CAS : A FRAMEWORK OF ONLINE DETECTING ADVANCE MALWARE FAMILIES FOR CLOUD-BASED SECURITY
|
|
- Hilda Fletcher
- 8 years ago
- Views:
Transcription
1 CAS : A FRAMEWORK OF ONLINE DETECTING ADVANCE MALWARE FAMILIES FOR CLOUD-BASED SECURITY ABHILASH SREERAMANENI DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING SEOUL NATIONAL UNIVERSITY OF SCIENCE AND TECHNOLOGY 2014
2 CONTENTS i. MAIN IDEA ii. iii. iv. INTRODUCTION CLOUD BASED SECURITY SERVICE CAS : THREAT INTELLIGENCE AS A SERVICE v. CONCLUSION vi. REFERENCES 5/26/2014 2
3 MAIN IDEA Preventing networks from being attacked has become a critical issue for network administrators and researchers. With the popularity and variety of large-scale zero day threats over the Internet, security companies have to keep on inserting new virus signatures into their databases. However, the increasing size of virus signature file is dragging computers to a crawl during the virus scan. To effectively handle the scale and magnitude of new malware variants, antivirus functionality is being moved from the user desktop into the cloud. The large-scale volume of advanced malware has created a need for automatic framework which can discover inter-family correlations for online detection. In this paper, we propose a fast and efficient technique to extract correlation signatures from advanced malware families for cloud-based security systems. At the core of our work is CAS, a framework for largescale and cross-family malware analysis. CAS uses novel method for Advanced Persistent Threats (APTs) correlation. Our large-scale testing shows that CAS can detect millions of malware samples efficiently with malware correlation signatures at inline speed. These advanced malware include packers, PE malware, mobile malware, scripts and non- PE malware. 5/26/2014 3
4 INTRODUCTION (1/3) over the past years size of the internet has increased dramatically and more network facilities are connected to the internet, preventing networks from attacks has become a critical issue. The past few years have witnessed a significant increase in the number of malware threats. Today s Anti-virus (AV) industry devotes much effort to combating Advanced Persistent Threat (APT), also as known as the advanced malware. Security engineers are facing a serious problem of defeating the complexity and quantity of advanced malwares. 5/26/2014 4
5 INTRODUCTION (2/3) Hackers are launching unknown APT malware, which most AV software can t detect. Security researchers are facing a great challenge in overcoming advanced malware s complexity. Behavior-based detection approaches have been used to detect malware in sandbox such as CW Sandbox or virtual images. However, these approaches have slow scan speeds and some interface issues. Therefore, they cannot be used on next generation high speed network devices. To effectively handle the scale and magnitude of new malware variants, anti-virus functionality is being moved from the user desktop into the cloud. 5/26/2014 5
6 INTRODUCTION (3/3) For a suspicious file, the AV desktop agent fetches the fingerprint or calculates the hash value of the file, and sends it to the remote cloud server, which will compare that fingerprint or value to the continuously updated signature database in the Internet. If the value exists in the database, the client will be asked which specific action the user wants the desktop agent to take on the infected file. As the core of the threat intelligence as-a service, CAS can support very broad malware types, from PE, non-pe format, scripts, to even mobile threats. 5/26/2014 6
7 CLOUD BASED SECURITY SERVICE The new malware variants challenge the traditional AV protection model, which demands frequent signature updates, large signature databases, and resourceguzzler style security products. As the next-generation security infrastructure, AV In-the-Cloud service is moving the virus-scanning functionality from the desktop to the Internet. A. TRADITIONAL AV SOLOUTIONS Most malwares are executable files which can be understood and executed by operating systems. (EG. Portable Executable format (PE)). For any suspicious file, A traditional AV scanner deployed at desktop, for searching the file s signature or hash value in the signature database. 5/26/2014 7
8 CLOUD BASED SECURITY SERVICE Traditional signature database usually employs prior knowledge of malware signatures, which are generated by security engineers. The signature database is efficient to detect known malwares, however it cannot often detect unknown viruses and polymorphic variants. Polymorphic malwares can mutate their signatures via unpredictable compression or encryption trans-formations, and easily bypass AV scanners. Generating signatures for zero-day threats becomes a tedious reactive security function. Security vendors are facing great challenges in overcoming the complexity of malwares, and fighting against the malware backlog is nothing new. 5/26/2014 8
