Presentation is loading. Please wait.

Presentation is loading. Please wait.

DHS Phase II SBIR Contract Senior Security Engineer

Published byAnabel Chandler Modified over 6 years ago

Similar presentations

Presentation on theme: "DHS Phase II SBIR Contract Senior Security Engineer"— Presentation transcript:

1 DHS Phase II SBIR Contract Senior Security Engineer
Enterprise Botnet Detection & Mitigation DHS Phase II SBIR Contract Phil Wallisch Senior Security Engineer

2 Agenda NABC Technical Accomplishments
Milestones, Deliverables, and Schedule Recent Public Relations Technology Transition Plan Quad Chart

3 Are Cybercriminals Targeting You? Next Generation Software to
Detect, Diagnose, & respond See what you’ve been missing

4 Business Needs Sophisticated attackers
Have time, resources and skill Criminals motivated by financial gain State sponsored espionage Any cyber defense can and will be defeated

5 Business Needs Loss of sensitive data and intellectual property
FBI - $100 Billion lost annually National security is compromised

6 Problems 80% of new malware is not detected
Stealthy rootkits Malware variants Targeted attacks Lack of endpoint visibility Traditional disk security and forensics tools are not enough

7 Traditional Forensics
HBGary’s Approach HBGary Responder Memory Analytics Volatile Data Traditional Forensics Traditional Security Data at rest

8 Information found in RAM
Running processes and drivers Unpacked bots and malware Unencrypted network data Open ports and network sockets Open files and file contents Strings and symbols Passwords and keys in clear text Registry info

9 Why Reverse Engineer Binaries?
Computer Forensics Identify a binary’s capabilities Recover Command & Control functions Recover passwords and encryption keys View decrypted packets and files Computer Network Defense Understand bots and malware Create signatures Bolster defenses Attribution This looks suspicious!

10 HBGary’s Approach Automated host analysis Detect, Diagnose, Respond
Physical Memory (RAM) Binaries, bots and malware Detect, Diagnose, Respond Find the bad guy on computers and tell you what he is doing Workstation product  Enterprise product

11 Benefits Best memory analysis system
Automated behavioral detection to identify suspect binaries Automated bot and malware forensics Lower the skills bar Enterprise host visibility

12 Competition Memory Analysis KnTTools Various open source
Malware Analysis IDA Pro OllyDbg Norman Analyzer CWSandbox

13 NABC Technical Accomplishments Milestones, Deliverables, and Schedule Recent Public Relations Technology Transition Plan Quad Chart

14 Technical Accomplishments
Responder 2.0 released Improved Digital DNA Windows 7 memory analysis Sandboxing technology released Enterprise software developed and sold

15 Responder 2.0 Features Improved malware detection
Digital DNA fuzzy hashing Windows 7 memory analysis Sandbox integration Remote memory acquisition

16 Responder Screenshot

17 Digital DNA In-memory fuzzy hashing Detect malware variants
Partial matching Calculate DDNA from disk object Detection within memory Detect malware variants Developed with HBGary IR&D private funds outside of the SBIR contract Patent pending

18 Responder Screenshot Sample DDNA Traits

19 REcon New runtime analysis system Observe binary behaviors
Forces processes to “stick” in memory Analyze “droppers” Used with Responder Developed with HBGary IR&D private funds outside of the SBIR contract

20 Responder Screenshot

21 Enterprise Software Vendor Integrations Enterprise Software Sold
Guidance EnCase Enterprise McAfee ePO Verdasys Digital Guardian HBGary Digital Guardian Enterprise Software Sold 45,000 McAfee ePO nodes

22 McAfee Screenshot

23 Active Defense Screenshot

24 NABC Technical Accomplishments Milestones, Deliverables, and Schedule Recent Public Relations Technology Transition Plan Quad Chart

25 Milestones HBGary Responder™ 2.0 McAfee ePO Integration
Released February 2010 McAfee ePO Integration 45,000 nodes sold REcon Behavioral Analysis Released June 2009

26 Schedule Oct 2008 Recover passwords and keys from RAM
Nov 2008 Recover page file Dec 2008 Recover hiberfil.sys file Jan 2009 FIPS compliant encryption (openSSL) Feb Pilot enterprise deployment / “1000 nodes” Mar 2009 Recover NDIS buffers and PCAP files Apr 2009 Complete first set of reasoning models May 2009 Integrate the Bayesian Reasoning Engine Jul 2009 Extend detection rules for indirect indicators

27 NABC Technical Accomplishments Milestones, Deliverables, and Schedule Recent Public Relations Technology Transition Plan Quad Chart

28 Press Releases (need input)
Guidance Software to Offer HBGary Responder for Live Memory Analysis in Digital Investigations, May 22, 2008 HBGary Joins McAfee Partner Program, the McAfee Security Innovation Alliance, August 25, 2008

29 Conference Trade Shows
DoD Cyber Crime January 2010 BlackHat August 2010 McAfee FOCUS 2009 October 2009

30 NABC Technical Accomplishments Milestones, Deliverables, and Schedule Recent Public Relations Technology Transition Plan Quad Chart

