Presentation is loading. Please wait.

Presentation is loading. Please wait.

The next frontier in Endpoint security

Published byWilla Strickland Modified over 5 years ago

Similar presentations

Presentation on theme: "The next frontier in Endpoint security"— Presentation transcript:

1 The next frontier in Endpoint security
Dan Larson, Crowdstrike

2 $150 Cost per stolen record
2016 22% Rise in breaches 146 Day Average dwell time $150 Cost per stolen record 2015 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.

3 77% 77 percent of U.S. businesses admitted that they have suffered between one and five separate incidents of data loss, leakage or exposure in the past 12 months 2015 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.

4 How are the bad guys getting in?
2015 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.

5 Abuse of weak domain user passwords
Broadcast name resolution poisoning (like WPAD) Local admin password attacks (pass-the-hash) Attacks on cleartext passwords in memory (Mimikatz) Insufficient network segmentation 2015 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.

6 Making matters worse 2015 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.

7 Zero days are A last resort
2015 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.

8 How do we stop the bad guys?
2015 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.

9 Machine Learning Effective against: New, modified or packed malware
Primary benefit: Ani-malware efficacy and system performance Caution Watch out for “learning” period Malware is used in less than 50% of attacks Blind spots: The rest of the kill chain, and advanced infection vectors like web shells or ”file-less” malware Machine Learning 2015 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.

10 Behavioral Analytics Effective against
Web shells and other advanced infections (e.g. stolen passwords & abuse of legit tools) Ransomware Lateral movement Persistence Data access and exfil Primary benefit: Coverage for malware-free attacks and polymorphic malware Caution: Detecting is easier than preventing Blind spots: Anything happening pre-execution Behavioral Analytics 2015 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.

11 Effective against: Exploits - Hugely prevalent exploit kits
Primary benefit: System hardening Caution: Learning mode, FPs, extracting value Blind spots: Insider threat, stolen credentials, abuse of legitimate tools Exploit Mitigation 2015 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.

12 Sandboxing & Isolation
Effective against: Exploits - Hugely prevalent exploit kits Primary benefit: Impact reduction Caution: Now a part of Windows, user impact Blind spots: Insider threat, stolen credentials, abuse of legitimate tools Sandboxing & Isolation 2015 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.

13 Effective against: Advanced threats, zero days, APT activity, insider threat, abuse of legit tools
Primary benefit: Visibility Caution Who does the work? How “smart” is it? Does it scale? Do you really want forensics? Blind spots: Prevention Detection & Response 2015 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.

14 Effective against: Advanced threats, zero days, APT activity, insider threat, abuse of legit tools
Primary benefit: Visibility, tailored detections Caution Do you have the talent for this? Hunting vs. MSSP Data availability and breadth Blind spots: Prevention Threat Hunting 2015 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.

15 Closing thoughts Think about the entire kill chain
Penetration test new products 2015 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.

Download ppt "The next frontier in Endpoint security"

Similar presentations

Security Life Cycle for Advanced Threats

Security Life Cycle for Advanced Threats
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.
SPEAKER BLITZ ERIC BROWN Senior Systems Engineer NICK JAVANOVIC DoD Regional Sales Manager.

SPEAKER BLITZ ERIC BROWN Senior Systems Engineer NICK JAVANOVIC DoD Regional Sales Manager.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
ASSUME BREACH PREVENT BREACH + Research & Preparation First Host Compromised 24-48 Hours Domain Admin Compromised Data Exfiltration (Attacker.

ASSUME BREACH PREVENT BREACH + Research & Preparation First Host Compromised Hours Domain Admin Compromised Data Exfiltration (Attacker.
IBM Security Network Protection (XGS)

IBM Security Network Protection (XGS)
1 Cost-Effective Strategies for Countering Security Threats: IPSEC, SSLi and DDoS Mitigation Bruce Hembree, Senior Systems Engineer A10 Networks.

1 Cost-Effective Strategies for Countering Security Threats: IPSEC, SSLi and DDoS Mitigation Bruce Hembree, Senior Systems Engineer A10 Networks.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
Trend Micro Confidential 9/23/2015 Threat Rules Sharing Advanced Threats Research.

Trend Micro Confidential 9/23/2015 Threat Rules Sharing Advanced Threats Research.
©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.

©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Leveraging Information to Detect and Prevent Insider Attacks Phoram Mehta Senior.

© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Leveraging Information to Detect and Prevent Insider Attacks Phoram Mehta Senior.
Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz

Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
Module 14: Securing Windows Server 2003. Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.

Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.

CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.
Free, online, technical courses Take a free online course. Microsoft Virtual Academy.

Free, online, technical courses Take a free online course. Microsoft Virtual Academy.
Sky Advanced Threat Prevention

Sky Advanced Threat Prevention
©2015 HEAT Software. All rights reserved. Proprietary & Confidential. Ransomware: How to Avoid Extortion Matthew Walker – VP Northern Europe.

©2015 HEAT Software. All rights reserved. Proprietary & Confidential. Ransomware: How to Avoid Extortion Matthew Walker – VP Northern Europe.

Similar presentations

Ads by Google