9 CLOUD BASED SECURITY SERVICE B. AV CLOUD INFRASTRUCTURE on-access scanner is deployed at the desktop. It automatically examines the local machine s memory and file system whenever these resources are accessed by an application. By distributing a set of trusted anonymous hops, it offers the location-hidden service without revealing the cloud server s networking identity. The cloud agent is a lightweight hybrid desktop solution to resolve the AV resource intensive problem. It acts like a file filter, inspecting suspicious file loading and storing activities. The agent collects hash values or fingerprints of suspicious files from users. These users can be either single distributed or locally networked. 5/26/2014 9
10 CLOUD BASED SECURITY SERVICE Cloud-based Anti-virus Service 5/26/
11 CLOUD BASED SECURITY SERVICE Nowadays, to evade malicious content detection, virus hackers use binary tools to instigate code obfuscation, to bypass the security products. It is vital for AV products to deploy the emulator to inspect hidden payloads. An emulator includes programs to execute or emulate suspicious encrypted executables until they are fully decrypted in memory. There are two ways to deploy the emulation functionality: an emulator can be embedded inside the desktop agent, or deployed in the cloud. An agent without the emulator can relieve users from the resource constraints of desktop virus scanning and send the full obfuscated samples towards the cloud servers sometimes it consumes bandwidth, and it is not suitable for customers who have the bandwidth limitation. 5/26/
12 CLOUD BASED SECURITY SERVICE Embedding the emulator into the desktop allows the agent inspect the hidden payloads of the obfuscated programs. Bandwidth will be saved because hash value of the dumped data rather than the file itself is sent to the cloud. Cloud-based security solutions are also facing some challenges to defend against advanced malware. which this paper is attempting to address with the solution of the threat intelligence as-a-service. 1. Increasing speed of APTs. 2. Traditional AV largely useless against APTs. 3. Stream-based AV is one of the latest techniques being used by network based products for scanning. 4. Non-PE formats (e.g., PDF) fall outside the domain of traditional signature based AV engines. 5/26/
13 CAS : THREAT INTELLIGENCE AS A SERVICE Advanced Persistent Threats are becoming more targeted, traditional malware detection is no longer sufficient to cope with advanced malware s obfuscation techniques to detect new breed of defense strategy is required. The threat intelligence as-a-service allows users to protect against APTs via an automaton that analyzes advance malware s malicious contents. In this paper, we will describe a framework to detect advanced malware, CAS. This system combines advantages of prior knowledge of known viruses in traditional AV signature databases and the ability of threat intelligence to detect new unknown advanced malware variants. CAS delivers accurate detection of APTs, thus reducing zero-day malware by providing early detection and near-real-time alerts for monitored systems. 5/26/
14 CAS : THREAT INTELLIGENCE AS A SERVICE INTELLIGENCE AS-A-SERVICE 5/26/
15 CAS : THREAT INTELLIGENCE AS A SERVICE A. Framework Stream-based antivirus is one of the latest approaches being used by network vendors for high-speed next generation gateway product deployed in the cloud. Increasing size of virus signature database is consuming huge memories and resources, which causes the on-the-fly malware scanning on networking devices very difficult to be implemented. For good workload balance for online scanning, the industry requires a lightweight signature database. 5/26/
16 CAS : THREAT INTELLIGENCE AS A SERVICE CAS FRAMEWORK 5/26/
17 CAS : THREAT INTELLIGENCE AS A SERVICE B. Malware types supported In CAS, to support heterogeneous malware types, the intelligent parser in CAS is able to recognize the input malware file type. Current CAS supports PE, Packers, non-pe (such as PDF, images, Microsoft Offices, web scripts, and even mobile malware). Portable Executable (PE) format is the most popular format for executables, libraries, and drivers in Windows. A PE file comprises various sections and headers that describe the section data, import table, export table, resources, and so on. PE file starts with the DOS executable header, followed by the PE header, which begins with the signature bits PE. 5/26/
18 CAS : THREAT INTELLIGENCE AS A SERVICE The PE header also includes some general file properties, such as the number of sections, machine type, and time stamp, optional header contains section table headers which shows raw size, virtual size and section name. At the end of the PE file is the section data, which contains the file s original entry point (OEP) entry point where file execution begins. To search a PE file for malware, a scanner typically scans the segments for the known signatures at certain offsets from OEP. Packers work on PE executable files and dynamic link libraries (DLLs). 5/26/
19 CAS : THREAT INTELLIGENCE AS A SERVICE PE FORMAT OVERVIEW 5/26/