31 Technology Transition Plan
Continue to sell HBGary Responder as a workstation product Continue to go to market with enterprise products Integrate with new technology partners Develop threat monitoring center??? Sell direct and through partners

32 Technology Transition Current Customers
Customer Type DoD Civilian Agencies Government Contractors Fortune 500 Foreign Governments Universities No. of Customers 13 12 5 4 3

33 Strategic Partners Guidance Software (Encase) McAfee Verdasys
Reselling Responder worldwide Integrating Responder to Encase Enterprise McAfee Integration with ePolicy Orchestrator DoD’s HBSS Program Verdasys Integration with Digital Guardian

34 NABC Technical Accomplishments Milestones, Deliverables, and Schedule Recent Public Relations Technology Transition Plan Quad Chart

35 SBIR H-SB Title: Enterprise Botnet Detection and Mitigation Contractor Name: HBGary, Inc. Date: March 10, 2010 Operational Capabilities: Host agents deployed throughout the enterprise Achieve enterprise scalability with hierarchical concentrators Remotely configurable agent operation Centralized, hierarchical, automated reasoners Actionable information for computer incident response teams Low Total Cost of Ownership: Lightweight host agents deployable as command line utility Provide host visibility remotely across the enterprise Distributed reasoning with centralized control Performance Targets: Deploy first enterprise pilot installations for at least 500 nodes Detect previously undetected bots and botnets Proposed Technical Approach: Automated physical memory analysis Collect vast amount of evidence from physical memory Organize evidence into a structured user interface Start with workstation product and expand to enterprise solution Reason over evidence using Bayesian Network models Automated bot and malware analysis Leverage enterprise technologies of large strategic partners Status: Had alpha workstation software before start of Phase II contract Released workstation product, HBGary Responder, April 2008 Excellent marketplace acceptance with growing customer base Enterprise pilot deployment scheduled for Q1 2009 Schedule and Cost: Year 1 Development Year 2 Development Year 2 Deployment Total: Team: HBGary, SAIC Contact: Deliverables: Software Code, User Manuals, Empirical Test Data, Reports, and Solution Demonstration Phil Wallisch Sr. Security Engineer x115 HBGary, Inc. 3941 Park Drive, Suite El Dorado Hills, CA 95762

36 Thank you Any Questions? 36

Download ppt "DHS Phase II SBIR Contract Senior Security Engineer"

Similar presentations

Www.encase.com Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
Norman Endpoint Protection Advanced security made easy.

Norman Endpoint Protection Advanced security made easy.
1 Panda Malware Radar Discovering hidden threats Technical Product Presentation Name Date.

1 Panda Malware Radar Discovering hidden threats Technical Product Presentation Name Date.
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
© 2009 IBM Corporation Delivering Quality Service with IBM Service Management April 13 th, 2009.

© 2009 IBM Corporation Delivering Quality Service with IBM Service Management April 13 th, 2009.
Security Imperatives in a New Workplace Partnering to Protect Digital Information in the 21st Century Presented by Michael Ferris, Alaska Enterprise Solutions.

Security Imperatives in a New Workplace Partnering to Protect Digital Information in the 21st Century Presented by Michael Ferris, Alaska Enterprise Solutions.
Www.SecurityXploded.com. Disclaimer The Content, Demonstration, Source Code and Programs presented here is AS IS without any warranty or conditions.

Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.
Www.softwareassist.net Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.

Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.
A Commercialization Measurement System Jim Tolle Verisystem.

A Commercialization Measurement System Jim Tolle Verisystem.
©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.

©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.
User Manager Pro Suite Taking Control of Your Systems Joe Vachon Sales Engineer November 8, 2007.

User Manager Pro Suite Taking Control of Your Systems Joe Vachon Sales Engineer November 8, 2007.
The Changing World of Endpoint Protection

The Changing World of Endpoint Protection
Transforming video & photo collections into valuable resources John Waugaman President - Tygart Technology, Inc.

Transforming video & photo collections into valuable resources John Waugaman President - Tygart Technology, Inc.
Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.

Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.
Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.

Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.
©2015 Check Point Software Technologies Ltd. 1 Website Watering Holes Endpoints are at risk in numerous ways, especially when social engineering is applied.

©2015 Check Point Software Technologies Ltd. 1 Website Watering Holes Endpoints are at risk in numerous ways, especially when social engineering is applied.
How to Make Cyber Threat Intelligence Actionable

How to Make Cyber Threat Intelligence Actionable
Artificial Intelligence. Real Threat Prevention.

Artificial Intelligence. Real Threat Prevention.
Activu-Powered Video Wall Prominently Featured during President Obama’s Visit to the National Cybersecurity and Communications Integration Center On January.

Activu-Powered Video Wall Prominently Featured during President Obama’s Visit to the National Cybersecurity and Communications Integration Center On January.
CloudAV: N-Version Antivirus in the Network Cloud Jon Oberheide, Evan Cooke, Farnam Jahanian Electrical Engineering and Computer Science Department, University.

CloudAV: N-Version Antivirus in the Network Cloud Jon Oberheide, Evan Cooke, Farnam Jahanian Electrical Engineering and Computer Science Department, University.

Similar presentations

Ads by Google