Presentation is loading. Please wait.

Presentation is loading. Please wait.

End Point Technologies 1. End-Point Challenges EPP Efficacy Threats are breaking thru EPP at an increasing rate Rise in threats discovered by users or.

Similar presentations


Presentation on theme: "End Point Technologies 1. End-Point Challenges EPP Efficacy Threats are breaking thru EPP at an increasing rate Rise in threats discovered by users or."— Presentation transcript:

1 End Point Technologies 1

2 End-Point Challenges EPP Efficacy Threats are breaking thru EPP at an increasing rate Rise in threats discovered by users or post infection scans Hardware and Human resource cost Increased “Time Exposed to Danger” (TED) as advanced threats avoid detection and cleanup Signature models create unnecessary problems Mutual EPP Exclusivity As EPP products attempt to “punch above their weight” they are operating at the limits of their design parameters. As a result very few EPP products will co-exist denying customers the opportunity to improve protection by doubling up. Vendor Research Capacity Vendors no longer “have eyes” for low volume threats allowing high risk targeted attacks to go undetected Poor/Non Existent EPP Security Intelligence EPP designed as a protection layer with little or no surveillance capabilities Lack of Intelligence makes Security Breach Detection and Management time consuming and unreliable and makes auditing all but impossible End Point Technologies 2

3 Meeting the Challenges EPP Efficacy Inverted signature model, EPP client calculates ALL object signatures and feeds them to the center Powerful generic detection and cleanup leveraging centralized intelligence Rapid un-intrusive scanning technology covering all forms of malware including rootkits Small footprint with low technology and human resource overheads Reduce “Time Exposed to Danger” (TED) Mutual EPP Exclusivity Widest possible interoperability, by design Vendor Research Capacity Automation and linear scalability, by design – Prevx currently process 250,000 new objects /day Poor Security Intelligence Monitor all software then decide what is benign, what is malicious and what is worthy of closer attention. Don’t just look for known threats based on signatures or known behavior patterns. Ease of use and simplicity and speed of installation, deployment and management One light weight agent with multiple uses –Incremental Detection/Remediation/Protection/SNAC Choice of in-house or web based agent management or hybrid End Point Technologies 3

4 The Opportunities Awareness and Information Knowing what software exists, where, and for how long Software NAC Simple, fast, flexible EPP agent based System, Network or Application Access Control Extend EPP NAC to include casual visitors, even web connected clients Security Breach Management Install, scan and check 1,000 PCs for malware (including rootkits) in less than one hour Customer Security Management Enable e-commence applications to query the security state of any web connected client Force on-demand system scan Force cleanup before access Monitor, verify and block poisoned DNS resolution Force user into “more secure” browser environment Enforce or monitor PC usage and authentication End Point Technologies 4

5 Performance Comparison 5

6 CSI / Edge System Impact Edge: All components combined, produces only an 11MB RAM footprint. CSI: Virtually no overhead when idle and shrinks to a 6MB RAM footprint. Consistently low / transparent CPU usage: After 1 hour of heavy system use, Edge required only 24 seconds of kernel + user CPU time for realtime scanning. Both products require less than 10 MB of available disk space and will run on computers with less than 64MB of physical RAM. End Point Technologies 6

7 Without Edge:With Edge: Edge impacted system performance by only 0.34% percent across a wide range of CPU, disk, and graphics benchmarks. End Point Technologies PassMark™ System Performance Comparison 7

8 This chart compares size of the complete downloaded setup files of the above programs. (Lower is better) End Point Technologies Installation Size 8

9 End Point Technologies Registry Utilization Comparison This chart compares the count of registry entries installed by the above products. (Lower is better) 9

10 Scan Speed Although CSI scans extremely quickly, its rootkit scan and system analysis is as thorough as possible. It achieves this speed with some technical breakthroughs: The ability to duplicate the master file table (MFT) in memory and analyze files in an optimized sequence The ability to search through the system for duplicate/specific files in less than 1/100,000th of the time a standard search takes (0.01 seconds versus 20 minutes) The ability to analyze the system registry as a whole by reading it raw from the system and reorganizing it into a more optimized database format for on-demand analysis The ability to intelligently read the disk at a raw level, completely circumventing the Windows API, subsystem, and kernel The ability to use centralized, server-side resources to analyze behavior quickly and without requiring user resources End Point Technologies 10

11 End Point Technologies System Scan Time Tests were conducted on the same Windows XP system with common software installing including the Microsoft Office Suite and Photoshop CS3. 11

12 End Point Technologies Bootup Time Impact Tests were conducted on the same system and the resulting delay is the average of 5 reboots with the security product installed minus the average without any security product. 12