20 CAS : THREAT INTELLIGENCE AS A SERVICE PE-HEADER-BASED DETECTION APPROACH OVERVIEW 5/26/
21 CAS : THREAT INTELLIGENCE AS A SERVICE To perform packing, a packer first parses PE internal structures. Then, it reorganizes PE headers, sections, import tables, and export tables into new structures and attaches a code segment that the malware will invoke before the OEP. This code is called the stub, and it decompresses the original data and locates the OEP. During packing, a packer compresses and encrypts the code and resource sections using the compression and encryption libraries. With randomization, the packer can also generate different variants of a single file every time the file is packed. For some powerful packers, the polymorphism engine also adds a protection layer against RE and debugging. 5/26/
22 CAS : THREAT INTELLIGENCE AS A SERVICE Nowadays mobile malware reached a new level of maturity. Threats targeting smartphones and tablets are beginning to pose meaningful challenges to clients. In 2011, there is an almost 200% percent increase in mobile malware across all mobile platforms, Based on a generic framework, CAS can also analysis mobile malware, and detect mobile malware families based on different OS platform, such as Symbian, Android, and Blackberry. Figure shows the internal SIS format of Symbian malware. SIS is an acronym of Software Installation Script, archive for Symbian OS. 5/26/
23 CAS : THREAT INTELLIGENCE AS A SERVICE MOBILE SYMBIAN FILE FORMAT 5/26/
24 CAS : THREAT INTELLIGENCE AS A SERVICE C. Stream-based on-the-fly scanning To be effective, such 10 Gigabyte networking devices have to scan on the-fly against more complicated new malware. In order to keep a good workload balance, high-speed networking devices require a lightweight signature database be half of traditional AV. To generate a light-weight malware signature database and handle the large quantity of new unknown samples, it is important to develop intelligent threat response systems which support automatic and generic signature generation. CAS uses novel method for million-scale malware correlation, and detects millions of sample using malware correlation signatures. 5/26/
25 CAS : THREAT INTELLIGENCE AS A SERVICE STREAM-BASED ANTIVIRUS 5/26/
26 CAS : THREAT INTELLIGENCE AS A SERVICE Generic Framework 5/26/
27 CAS : THREAT INTELLIGENCE AS A SERVICE Non-PE malware, also known as embedded malware, allows malicious codes to be hidden inside a benign file, such as JPG, GIF and PDF files. They are self-encoded, so the embedded malware is very difficult to be detected. CAS uses non-pe parsers to find the hidden malicious payloads and apply signatures to detect the malware. Malicious codes hidden in JPG format 5/26/
28 CONCLUSION As more incoming malware samples become available, a powerful large-scale threat response system is required to support proactive detection and protection. This paper introduces CAS to identify features across malware families that are written in similar ways. This could lead to quick identification of zero-day malware as well as fingerprinting these features. We are still in the early stages, and several major issues in protecting AV cloud service remain to be addressed. 5/26/
29 REFERENCES [1] W. Yan, Z. Zhang, and N. Ansari Revealing packed malware, IEEE Security and Privacy, vol. 6, no. 5, pp , Sep/Oct, 200 [2] Liang Xie, Xinwen Zhang, Jean-Pierre Seifert, Sencun Zhu: pbmds: a behavior-based malware detection system for cellphone devices. WISEC 2010: [3] Andrea Lanzi, Davide Balzarotti, Christopher Kruegel, Mihai Christodorescu, Engin Kirda, AccessMiner: Using System-Centric Models for Malware Protection. In Proceedings of 17th ACM Conference on Computer and Communications Security (CCS), October 2010, Chicago, Illinois, USA. [4] M. Pietrek, Peering Inside the PE: A Tour of the Win32 Portable Executable File Format, Microsoft Systems J., Mar. 1994, pp [5] A. Pranata, Symbian Executable File Format. 5/26/
30 Q &A 5/26/
31 THANK YOU 5/26/
WildFire Overview. WildFire Administrator s Guide 1. Copyright 2007-2015 Palo Alto Networks
WildFire Overview WildFire provides detection and prevention of zero-day malware using a combination of malware sandboxing and signature-based detection and blocking of malware. WildFire extends the capabilities
More informationLASTLINE WHITEPAPER. In-Depth Analysis of Malware
LASTLINE WHITEPAPER In-Depth Analysis of Malware Abstract Malware analysis is the process of determining the purpose and functionality of a given malware sample (such as a virus, worm, or Trojan horse).
More informationFighting Advanced Threats
Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.
More informationWildFire. Preparing for Modern Network Attacks
WildFire WildFire automatically protects your networks from new and customized malware across a wide range of applications, including malware hidden within SSL-encrypted traffic. WildFire easily extends
More informationAnti virus in the cloud service: are we ready for the security evolution?
