Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sophos Intercept Next-Gen Endpoint Protection

Published byOswin Knight Modified over 6 years ago

Similar presentations

Presentation on theme: "Sophos Intercept Next-Gen Endpoint Protection"— Presentation transcript:

1 Sophos Intercept Next-Gen Endpoint Protection
Larry Herzog Jr., CISSP Channel Sales Engineer July 2017

2 HD Phishing Data stolen from breach being used in phishing campaign.

3 Locally targeted

4 Malvertising threat chain
RTB Ad network Third party

5 No site is immune

6 Exploits as a Service Gateway Servers Exploit Kit Customers Victims
Initial Request Exploit Kit Customers Redirection Get Current Domain Tor Exploit Kit Admin Malicious Payloads Landing Page Exploits Stats Management Panel Malware Distribution Servers Payloads Get Stats Update payloads

7 EK prominence

8 Document malware

9 Remote access trojans Data stealing malware

10 Data stealing malware How it works

11 Why does ransomware work?
Complex threat chain Social Engineering No need for persistence Uses existing tools Geographically targeted, locally customized It’s your data

12 Locky

13 Cryptowall

14 Zcrypt True virus, no need to send multiple copies

15 The Evolution of Endpoint Threats From Malware to Exploits
Melissa Virus 1999 $1.2B Love Letter Worm $15B 1998 FinFischer Spyware 2003 $780M Zeus Trojan $2.3B 2007 JSocket RATs $800M 2014 Exploit as a Service $500M 2015 Locky Ransomware $1.1B 2016 Traditional Malware Advanced Threats

16 Technique Identification
The Evolution of Endpoint Security From Anti-Malware to Anti-Exploit to Next-Generation Exposure Prevention URL Blocking Web Scripts Download Rep Pre-Exec Analytics Generic Matching Heuristics Core Rules File Scanning Known Malware Malware Bits Trojan Spyware Virus Worm Run-Time Signatureless Behavior Analytics Runtime Behavior Exploit Detection Technique Identification RATs Ransomware Exploit Kits Traditional Malware Advanced Threats

17 INTERCEPT

18 Intercept Anti-Ransomware. Anti-Exploit. Root-Cause Analysis
Stops Malicious Encryption Behavior Based Conviction Automatically Reverts Affected Files Identifies Source of Attack Anti-Exploit Signatureless Exploit Prevention Protects Patient-Zero / Zero-Day Blocks Memory-Resident Attacks Low Footprint & False Positives Root-Cause Analysis IT Friendly Incident Response Process Threat Chain Visualization At Risk Asset Identification Prescriptive Remediation Guidance Purpose built to compliment and enhance anti-malware solutions Security focused on exploit techniques, not merely the tools used Designed for the IT Generalist. Powerful enough for the Info-Sec Professional

19 Anti-Ransomware

20 Anatomy of a Ransomware Attack
CryptoGuard Simple and Comprehensive Universally prevents spontaneous encryption of data Notifies end user on rapid encryption events Rollback to pre-encrypted state CRYPTOGUARD Exploit Kit or Spam with Infection Command & Control Established Local Files are Encrypted Ransomware deleted, Ransom Instructions delivered

21 Behind the scenes with CryptoGuard – How does it work?
Monitor file access If suspicious file changes are detected, file copies are created Attack detected Malicious process is stopped and we investigate the process history Rollback process initiated Original file copies restored Malicious files removed Added to know ransomware definitions Forensic visibility User message on desktop Admin alert in Sophos Central Root cause analysis details available

22 Anti-Exploit

23 Signature-less Exploit Prevention

24 Root Cause Analysis

25 Root-Cause Analysis Understanding the Who, What, When, Where, Why and How
What Happened? Root Cause Analysis Automatic the process / threat / registry level 30 Days of historical reporting Detailed Visual representation of what other assets have been touched What is at Risk? Compromised Assets Comprehensive list of business documents, executables, libraries and files Any adjacent device (i.e., mobile) or network resources which may be at risk Future Prevention Security Posture Recommendations based on historical security risks Provides steps to prevent future attacks Rich reporting of Compliance status

26 Our Incident Response engine automatically capture core data on an incident. Showing crisp summary data and details a human can understand. PLUS IT people can add comments and actions to each incident as its investigated. We AUTOMATICALLY add a priority depending on our analysis of the root cause and the chain itself. Obviously someone can add to this, for example here is an Exfiltrator that got caught as it attempted to reach out to a C2. …and I see that the IT guy recommended we also look at Synchronized Encryption (Show artifacts) Sophos confidential

27 Digging deeper we see that there are some business files involved in the attempted exfiltration….
 (Show RCA)

28 Our Incident Response engine automatically capture core data on an incident. Showing crisp summary data and details a human can understand. PLUS IT people can add comments and actions to each incident as its investigated. We AUTOMATICALLY add a priority depending on our analysis of the root cause and the chain itself. Obviously someone can add to this, for example here is an Exfiltrator that got caught as it attempted to reach out to a C2. …and I see that the IT guy recommended we also look at Synchronized Encryption (Show artifacts)

29 Advanced System Clean

30 Advanced System Clean Malware Activity Removal
Removes Threats Deep System Inspection Removes Malware Remnants Full Quarantine / Removal Effective Breach Remediation On-Demand Assessment Identifies Risky Files / Processes Constantly Refreshed Database Provides Additional Confidence Command-Line Capable

31 Intercept Benefits Performance Prevent unknown zero-day threats
No user impact, no file scanning, no signatures Prevent unknown zero-day threats Intercepting techniques doesn’t require knowledge of known threats Prevent every ransomware attack Faster incident response Root-cause visibility into threats Visualization of full attack chain Deep system cleanup Clean up the malware activity, not just the malware 31

Download ppt "Sophos Intercept Next-Gen Endpoint Protection"

Similar presentations

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Mary Ann Fitzsimmons Regional.

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Mary Ann Fitzsimmons Regional.
Security Life Cycle for Advanced Threats

Security Life Cycle for Advanced Threats
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
David Flournoy Bit9 Mid-Atlantic Regional Manager

David Flournoy Bit9 Mid-Atlantic Regional Manager
Www.encase.com Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
Spyware and Viruses Group 6 Magen Price, Candice Fitzgerald, & Brittnee Breze.

Spyware and Viruses Group 6 Magen Price, Candice Fitzgerald, & Brittnee Breze.
©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.

©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.
1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.

1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
Sophos Live Protection. Agenda 1.Before and After Scenarios 2.Minimum Required Capabilities 3.How we do it 4.How we do it better.

Sophos Live Protection. Agenda 1.Before and After Scenarios 2.Minimum Required Capabilities 3.How we do it 4.How we do it better.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Nexthink V5 Demo Security – Malicious Anomaly. Situation › Avoid damage resulting from the incident itself and the cost of the unplanned response › Protection.

Nexthink V5 Demo Security – Malicious Anomaly. Situation › Avoid damage resulting from the incident itself and the cost of the unplanned response › Protection.
Synchronized Security Revolutionizing Advanced Threat Protection

Synchronized Security Revolutionizing Advanced Threat Protection
Sky Advanced Threat Prevention

Sky Advanced Threat Prevention
BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.

BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.

Similar presentations

Ads by Google