13 End Point Technologies Bandwidth Usage From Install to Full Protection 13

14 End Point Technologies Time from Install to Full Protection 14

15 Scan Comparative Video 15

16 End Point Technologies Scan Comparative Video Please visit the following URL for a Scan Comparative video: 16

17 Rootkit Detection Rootkit scanning and low-level system analysis is the reason for the fast scan speed Uses a cross-section approach on raw disk structures, registry, and memory structures Reports all findings centrally to the database to ignore legitimate system modifications done by security products, etc. to prevent user confusion: End Point Technologies Standard Flow of a File Read Request fread() > ReadFile > NtReadFile > KiFastSystemCall > SSDT > ZwReadFile > [Minifilter driver stack] > [Legacy file system filter driver stack] > ntfs.sys > PhysicalDiskn device > Disk.sys > classpnp.sys > scsi.sys > HAL > BIOS Flow of a CSI read request CSIRawReadFile() > scsi.sys > HAL > BIOS 17

18 Rootkit Remediation CSI removes rootkits by restructuring system components without the rootkits present before shutdown rather than falling into a race condition on bootup as other products do This provides stable rootkit removal which can remove any rootkit from the MBR rootkit to Rustock to TDSServ generically without having to write specific routines for each Spyware/usermode threat remediation isolates the threats from the rest of the system by closing or suspending open connections which the threats have and then forcing them to be removed, either from usermode or with the raw disk access modules End Point Technologies 18

19 End Point Technologies Rootkit Scan Comparison The popular antirootkit programs GMER and Rootkit Unhooker both analyze the disk at a raw level like CSI to detect some of the threats which CSI can detect, however, they do so in a much less optimized manner. These tests were performed on the same system with two rootkits active and an active usermode spyware infection. All three products detected the rootkits, but as CSI’s scan contains not only a rootkit scan, it also identified the active spyware infection which the other products missed. 19

20 Rootkit Infection Video 20

21 End Point Technologies Rootkit Infection Video Demonstration Please visit the following URL for a Rootkit infection video demonstration: 21

22 Website Drop Video 22

23 End Point Technologies Website Drop Video Demonstration Please visit the following URL for a website drop video demonstration: 23

24 Universal Agent CSI, Edge, Enterprise, eSAC 24

25 Prevx Software Single Installation File: All Prevx products (CSI, Edge, eSAC, CSI-E) are contained in the single 1MB install file, requiring no additional downloads Dynamic License Structure: The software will change dynamically depending on the license key entered or functionality requested Light on Resources: The software is light on resources and requires a minimal number of files on disk as well as only two active processes to support multiple user accounts End Point Technologies 25

26 Operating System Support CSI Windows 7, 2008, Vista, 2003, XP, 2000, ME, 98, NT4 Support for 32 bit and true 64 bit architectures EDGE Windows 7, 2008, Vista, 2003, XP, 2000 Support for 32 bit and true 64 bit architectures ESAC Windows 7, 2008, Vista, 2003, XP, 2000, ME, 98, NT4 Support for 32 bit and true 64 bit architectures Plus Universal Browser support End Point Technologies 26

27 EPP Compatibility CSI, Edge and ESAC have been designed for complete compatibility between other security solutions and has been thoroughly tested and found to be completely compatible with all major enterprise security solutions including the following: Symantec Endpoint Protection 11.0 McAfee Total Protection for Endpoint Trend Micro Office Scan 8.0 Kaspersky Work Space Security* ESET Smart Security Business Edition Sophos Endpoint Security and Control 8 AVG Internet Security Network Edition 8.0 * A minor incompatibility between the memory scanner of Kaspersky and the self protection of Edge was found and corrected during testing End Point Technologies 27

28 Consumer Security Suite Compatibility CSI, Edge and ESAC are fully compatible with popular consumer security suites and have been thoroughly tested against the following popular suites as well as dozens of other products with no identified incompatibilities: Norton Internet Security 2009 ESET Smart Security 2009 Trend Micro Internet Security 2009 McAfee Internet Security 2009 Kaspersky Internet Security 2009 AVG Internet Security 2009 F-Secure Internet Security 2009 G-Data Internet Security 2009 Panda Internet Security 2009 ZoneAlarm Internet Security Suite 2009 End Point Technologies 28

29 CSI and Edge 29

30 End Point Technologies Prevx CSI Provides scanning and cleanup functionality for home users. Management takes place within the local software and users are provided a GUI to configure settings and schedule scans. 30

31 End Point Technologies Prevx Edge Provides malware protection and advanced rootkit prevention with minimal system resource use and maximum compatibility with other software. 31

32 End Point Technologies Software Conversion Installing CSI automatically installs Edge. To activate the Edge functionality, the user can click “Prevent Infections” to upgrade to Edge. To convert back to CSI from Edge, clicking “Revert to CSI” will disable the Edge functionality and revert the software to CSI. 32

33 eSAC (eCommerce Secure Access Control) 33

34 End Point Technologies Prevx eSAC Prevx eCommerce Secure Access Control protects accounts from fraud and phishing by utilizing centralized authentication validation intelligence and malware scanning with CSI. 34

35 End Point Technologies Prevx eSAC Website Launches Prevx ESAC Seamlessly via special html Internet Integrity Check LSP Chain. DNS Poison. Host File Injection. Device Integrity Check Real Time Malware Scan. AV Status Check. Device/Account Cross Check Logon History of this Device. Logon History of All Accounts using this device. Website receives intimate knowledge of connected computer’s malware state and previous logon history in just 20 secs. Website Continues Logon With more knowledge about the Connected PC 35

