Presentation is loading. Please wait.

Presentation is loading. Please wait.

© Abatis 2004-2011 HDF - the new approach in malware protection Patent Pending Worldwide 1 Abatis Security Innovations and Technologies Ultimate Protection.

Similar presentations


Presentation on theme: "© Abatis 2004-2011 HDF - the new approach in malware protection Patent Pending Worldwide 1 Abatis Security Innovations and Technologies Ultimate Protection."— Presentation transcript:

1 © Abatis HDF - the new approach in malware protection Patent Pending Worldwide 1 Abatis Security Innovations and Technologies Ultimate Protection for your Information assets Traditional Anti-Virus – A Busted Flush! by Kerry Davies Commercial Director, Abatis (UK) Ltd

2 © Abatis HDF - the new approach in malware protection Patent Pending Worldwide 2 Abatis Security Innovations and Technologies Ultimate Protection for your Information assets Background  Computer Science degree in early ‘80s  Security field since 1986  Security Evaluator – Consultant – Manager – Company Founder – Director in Big 4 – Business Partner  MSc in Information Security at Royal Holloway (Graduate 2009)  Why is traditional A/V a “Busted Flush”?  What is malware?  How does malware work?  How does traditional A/V work?  An alternative approach (that works!)

3 © Abatis HDF - the new approach in malware protection Patent Pending Worldwide 3 Abatis Security Innovations and Technologies Ultimate Protection for your Information assets WHAT IS MALWARE ?  Virus, Worm, Trojan Horse, Key-Logger, Root-Kit, Logic Bomb, etc.  Malware is a value judgement  Malware is BIG BUSINESS for cyber criminals, cyber terrorists and hostile state actors - APTs  Traditional anti-virus (A/V) is reactive not proactive – infections have to occur in order for the A/V vendors to collect samples to generate A/V signatures and the antidote  Symantec’s 2010 report announced that they had found 286 million pieces of new malware that year – traditional A/V vendors can’t keep up with this volume and the user community can’t keep taking the megabytes of signature updates that the vendors push out daily

4 © Abatis HDF - the new approach in malware protection Patent Pending Worldwide 4 Abatis Security Innovations and Technologies Ultimate Protection for your Information assets Payload: implementation of specific actions such as opening backdoors, Botnet, spyware, keylogger, rootkit … Scanning Engine: scanning across the network How does Malware work? From: “Malware – Fighting Malicious Code“, p. 79; Ed Skoudis, Prentice Hall 2004 Elements of a worm (as an example) Warhead: gains access to the victim’s machine Propagation Engine: transfers the body to the victim Target Selection Algorithm: looking for potential new victims to attack

5 © Abatis HDF - the new approach in malware protection Patent Pending Worldwide 5 Abatis Security Innovations and Technologies Ultimate Protection for your Information assets Assessing the Threatscape  Malware is everywhere and easily spread – nothing is safe any more  As smart-phone use rockets and social networking explodes, we struggle to balance the need for security versus the need to share information  Connection between the Hoover Dam and Natanz Nuclear facility in Iran?  Consumerisation of IT - the blurring between professional and personal use of technology, mobile platforms and social networking pose serious threats  spam, phishing, pharming and spear-phishing on increase  So far in 2011, McAfee has identified 150,000 malware samples every day. One unique file almost every half second, and a 60% increase over 2010  19,000 new malicious URLs each day in the first half of this year. And, 80% of those URLs are legitimate websites that were hacked or compromised

6 © Abatis HDF - the new approach in malware protection Patent Pending Worldwide 6 Abatis Security Innovations and Technologies Ultimate Protection for your Information assets Consensus in the A/V Industry ‘….With mobile menaces steadily on the rise, we can only anticipate how virulently worms can multiply, especially with the explosion of Bluetooth and the increase in workforce mobility in organisations like the NHS’ Leslie Forbes, Technical Manager, F-Secure: “Back in the 80s, computer experts were quick to dismiss PC viruses as harmless. We need to learn from this mistake and start taking the mobile malware threat seriously. Only by taking pre-emptive measures can we equip ourselves against this pernicious and escalating menace…” Davey Winder: Security Journalist and Consultant “anti-virus technology can't stop targeted attacks....Anti-virus is dead because it is unable to detect attacks properly and is incapable of working on mobile devices” Nir Zuk, founder and CTO of Palo Alto Networks to SC Magazine, September 9th 2011 According to Ken Silva, CTO of Verisign: ‘….Criminals will go where the money is," Silva told CNET News. "If you start doing things of financial interest with your mobile phone, they will find a way to get your money." “ The security industry has ‘done a miserable job of protecting customers and industry. More than half of malware is not blocked by anti-virus, as vendors can only deal with known malware the approach taken by most anti- virus vendors is not good enough, as most claim to block 99 per cent of known malware, but most cyber criminals use unknown variants. M86 Security CEO John Vigouroux Speaking to SC Magazine In 2007 ‘....there were about 200 malware threats for mobile phones and more than 250,000 viruses for Windows. Graham Cluley, senior technology consultant at Sophos Symantec recorded that in 2010 it saw 286 Million pieces of new malware