SECURITY AND COMMUNICATION NETWORKS Security Comm. Networks 2012; 5:572 582 Published online 20 July 2011 in Wiley Online Library (wileyonlinelibrary.com)..352 RESEARCH ARTICLE Anti virus in the cloud
More informationComprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)
Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware
More informationADVANCED THREATS IN THE ENTERPRISE. Finding an Evil in the Haystack with RSA ECAT. White Paper
ADVANCED THREATS IN THE ENTERPRISE Finding an Evil in the Haystack with RSA ECAT White Paper With thousands of workstations and servers under management, most enterprises have no way to effectively make
More informationGetting Ahead of Malware
IT@Intel White Paper Intel Information Technology Security December 2009 Getting Ahead of Malware Executive Overview Since implementing our security event monitor and detection processes two years ago,
More informationWhite Paper. Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks
White Paper Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks White Paper Executive Summary Around the world, organizations are investing massive amounts of their budgets
More informationThe Hillstone and Trend Micro Joint Solution
The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry
More informationParasitics: The Next Generation. Vitaly Zaytsev Abhishek Karnik Joshua Phillips
Parasitics: The Next Generation. Vitaly Zaytsev Abhishek Karnik Joshua Phillips Agenda Overview W32/Xpaj analysis Overview of a virtual machine Software protection trends W32/Winemmem analysis W32/Induc
More informationIntegrated Approach to Network Security. Lee Klarich Senior Vice President, Product Management March 2013
Integrated Approach to Network Security Lee Klarich Senior Vice President, Product Management March 2013 Real data from actual networks 2 2012, Palo Alto Networks. Confidential and Proprietary. 2008: HTTP,
More informationCloud Services Prevent Zero-day and Targeted Attacks
Cloud Services Prevent Zero-day and Targeted Attacks WOULD YOU OPEN THIS ATTACHMENT? 2 TARGETED ATTACKS BEGIN WITH ZERO-DAY EXPLOITS Duqu Worm Causing Collateral Damage in a Silent Cyber-War Worm exploiting
More informationCisco Advanced Malware Protection for Endpoints
Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview With today s sophisticated malware, you have to protect endpoints before, during, and after attacks. Cisco Advanced Malware Protection
More informationDefending Against Cyber Attacks with SessionLevel Network Security
Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive
More informationUnified Security, ATP and more
SYMANTEC Unified Security, ATP and more TAKE THE NEXT STEP Martin Werner PreSales Consultant, Symantec Switzerland AG MEET SWISS INFOSEC! 27.01.2016 Unified Security 2 Symantec Enterprise Security Users
More informationMalicious Software. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49. Viruses and Related Threats
Malicious Software Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 1 Outline Viruses and Related Threats Malicious Programs The Nature of Viruses Antivirus
More informationTechnology Blueprint. Secure Your Virtual Desktop Infrastructure. Optimize your virtual desktop infrastructure for performance and protection
Technology Blueprint Secure Your Virtual Desktop Infrastructure Optimize your virtual desktop infrastructure for performance and protection LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL
More informationUncover security risks on your enterprise network
Uncover security risks on your enterprise network Sign up for Check Point s on-site Security Checkup. About this presentation: The key message of this presentation is that organizations should sign up
More informationCloud Services Prevent Zero-day and Targeted Attacks Tom De Belie Security Engineer. [Restricted] ONLY for designated groups and individuals
Cloud Services Prevent Zero-day and Targeted Attacks Tom De Belie Security Engineer Facts 2 3 WOULD YOU OPEN THIS ATTACHMENT? 4 TARGETED ATTACKS BEGIN WITH ZERO-DAY EXPLOITS 5 Check Point Multi-Layered
More informationHost-based Intrusion Prevention System (HIPS)
Host-based Intrusion Prevention System (HIPS) White Paper Document Version ( esnhips 14.0.0.1) Creation Date: 6 th Feb, 2013 Host-based Intrusion Prevention System (HIPS) Few years back, it was relatively
More informationCisco Advanced Malware Protection for Endpoints
Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview With today s sophisticated malware, you have to protect endpoints before, during, and after attacks. Cisco Advanced Malware Protection
More informationThexyz Premium Webmail
Webmail Access all the benefits of a desktop program without being tied to the desktop. Log into Thexyz Email from your desktop, laptop, or mobile phone, and get instant access to email, calendars, contacts,
More informationNetworking for Caribbean Development
Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n
More informationCisco Advanced Malware Protection. Ross Shehov Security Virtual Systems Engineer March 2016
Cisco Advanced Malware Protection Ross Shehov Security Virtual Systems Engineer March 2016 The Reality Organizations Are Under Attack and Malware Is Getting in 95% of large companies targeted by malicious
More informationAutomating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com
Automating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com A number of devices are running Linux due to its flexibility and open source nature. This has made Linux platform
More informationCheck Point: Sandblast Zero-Day protection
Check Point: Sandblast Zero-Day protection Federico Orlandi Itway Support Engineer 2015 Check Point Software Technologies Ltd. 1 Check Point Threat Prevention SandBlast IPS Antivirus SandBlast stops zero-day
More informationLASTLINE WHITEPAPER. Why Anti-Virus Solutions Based on Static Signatures Are Easy to Evade
LASTLINE WHITEPAPER Why Anti-Virus Solutions Based on Static Signatures Are Easy to Evade Abstract Malicious code is an increasingly important problem that threatens the security of computer systems. The
More informationAnti-Virus Evasion Techniques and Countermeasures
Anti-Virus Evasion Techniques and Countermeasures Author: Debasis Mohanty www.hackingspirits.com Email ID: debasis_mty@yahoo.com mail@hackingspirits.com Table of Contents 1. INTRODUCTION............3 2.