36 End Point Technologies Prevx eSAC Video Demonstration Please visit the following URL for a video demonstration: 36

37 Enterprise 37

38 End Point Technologies Prevx Enterprise Provides enterprise functionality and centralized management with alerts for large corporations. CSI also provides web-based management for smaller companies that do not have the resources to run local server software. 38

39 Enterprise Agent Built on current consumer offering Same strong detection and cleanup Lightweight implementation and Low-Resource footprint Compatibility for all windows platforms and with all security vendors Minimalistic user interface Communicates with in-house CSIE Server End Point Technologies 39

40 Enterprise Server Multithreaded, single point of contact to the Prevx central database Own database implementation (MDB) Cloud-Response caching Agent configuration and distribution, report, alert and override capabilities End Point Technologies 40

41 Enterprise Architecture End Point Technologies MDB Agents Determination Configurations Scan Histories Overrides Admins Prevx Cloud Community Database CSIE Server Firewall / Proxy server Secure Relay Node Agents 41

42 End Point Technologies Enterprise Status 42

43 End Point Technologies Enterprise Alerts 43

44 End Point Technologies Enterprise Overrides 44

45 End Point Technologies Enterprise Client Configuration 45

46 End Point Technologies Enterprise Remote Deployment 46

47 End Point Technologies Prevx Enterprise Video Demonstration Please visit the following URL for a video demonstration: 47

48 MyPrevx Online Management Console 48

49 MyPrevx – Business console End Point Technologies All business users of either Prevx CSI, Prevx Edge and Prevx 2.0 receive access to the MyPrevx console as part of their subscription. This allows administrators to manage not only the license and machines installed but also their auditing and alerting when a system is found to be infected. 49

50 MyPrevx – Business console End Point Technologies MyPrevx for Business offers users a complete chronological list of infections found within their organisation. System administrators and those tasked with assessing risk can easily see how and when certain infections might have impacted the security of their data. 50

51 MyPrevx – Business console End Point Technologies MyPrevx Business allows you to administer your licenses... 51

52 MyPrevx – Business console End Point Technologies... The machines on a license... 52

53 MyPrevx – Business console End Point Technologies... And the individual machines. 53

54 MyPrevx – Business console End Point Technologies MyPrevx offers both an over view of the infection and scan results of an individual machine together with details of co-existent EPP and their status 54

55 MyPrevx – Business console End Point Technologies... As well as the full history of that machine while Prevx CSI/Edge was installed. 55

56 MyPrevx – Business console End Point Technologies Full detailed information is available for all infections found within the business allowing the system administrator to assess it’s impact and further plan how they might respond across their organisation. 56

57 MyPrevx – Business console End Point Technologies 57

58 End-Point Challenges EPP Efficacy Threats are breaking thru EPP at an increasing rate Rise in threats discovered by users or post infection scans Hardware and Human resource cost Increased “Time Exposed to Danger” (TED) as advanced threats avoid detection and cleanup Signature models create unnecessary problems Mutual EPP Exclusivity As EPP products attempt to “punch above their weight” they are operating at the limits of their design parameters. As a result very few EPP products will co-exist denying customers the opportunity to improve protection by doubling up. Vendor Research Capacity Vendors no longer “have eyes” for low volume threats allowing high risk targeted attacks to go undetected Poor/Non Existent EPP Security Intelligence EPP designed as a protection layer with little or no surveillance capabilities Lack of Intelligence makes Security Breach Detection and Management time consuming and unreliable and makes auditing all but impossible End Point Technologies 58

59 End Point Technologies Thank You 59

60 60

61 Appendix 61

62 Appendix End Point Technologies 62

63 Appendix End Point Technologies 63

64 Appendix End Point Technologies 64

65 Appendix End Point Technologies 65

66 Appendix End Point Technologies 66

67 Appendix End Point Technologies 67

68 Appendix End Point Technologies 68

69 Appendix End Point Technologies 69

70 Appendix End Point Technologies 70

71 Appendix End Point Technologies 71

72 Appendix End Point Technologies 72

73 Appendix End Point Technologies 73

74 Appendix End Point Technologies 74

75 Appendix End Point Technologies 75

76 Appendix End Point Technologies 76

77 Appendix End Point Technologies 77

78 Appendix End Point Technologies Meeting or Exceeding Standards: CSI Enterprise roadmap includes integration with standard Network Security Monitoring consoles, such as HP OpenView, IBM Tivoli, CA Unicenter, etc - thus providing quick integration of the agent with existing management solutions. Prevx eSAC is being developed to include the principles of a proprietary Network Access Control system, that follows and expands upon the goals of TNC in maintaining the ideals of integrity and identity. 78

79 Appendix End Point Technologies 79

80 End Point Technologies Appendix Installation of McAfee. Scan takes 30 mins on a computer with minimal base install of windows: 80


Download ppt "End Point Technologies 1. End-Point Challenges EPP Efficacy Threats are breaking thru EPP at an increasing rate Rise in threats discovered by users or."

Similar presentations


Ads by Google