©2013 bit9. all rights reserved next-generation endpoint and server security real-time monitoring...
TRANSCRIPT
©2013 Bit9. All Rights Reserved
Next-Generation Endpoint and Server SecurityReal-time monitoring andprotection for endpoints and servers
Acceleration of Intellectual Property Loss: Significant Breaches of 2012
Jan Feb Mar Apr May Jun July Aug Sept OctJan Feb Mar Apr May Jun July Aug Sept Oct Nov
NY Times article – posted 2/20/2013
Attackers are shifting to delivering UNKNOWN Malware via FTP and Web Pages (Threatpost.com March 27, 2013 by Christopher Brook)
Palo Alto Networks put out a study recently finding:• Attackers have shifted from email exploits to web-based exploits• Web pages load instantly and can be tweaked on the fly versus waiting for
email attack to work• 94% of undetected malware came from web-browsers or web proxies• 95% of the FTP based exploits were never detected by anti-virus• 97% used non-standard ports to infect systems
Palo Alto recommends the following:• Investigate unknown traffic• Restrict rights to DNS domains• Real-time detection and blocking• More fully deployed antimalware technology
Have Hackers invented something earth shattering?
USA Today on 3/27/13 by Geoff Collins
Hacking is incredibly easy. Survey data consistently shows that 80 to 90 percent of successful breaches of corporate networks required only the most basic techniques. Hacking tools are easily acquired from the Internet, including tools that "crack" passwords in minutes.But consider this: a vast majority of hacks are stunningly simple to deflect with 4 simple steps
president of product management at 1E
So what ARE the four simple measures?
First is "Application white-listing," which allows only authorized software to run on a computer or network. Second is very rapid patching of Operating Systems. Third is very rapid patching of softwareThe fourth is minimizing the number of people on a network who have "administrator" privileges• Can also limit which applications can be installed
Java Problems
Laptops Results
Let’s summarize the threat scape…….
Have the #1 and #2 most vulnerable applications running• Java• Adobe
Access networks and serversLeave the perimeter regularly with no control of usageUse a security tool that looks for known bad and is minimally effective
Threat of stolen IPCredentials takenServers brought off lineWebsites hacked and alteredMalware keeps “coming back”Significant time & money spent on forensicsReimaging of machines due to malwareLoss of productivityBrand tarnishing
IPS/IDS
Off-network
Rogue
employees
USB devices
Hacking
Connected to mobile phone
Fixed-Function
Virtual/Physical Servers
Anti Virus
Anti Virus
Next-Gen Firewall
Network Monitoring
SIEM
Network Analytics
Virtual Detonation
Challenge: Malware Gets on Endpoints and Servers
Phishing
Web drive by
Zero-day
Watering holes
Memory
Malware gets on machines
“…it’s clear that blacklist-based antivirus is fighting a losing battle…”
Forrester ResearchSept 2012
Endpoint and Server Security Network Security
400M+ VariantsDesktops & Laptops
Windows & Mac
Anti Virus
Desktops & Laptops
Fixed-Function
Virtual/Physical Servers
Real-time sensor and recorder Actionable Intelligence for every
endpoint and server Every executable and critical system
resource Results in days or weeks Low user, admin, and system impact
1
2 Real-time enforcement engine Ban software Allow only software you trust to run Highest level of endpoint/server security Implement as quickly as desired
Next-GenerationEndpoint and Server Security Bit9 Solution
Bit9: Next-Generation Endpoint and Server Security
Visibility
Detection
Protection
Forensics
Customer Actions
Customer Benefits
Bit9 Time to Results: Rapid with Low User/Admin Impact
Know what’s running on every computer
right now
Days
Visibility
Deploy Bit9 Sensor/Recorder on Endpoints & Servers
1
Detect advanced threats in real-time without signatures
Detection
“Immediate”
Turn on Bit9 Advanced Threat
Indicators
2
Recorded details about what’s happened on
every endpoint/server
Forensics
“Immediate”
Prioritize and Investigate
Alerts
3
Stop all untrusted software from
executing
As quickly as desired
Protection
Define andApply Trust
Policies
4
Time to Results
Transfer alerts
Submit files automaticallySubmit files on-demand
Incoming files on
network“Detonate” files
for analysis
Next-Generation Network Security
Prioritize network alerts
Investigate scope of the threat
Remediate endpointsand servers
Next-GenerationEndpoint and Server Security
Correlate endpoint/server
and network data
Automatic analysis of all suspicious files
On-demand analysis of suspicious files
Endpoint and server files
How Network Security Enhances Endpoint Security The industry’s first and only network connector
Customer Projects Bit9 Can Help With
Projects Resolution
Advanced threat protection projects Bit9 can stop zero-day attacks and advanced threats
Windows 7/8 roll out Bit9 reduces reimaging costs
Removing admin rights Bit9 increases security without impeding users
Virtualization Bit9 will secure your VDI, virtual servers, or terminal services
FIM for Servers Bit9 ensure no one is tampering with your servers
Compliance Bit9 reduce the operational and cost burden of AV and still be compliant
Incident Response Bit9 can we accelerate your investigation, forensics, and remediation
Real-Time Security
Large Chemical CompanyBit9 on 60,000 endpoints and serversBefore Bit9:• Suspected infections but slow to confirm
After Bit9:• Immediately found Advanced threat on executive’s PC• Executable disguised as PDF• Bit9 confirmed malware was only on one machine• Customer removed malware and remediated threat
CHEMICAL
PROVIDERS
1 of the Top 10
Visibility
Large Oil Manufacturer CompanyBit9 on 10,000 endpoints and serversBefore Bit9:• Unknown existing malware• FireEye Customer
After Bit9:• They integrated Bit9 w/FireEye and found a piece of malware from a FE alert on 3
machines. • With deeper inspection they saw that that malware had dropped another
executable and that malware was on 15 machines. • FE never saw that malware because it didn’t come through the network. All this
happened very quickly due to the real time visibility.
What Makes Bit9 Unique?Next-Generation Endpoint and Server Security
One agent for visibility, detection, forensics, protection
Real-time monitoring and recording of endpoints and servers
On- and off-network protection
Proven reliability and scalability
Bit9 DB
Cross-platform support
Real-time integration with network security
On- and off-network protection
Lowest impact on systems, admins and users
Actionable Intelligence for every endpoint and server
Remote and disconnected users
• Most deployments (1,000)• Windows certified• Largest scalability
Windows and Mac
Faster incident response and remediation
Controls PCI SOX NERC CIP HIPAA FISMA
Protect Sensitive /Critical Data
Protect CC Data
Protect Log Files
Protect Critical
EndpointsProtect PII Protect
Log Files
Control File Assets FIM FIM FIM FIM FIM
Secure Infrastructure – Utilize Anti-Malware
AV on Endpoints
and ServersAV on Servers
AV on Endpoints
and Servers
AV on Endpoints
and ServersAV on Servers
Asset Analysis – Threat and Trust Measure Compliance Risk
Vulnerability Detection
and Ranking
Malicious intentand Malware
Detection
Risk Reporting
and Assessment
Risk Reporting Vulnerability Assessment
Security Policy Enforcement and Audit
Security Policy and
Awareness
Log and Records
Audit and Review
Critical Control and DR
Plan Review
Security Awareness and Data
Privacy Training
Logging and Authorized
Access Tracking
Bit9 Satisfies Many of Your Compliance Needs