7 © Abatis HDF - the new approach in malware protection Patent Pending Worldwide 7 Abatis Security Innovations and Technologies Ultimate Protection for your Information assets Effectiveness of Anti-malware solutions Recent malware infection tactics:  Drive-by download infection  Fake security tool and free scanning services  Social engineering – social networks, e.g. Facebook  Embed malicious link in – phishing, pharming and spear phishing type attacks  Cracked PDF and document files – embedded link/payload Popular AV signature-based solutions detect on average less than 19% of malware threats. That detection rate increases to only 61.7% after 30 days Malware Detection Rates for Leading AV Solutions: A Cyveillance Analysis 04/08/10

8 © Abatis HDF - the new approach in malware protection Patent Pending Worldwide 8 Abatis Security Innovations and Technologies Ultimate Protection for your Information assets OTHER METHODS OF PROTECTION  Isolation  Avoid questionable sites, download software only from reputable sites, run an anti-virus scan on any downloaded material  Signature Based – as last table showed, average 19% effective on day 1, max 60%, reactive  Heuristic – reactive, signature based fuzzy pattern matching, false positives (achieves 19%)  Reputation Based – incomplete coverage, limited, vendor specific, error prone, can be defeated  Hashing – used as part of reputation based approach (hashes can be defeated)  Blacklisting – seriously?  Whitelisting – attractive in principle but a huge maintenance nightmare as hashes have to be recalculated and redistributed to every machine for every change  Combination – what the better A/V is doing now………….  Kernel-level Control over I/O – use fundamental nature of malware as executable code and ring- based integrity mechanisms of the O/S to block storage of executable program files on the hard disk to produce a fast, reliable, non signature-based, proactive anti-malware solution

9 © Abatis HDF - the new approach in malware protection Patent Pending Worldwide 9 Abatis Security Innovations and Technologies Ultimate Protection for your Information assets HDF - IMPLEMENTATION Operating system e.g. Windows (Kernel mode / Ring 0) Applications e.g. WinWord (User Mode / Ring 3) HDF filter NTFS drive, C:\ Interface to hardware (NTFS, FAT etc) Block keylog.exe (b) save business.doc (a) save keylog.exe Operating system Input and output control (IO Manager) Without HDF protection NTFS drive, C:\ Interface to hardware (NTFS, FAT etc) Business.doc is not blocked With HDF protection

10 © Abatis HDF - the new approach in malware protection Patent Pending Worldwide 10 Abatis Security Innovations and Technologies Ultimate Protection for your Information assets PRODUCTS AND BENEFITS HDF Workstation HDF Server All versions of Windows from NT to latest 64 bit Red Hat Linux Mobile Platforms (future), Real Time, SCADA Enforce system integrity Stop zero day attacks and targeted attacks Block all unwanted software execution No signature updates required; fit & forget – low TCO No performance impact – potential improvement

11 © Abatis HDF - the new approach in malware protection Patent Pending Worldwide 11 Abatis Security Innovations and Technologies Ultimate Protection for your Information assets HARD DISK FIREWALL (HDF) HDF CLAMPDOWN SECURE MOBILE PLATFORMSCRITICAL SYSTEMS PROTECTION SECURE REAL TIME SYSTEMS PERFROMANCE IMPROVEMENT PROTECTION OF LEGACY EQUIPMENT Tablet Devices Windows 7 MobileAndroid Keylogger Protection incl USB Mobile worker Laptops eg. Sales people Drive-by Download protection Embedded Systems Safety Critical Systems CNI & SCADA Mission Critical Systems including Virtualised environments Stop website defacement & secure hosted environments Linux Windows NT Windows 2000 Windows XP Windows VISTA Battery Life Enhancement ResearchSecurity effectiveness Improvement if used with traditional A/VFaster if used w/o A/V or on-demand only scanning

12 © Abatis HDF - the new approach in malware protection Patent Pending Worldwide 12 Abatis Security Innovations and Technologies Ultimate Protection for your Information assets Questions Kerry Davies Abatis (UK) Ltd Royal Holloway Enterprise Centre Royal Holloway University of London Egham Surrey TW20 0EX Tel: +44 (0)


Download ppt "© Abatis 2004-2011 HDF - the new approach in malware protection Patent Pending Worldwide 1 Abatis Security Innovations and Technologies Ultimate Protection."

Similar presentations


Ads by Google