More informationApplication of Data Mining based Malicious Code Detection Techniques for Detecting new Spyware
Application of Data Mining based Malicious Code Detection Techniques for Detecting new Spyware Cumhur Doruk Bozagac Bilkent University, Computer Science and Engineering Department, 06532 Ankara, Turkey
More informationComputer Security DD2395
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh11/ Fall 2011 Sonja Buchegger buc@kth.se Lecture 7 Malicious Software DD2395 Sonja Buchegger 1 Course Admin Lab 2: - prepare
More informationREVOLUTIONIZING ADVANCED THREAT PROTECTION
REVOLUTIONIZING ADVANCED THREAT PROTECTION A NEW, MODERN APPROACH Blue Coat Advanced Threat Protection Group GRANT ASPLUND Senior Technology Evangelist 1 WHY DO I STAND ON MY DESK? "...I stand upon my
More informationAnti-exploit tools: The next wave of enterprise security
Anti-exploit tools: The next wave of enterprise security Intro From malware and ransomware to increasingly common state-sponsored attacks, organizations across industries are struggling to stay ahead of
More information24/7 Visibility into Advanced Malware on Networks and Endpoints
WHITEPAPER DATA SHEET 24/7 Visibility into Advanced Malware on Networks and Endpoints Leveraging threat intelligence to detect malware and exploitable vulnerabilities Oct. 24, 2014 Table of Contents Introduction
More informationHuawei Eudemon200E-N Next-Generation Firewall
Huawei 200E-N Next-Generation Firewall With the popularity of mobile working using smartphones and tablets, mobile apps, Web2.0, and social networking become integral parts of works. This change in IT
More informationMalicious Programs. CEN 448 Security and Internet Protocols Chapter 19 Malicious Software
CEN 448 Security and Internet Protocols Chapter 19 Malicious Software Dr. Mostafa Hassan Dahshan Computer Engineering Department College of Computer and Information Sciences King Saud University mdahshan@ccis.ksu.edu.sa
More informationCryptography and Network Security Chapter 21. Malicious Software. Backdoor or Trapdoor. Logic Bomb 4/19/2010. Chapter 21 Malicious Software
Cryptography and Network Security Chapter 21 Fifth Edition by William Stallings Chapter 21 Malicious Software What is the concept of defense: The parrying of a blow. What is its characteristic feature:
More informationFile Disinfection Framework (FDF) Striking back at polymorphic viruses
File Disinfection Framework (FDF) Striking back at polymorphic viruses 1 CONTENTS Introduction 3 File Disinfection Framework (FDF) 4 Disinfection solution development today 5 Goals 6 Target audience 6
More informationCombating the Next Generation of Advanced Malware
Peter McNaull Director of Technical Marketing WatchGuard Combating the Next Generation of Advanced Malware Surviving APT Attacks Current State of AV Solutions Nearly 88% of malware morphs to evade signature-based
More informationyou us MSSP are a Managed Security Service Provider looking to offer Advanced Malware Protection Services
MSSP you us are a Managed Security Service Provider looking to offer Advanced Malware Protection Services Lastline is the only company with 10+ years of academic research focused on detecting advanced
More informationAdvanced Endpoint Protection Overview
Advanced Endpoint Protection Overview Advanced Endpoint Protection is a solution that prevents Advanced Persistent Threats (APTs) and Zero-Day attacks and enables protection of your endpoints by blocking
More informationHow Lastline Has Better Breach Detection Capabilities. By David Strom December 2014 david@strom.com
How Lastline Has Better Breach Detection Capabilities By David Strom December 2014 david@strom.com The Internet is a nasty place, and getting nastier. Current breach detection products using traditional
More informationTrend Micro Cloud App Security for Office 365. October 27, 2015 Trevor Richmond
Trend Micro Cloud App Security for Office 365 October 27, 2015 Trevor Richmond Too many malware incidents >90% Targeted Attacks Start with Email Attackers: Target specific companies or individuals Research
More informationMcAfee Global Threat Intelligence File Reputation Service. Best Practices Guide for McAfee VirusScan Enterprise Software
McAfee Global Threat Intelligence File Reputation Service Best Practices Guide for McAfee VirusScan Enterprise Software Table of Contents McAfee Global Threat Intelligence File Reputation Service McAfee
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationMalware, Zero Day and Advanced Attack Protection Analysis Zscaler Internet Security and FireEye Web MPS
Malware, Zero Day and Advanced Attack Protection Analysis Zscaler Internet Security and FireEye Web MPS Detailed Lab Testing Report 18 November 2014 Miercom www.miercom.com Contents 1.0 Executive Summary...
