changing, still increasing Data everywhere, regulations growing Users everywhere, using everything We’re focused on protecting.
Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz

Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz
ANTIVIRUS SOFTWARE.  Antivirus software is the most widespread mechanism for defending individual hosts against threats associated with malicious software,

ANTIVIRUS SOFTWARE.  Antivirus software is the most widespread mechanism for defending individual hosts against threats associated with malicious software,

Similar presentations

Ads by Google