Presentation is loading. Please wait.

Presentation is loading. Please wait.

Defeat Tomorrow’s Threats Today

Published byCurtis Anderson Modified over 6 years ago

Similar presentations

Presentation on theme: "Defeat Tomorrow’s Threats Today"— Presentation transcript:

1 Defeat Tomorrow’s Threats Today

2 Problems Evolving threat landscape
Traditional security detection easy to defeat Lack of enterprise incident response tools

3 Physical Memory Forensics
Endpoint Automation Digital DNA (Behavioral Analysis) Code Reverse Engineering Physical Memory Forensics Under the hood we start with physical memory. If you ever looked at a memory dump you’ll see that it is unstructured garble-dee-goop. HBGary has reverse engineered over 50 undocumented Windows structures to give you organized information of the data contained in memory. We uncover all digital objects, so automated reverse engineering on each and every binary to uncover low level behaviors. Digital DNA examines the behaviors to identify which binaries are malware.

4 Digital DNA Automated malware detection
Digital object classification system 5000 software and malware behavioral traits Example Huge number of key logger variants in the wild About 10 logical ways to build a key logger

5 Ranking Software Modules by Threat Severity Software Behavioral Traits
Digital DNA Ranking Software Modules by Threat Severity 0B 8A C2 05 0F F B ED C D 8A C2 Malware shows up as a red alert. Suspicious binaries are orange. For each binary we show its underlying behavioral traits. Examples of traits might be “packed with UPX”, “uses IRC to communicate”, or “uses kernel hooking with may indicate a presence of a rootkit”. The blue bar shows the Digital DNA sequence for the binary iimo.sys. 0F 51 0F 64 Software Behavioral Traits

6 Under the Hood These images show the volume of decompiled information produced by the DDNA engine. Both malware use stealth to hide on the system. To DDNA, they read like an open book.

7 Efficacy Curve Efficacy is rising ZERO KNOWLEDGE DETECTION RATE DDNA
Detecting more than not (> 80%) ZERO KNOWLEDGE DETECTION RATE Detecting very little Signatures And scaling issue getting worse

8 Traditional Incident Response, Memory Forensics, and Malware Analysis are Difficult
Requires lots of technical expertise Time consuming Expensive Doesn’t scale Traditional methods to analyze memory and malware are difficult. It requires expertise, is time consuming and expensive, and it doesn’t scale. 9

9 Responder Professional

10 HBGary’s Approach Digital DNA Responder Pro Queries Scan all endpoints
Sort into buckets Responder Pro Look at closer Infected Queries Remediation IOC query database constantly getting smarter CLEAN IOC queries Ongoing Remission Detection

11 Demo

Download ppt "Defeat Tomorrow’s Threats Today"

Similar presentations

Security Life Cycle for Advanced Threats

Security Life Cycle for Advanced Threats
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
Introduction to InfoSec – Recitation 13 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Introduction to InfoSec – Recitation 13 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Part 4  Software 1 Conclusion Part 4  Software 2 Course Summary  Crypto o Basics, symmetric key, public key, hash functions and other topics, cryptanalysis.

Part 4  Software 1 Conclusion Part 4  Software 2 Course Summary  Crypto o Basics, symmetric key, public key, hash functions and other topics, cryptanalysis.
Rootkits: Sneaky, Stealthy Toolboxes

Rootkits: Sneaky, Stealthy Toolboxes
Www.encase.com Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
1 E LECTRICAL E NGINEERING AND C OMPUTER S CIENCES U NIVERSITY OF C ALIFORNIA Berkeley Combating Stealth Malware and Botnets in Higher Education Educause.

1 E LECTRICAL E NGINEERING AND C OMPUTER S CIENCES U NIVERSITY OF C ALIFORNIA Berkeley Combating Stealth Malware and Botnets in Higher Education Educause.
Silvio Cesare Ph.D. Candidate, Deakin University.

Silvio Cesare Ph.D. Candidate, Deakin University.
Panorama: Capturing System-wide Information Flow for Malware Detection and Analysis Authors: Heng Yin, Dawn Song, Manuel Egele, Christoper Kruegel, and.

Panorama: Capturing System-wide Information Flow for Malware Detection and Analysis Authors: Heng Yin, Dawn Song, Manuel Egele, Christoper Kruegel, and.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
Vijay Krishnan Avinesh Dupat. A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators.

Vijay Krishnan Avinesh Dupat. A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators.
©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.

©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.
Monnappa KA  Info Security Cisco  Member of SecurityXploded  Reverse Engineering, Malware Analysis, Memory Forensics 

Monnappa KA  Info Security Cisco  Member of SecurityXploded  Reverse Engineering, Malware Analysis, Memory Forensics 
CAP6135: Malware and Software Vulnerability Analysis Rootkits Cliff Zou Spring 2012.

CAP6135: Malware and Software Vulnerability Analysis Rootkits Cliff Zou Spring 2012.
Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.

Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.
Rootkits Jonathan Barella Chad Petersen. Overview What are rootkits How do rootkits work How to detect rootkits How to remove rootkits.

Rootkits Jonathan Barella Chad Petersen. Overview What are rootkits How do rootkits work How to detect rootkits How to remove rootkits.
ECAT 4.1 – Rule Your Endpoints What’s New Customer Overview.

ECAT 4.1 – Rule Your Endpoints What’s New Customer Overview.
Artificial Intelligence. Real Threat Prevention.

Artificial Intelligence. Real Threat Prevention.
Air Force Research Labs Dept Homeland Security (HSARPA)

Air Force Research Labs Dept Homeland Security (HSARPA)

Similar presentations

Ads by Google