More informationWEBSENSE EMAIL SECURITY SOLUTIONS OVERVIEW
WEBSENSE EMAIL SECURITY SOLUTIONS OVERVIEW Challenge The nature of email threats has changed over the past few years. Gone are the days when email security, better known as anti-spam, was primarily tasked
More informationTHE SCRIPTING THREAT GAINING POPULARITY
THE SCRIPTING THREAT GAINING POPULARITY May 2016 By Tamara Leiderfarb Technology Leader Advanced Host Threat Prevention CONTENTS Introduction... 2 Moving to Scripting... 3 File-less Malware... 7 Scripting
More informationAnalyzing HTTP/HTTPS Traffic Logs
Advanced Threat Protection Automatic Traffic Log Analysis APTs, advanced malware and zero-day attacks are designed to evade conventional perimeter security defenses. Today, there is wide agreement that
More informationLASTLINE WHITEPAPER. Using Passive DNS Analysis to Automatically Detect Malicious Domains
LASTLINE WHITEPAPER Using Passive DNS Analysis to Automatically Detect Malicious Domains Abstract The domain name service (DNS) plays an important role in the operation of the Internet, providing a two-way
More informationCisco Advanced Malware Protection
Solution Overview Cisco Advanced Malware Protection Breach Prevention, Detection, Response, and Remediation for the Real World BENEFITS Gain unmatched global threat intelligence to strengthen front-line
More informationDOBUS And SBL Cloud Services Brochure
01347 812100 www.softbox.co.uk DOBUS And SBL Cloud Services Brochure enquiries@softbox.co.uk DOBUS Overview The traditional DOBUS service is a non-internet reliant, resilient, high availability trusted
More informationContent-ID. Content-ID enables customers to apply policies to inspect and control content traversing the network.
Content-ID Content-ID enables customers to apply policies to inspect and control content traversing the network. Malware & Vulnerability Research 0-day Malware and Exploits from WildFire Industry Collaboration
More informationBig Data Analytics in Network Security: Computational Automation of Security Professionals
February 13, 2015 Big Data Analytics in Network Security: Computational Automation of Security Professionals Stratecast Analysis by Frank Dickson Stratecast Perspectives & Insight for Executives (SPIE)
More informationSECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal
WHITE PAPER SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM Why Automated Analysis Tools are not Created Equal SECURITY REIMAGINED CONTENTS Executive Summary...3 Introduction: The Rise
More informationEvolving Threat Landscape
Evolving Threat Landscape Briefing Overview Changing Threat Landscape Profile of the Attack Bit9 Solution Architecture Demonstartion Questions Growing Risks of Advanced Threats APT is on the rise 71% increase
More informationCloud Security Primer MALICIOUS NETWORK COMMUNICATIONS: WHAT ARE YOU OVERLOOKING?
A Cloud Security Primer : WHAT ARE YOU OVERLOOKING? LEGAL DISCLAIMER The information provided herein is for general information and educational purposes only. It is not intended and should not be construed
More informationTop five strategies for combating modern threats Is anti-virus dead?
Top five strategies for combating modern threats Is anti-virus dead? Today s fast, targeted, silent threats take advantage of the open network and new technologies that support an increasingly mobile workforce.
More informationPalo Alto Networks. October 6
Palo Alto Networks October 6 Agenda Malware Trends by the numbers Protect Locally Share Globally Delivery methods 21.5% ~14% OF MALWARE HAS BEEN DELIVERED OVER APPS OTHER THAN WEB AND EMAIL IN 2015 8.2%
More informationANTIVIRUS BEST PRACTICES
ANTIVIRUS BEST PRACTICES Antivirus Best Practices 1. Introduction This guideline covers the basics on Antivirus Software and its best practices. It will help to have an overall understanding of the subject
More informationThe Value of Physical Memory for Incident Response
The Value of Physical Memory for Incident Response MCSI 3604 Fair Oaks Blvd Suite 250 Sacramento, CA 95864 www.mcsi.mantech.com 2003-2015 ManTech Cyber Solutions International, All Rights Reserved. Physical
More informationSecuring the endpoint and your data
#SymVisionEmea #SymVisionEmea Securing the endpoint and your data Piero DePaoli Sr. Director, Product Marketing Marcus Brownell Sr. Regional Product Manager Securing the Endpoint and Your Data 2 Safe harbor
More informationHOW TO PROTECT YOUR VIRTUAL DESKTOPS AND SERVERS? Security for Virtual and Cloud Environments
HOW TO PROTECT YOUR VIRTUAL DESKTOPS AND SERVERS? Security for Virtual and Cloud Environments OVERVIEW This document explains the functionality of Security for Virtual and Cloud Environments (SVCE) - what
More informationCisco Cyber Threat Defense - Visibility and Network Prevention
White Paper Advanced Threat Detection: Gain Network Visibility and Stop Malware What You Will Learn The Cisco Cyber Threat Defense (CTD) solution brings visibility to all the points of your extended network,
More informationPalo Alto Networks Next-Generation Firewall Overview
PALO PALO ALTO ALTO NETWORKS: NETWORKS: Next-Generation Firewall Firewall Feature Feature Overview Overview Palo Alto Networks Next-Generation Firewall Overview Fundamental shifts in application usage,
More informationSpear Phishing Attacks Why They are Successful and How to Stop Them
White Paper Spear Phishing Attacks Why They are Successful and How to Stop Them Combating the Attack of Choice for Cybercriminals White Paper Contents Executive Summary 3 Introduction: The Rise of Spear
More informationDeep Discovery. Technical details
Deep Discovery Technical details Deep Discovery Technologies DETECT Entry point Lateral Movement Exfiltration 360 Approach Network Monitoring Content Inspection Document Emulation Payload Download Behavior
More informationSecurity Camp Conference Fine Art of Balancing Security & Privacy
Security Camp Conference Fine Art of Balancing Security & Privacy Kim Bilderback AT&T Director GovEd Cybersecurity Services kb7459@att.com August 21, 2014 Cybersecurity - The Threats Increase AT&T DDoS
More informationStop advanced targeted attacks, identify high risk users and control Insider Threats
TRITON AP-EMAIL Stop advanced targeted attacks, identify high risk users and control Insider Threats From socially engineered lures to targeted phishing, most large cyberattacks begin with email. As these
More informationWatchGuard Gateway AntiVirus
Gateway AntiVirus WatchGuard Gateway AntiVirus Technical Brief WatchGuard Technologies, Inc. Published: March 2011 Malware Continues to Grow New and ever-changing threats appear with alarming regularity,
More informationCMX: IEEE Clean File Metadata Exchange. Introduction. Mark Kennedy, Symantec Dr. Igor Muttik, McAfee
CMX: IEEE Clean File Metadata Exchange Mark Kennedy, Symantec Dr. Igor Muttik, McAfee Introduction The malware problem is constantly growing in both quantity and complexity. There is even a prediction
More informationPalo Alto Networks Next-generation Firewall Overview
PALO PALO ALTO ALTO NETWORKS: NETWORKS: Next-Generation Firewall Firewall Feature Feature Overview Overview Palo Alto Networks Next-generation Firewall Overview Fundamental shifts in application usage,
More informationUnknown threats in Sweden. Study publication August 27, 2014
Unknown threats in Sweden Study publication August 27, 2014 Executive summary To many international organisations today, cyber attacks are no longer a matter of if but when. Recent cyber breaches at large
More informationDefending Against. Phishing Attacks
Defending Against Today s Targeted Phishing Attacks DeFending Against today s targeted phishing attacks 2 Introduction Is this email a phish or is it legitimate? That s the question that employees and
More informationWhat is Next Generation Endpoint Protection?
What is Next Generation Endpoint Protection?? By now you have probably heard the term Next Generation Endpoint Protection. A slew of companies, startups and incumbents alike, which are using the term to
More informationEnabling Business Beyond the Corporate Network. Secure solutions for mobility, cloud and social media
Enabling Business Beyond the Corporate Network Secure solutions for mobility, cloud and social media 3 Trends Transforming Networks and Security Are you dealing with these challenges? Enterprise networks
More informationSecure Your Mobile Workplace
Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in
More informationCORPORATE AV / EPP COMPARATIVE ANALYSIS
CORPORATE AV / EPP COMPARATIVE ANALYSIS Exploit Evasion Defenses 2013 Randy Abrams, Dipti Ghimire, Joshua Smith Tested Vendors AVG, ESET, F- Secure, Kaspersky, McAfee, Microsoft, Norman, Panda, Sophos,
More informationMalicious Software. Malicious Software. Overview. Backdoor or Trapdoor. Raj Jain. Washington University in St. Louis
Malicious Software Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationENABLING FAST RESPONSES THREAT MONITORING
ENABLING FAST RESPONSES TO Security INCIDENTS WITH THREAT MONITORING Executive Summary As threats evolve and the effectiveness of signaturebased web security declines, IT departments need to play a bigger,
More informationEndpoint protection for physical and virtual desktops
datasheet Trend Micro officescan Endpoint protection for physical and virtual desktops In the bring-your-own-device (BYOD) environment, protecting your endpoints against ever-evolving threats has become
More informationThe Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud
The Advanced Attack Challenge Creating a Government Private Threat Intelligence Cloud The Advanced Attack Challenge One of the most prominent and advanced threats to government networks is advanced delivery
More informationHow To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)
NetDefend Firewall UTM Services Unified Threat Management D-Link NetDefend UTM firewalls (DFL-260/860) integrate an Intrusion Prevention System (IPS), gateway AntiVirus (AV), and Web Content Filtering
More informationWhy Device Fingerprinting Provides Better Network Security than IP Blocking. How to transform the economics of hacking in your favor
Why Device Fingerprinting Provides Better Network Security than IP Blocking How to transform the economics of hacking in your favor Why Device Fingerprinting Provides Better Network Security than IP Blocking
More informationIntrusion Defense Firewall
Intrusion Defense Firewall Available as a Plug-In for OfficeScan 8 Network-Level HIPS at the Endpoint A Trend Micro White Paper October 2008 I. EXECUTIVE SUMMARY Mobile computers that connect directly
More informationPersistence Mechanisms as Indicators of Compromise
Persistence Persistence Mechanisms as Indicators of Compromise An automated technology for identifying cyber attacks designed to survive indefinitely the reboot process on PCs White Paper Date: October
More informationRSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst
ESG Lab Review RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst Abstract: This ESG Lab review documents
More informationESET Security Solutions for Your Business
ESET Security Solutions for Your Business It Is Our Business Protecting Yours For over 20 years, companies large and small have relied on ESET to safeguard their mission-critical infrastructure and keep
More informationLASTLINE WHITEPAPER. The Holy Grail: Automatically Identifying Command and Control Connections from Bot Traffic
LASTLINE WHITEPAPER The Holy Grail: Automatically Identifying Command and Control Connections from Bot Traffic Abstract A distinguishing characteristic of bots is their ability to establish a command and
More informationEXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY
EXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY Dean Frye Sourcefire Session ID: SEC-W05 Session Classification: Intermediate Industrialisation of Threat Factories Goal: Glory,
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationSOLUTION CARD WHITE PAPER
WHITE PAPER Why Education is Among the Worst Affected Industries by Malware The Contradiction Between Perceived Anti-Virus Readiness and Actual Malware Infection Rates in the Education Industry About This
More informationIndex Terms: Smart phones, Malwares, security, permission violation, malware detection, mobile devices, Android, security
Permission Based Malware Detection Approach Using Naive Bayes Classifier Technique For Android Devices. Pranay Kshirsagar, Pramod Mali, Hrishikesh Bidwe. Department Of Information Technology G. S. Moze
More informationRemote Administrator. Overview
Remote Administrator Overview ii Copyright 1997 2006 ESET LLC. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means electronic or mechanical, for any
More informationTrust the Innovator to Simplify Cloud Security
Trust the Innovator to Simplify Cloud Security Contents MailGuard Pty Ltd Page 1 of 7 2 Let s get real for a moment. Your antivirus software isn t stopping fastbreak phishing and other spam attacks like
More informationWhite Paper. Advantage FireEye. Debunking the Myth of Sandbox Security
White Paper Advantage FireEye Debunking the Myth of Sandbox Security White Paper Contents The Myth of Sandbox Security 3 Commercial sandbox evasion 3 Lack of multi-flow analysis and exploit detection 3
More informationoverview Enterprise Security Solutions
Enterprise Security Solutions overview For more than 25 years, Trend Micro has innovated constantly to keep our customers ahead of an ever-evolving IT threat landscape. It s how we got to be the world
More informationKaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking
Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking Today s bank customers can perform most of their financial activities online. According to a global survey
More informationWorld-class security solutions for your business. Business Products. C a t a l o g u e
World-class security solutions for your business Business Products C a t a l o g u e About Kaspersky Lab Kaspersky Lab is the largest developer of secure content management systems in Europe and is among
More informationCIT 480: Securing Computer Systems. Malware
CIT 480: Securing Computer Systems Malware Topics 1. Anti-Virus Software 2. Virus Types 3. Infection Methods 4. Rootkits 5. Malware Analysis 6. Protective Mechanisms 7. Malware Factories 8. Botnets Malware
More information