malware evolution and endpoint detection and response technology
TRANSCRIPT
![Page 1: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/1.jpg)
Evolution of Malware and the Next Generation Endpoint Protection against Targeted Attacks
![Page 2: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/2.jpg)
02/05/2023Malware Evolution 2
Index1. Malware volume evolution
2. Malware Eras3. Panda Adaptive Defense
1. What is it2. Features & Benefits3. How does it work4. Successs Story
![Page 3: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/3.jpg)
02/05/2023Malware Evolution 3
Malware samples evolution
![Page 4: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/4.jpg)
02/05/2023Malware Evolution 4
Malware volume evolution
![Page 5: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/5.jpg)
02/05/2023Malware Evolution 5
Malware Eras
![Page 6: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/6.jpg)
02/05/2023Malware Evolution 6
1st Era• Very little samples and Malware
families• Virus created for fun, some very
harmful, others harmless, but no ultimate goal
• Slow propagation (months, years) through floppy disks. Some virus are named after the city where it was created or discovered
• All samples are analysed by technicians
• Sample static analysis and disassembling (reversing)
![Page 7: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/7.jpg)
02/05/2023Malware Evolution 7
W32.Kriz Jerusalem
![Page 8: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/8.jpg)
02/05/2023Malware Evolution 8
2nd Era• Volume of samples starts growing
• Internet slowly grows popular, macro viruses appears, mail worm, etc…
• In general terms, low complexity viruses, using social engineering via email, limited distribution, they are not massively distributed
• Heuristic Techniques
• Increased update frequency
![Page 9: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/9.jpg)
02/05/2023Malware Evolution 9
Melissa Happy 99
![Page 10: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/10.jpg)
02/05/2023Malware Evolution 10
3rd Era• Massive worms apparition overloads the
internet• Via mail: I Love You• Via exploits: Blaster, Sasser, SqlSlammer
• Proactive Technologies• Dynamic: Proteus• Static: KRE & Heuristics Machine
Learning• Malware process identification by events
analysis of the process:• Access to mail contact list• Internet connection through non-
standard port• Multiple connections through port 25• Auto run key addition• Web browsers hook
![Page 11: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/11.jpg)
02/05/2023Malware Evolution 11
I love you Blaster
![Page 12: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/12.jpg)
02/05/2023Malware Evolution 12
Sasser
![Page 13: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/13.jpg)
02/05/2023Malware Evolution 13
Static proactive technologies
Response times reduced to 0 detecting unknown malware
Machine Learning algorithms applied to classic classification problems
Ours is ALSO a “class” problem: malware vs goodware.
![Page 14: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/14.jpg)
02/05/2023Malware Evolution 14
4th Era•Hackers switched their profile: the main motivation of malware is now an economic benefit, using bank trojans and phishing attacks.
•Generalization of droppers/downloaders/EK
•The move to Collective Intelligence
•Massive file classification.
•Knowledge is delivered from the cloud
![Page 15: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/15.jpg)
02/05/2023Malware Evolution 15
Banbra Tinba
![Page 16: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/16.jpg)
02/05/2023Malware Evolution 16
El salto a la Inteligencia Colectiva
La entrega del conocimiento desde la nube como alternativa al fichero de firmas.
Escalabilidad de los servicios de entrega de firmas de malware a los clientes mediante la automatización completa de todos los procesos de backend (procesado, clasificación y detección).
![Page 17: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/17.jpg)
02/05/2023Malware Evolution 17
Big Data arrival
Current working set of 12 TB 400K million registries 600 GB of samples per day 400 million samples stored
Innovation: to make viable the data processing derived from Collective Intelligence strategy, applying Big Data technologies.
![Page 18: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/18.jpg)
02/05/2023Malware Evolution 18
5th Era•First massive cyber-attack against a
country, Estonia from Russia. •Anonymous starts a campaign against
several organizations (RIAA, MPAA, SGAE, and others)•Malware professionalization•Use of marketing techniques in spam
campaigns•Country/Time based malware variant
distribution•Ransomware•APTs•Detection by context•Apart from analysing what a process does,
the context of execution is also taken into account…
![Page 19: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/19.jpg)
02/05/2023Malware Evolution 19
Reveton Ransomware
![Page 20: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/20.jpg)
02/05/2023 20Malware Evolution
![Page 21: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/21.jpg)
APTs…
02/05/2023Malware Evolution 21
![Page 22: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/22.jpg)
02/05/2023Malware Evolution 22
- November / December 2013- 40 millions credit/debit cards stolen- Attack made through the A/C
maintenance company- POS
- Unknown author- Information deletion- TB of information stolen
Sony Pictures computer system down after reported hackHackers threaten to release 'secrets' onto web
![Page 23: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/23.jpg)
02/05/2023 23Malware Evolution
Carbanak- Year 2013/2014
- 100 affected entities
- Countries affected: Russia, Ukraine, USA, Germany, China
- ATMs: 7.300.000 US$
- Transfer: 10.000.000 US$
- Total estimated: 1.000.000.000 US$
![Page 24: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/24.jpg)
02/05/2023Adaptive Defense 24
What is Panda Adaptive Defense?The Next Generation Endpoint Protection
![Page 25: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/25.jpg)
02/05/2023Adaptive Defense 25
Panda Adaptive Defense is a new security model which can guarantee complete protection for devices and servers by classifying 100% of the processes running on every computer throughout the organization and monitoring and controlling their behavior.
More than 1.2 billion applications already classified.
Adaptive Defense new version (1.5) also includes AV engine, adding the disinfection capability. Adaptive Defense could even replace the company antivirus.
RESPONSE… and forensic information to analyze each attempted attack in detail
VISIBILITY… and traceability of each action taken by the
applications running on a system
PREVENTION… and blockage of applications
and isolation of systems to prevent future attacks
DETECTION… and blockage
of Zero-day and targeted
attacks in real-time without the need for
signature files
![Page 26: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/26.jpg)
02/05/2023Adaptive Defense 26
Features and benefits
![Page 27: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/27.jpg)
Daily and on-demand reports
Simple, centralized administration from a Web console
Better service, simpler management
Detailed and configurable monitoring of running applications
Protection of vulnerable systems
Protection of intellectual assets against targeted attacks
Forensic report
Protection
ProductivityIdentification and blocking of unauthorized programs
Light, easy-to-deploy solution
Management
![Page 28: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/28.jpg)
Key Differentiators- Categorizes all running processes on the endpoint minimizing risk of unknown malware: Continuous monitoring and attestation of all processes fills the detection gap of AV products.- Automated investigation of events significantly reduces manual intervention by the security team: Machine learning and collective intelligence in the cloud definitively identifies goodware & blocks malware.- Integrated remediation of identified malware: Instant access to real time and historical data provides full visibility into the timeline of malicious endpoint activity.- Minimal endpoint performance impact (<3%)02/05/2023Adaptive Defense 28
![Page 29: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/29.jpg)
02/05/2023Adaptive Defense 29
New malware detection capability* Traditional Antivirus (25)
Standard Model Extended ModelNew malware blocked during the first 24 hours 82% 98,8% 100%New malware blocked during the first 7 days 93% 100% 100%New malware blocked during the first 3 months 98% 100% 100%% detections by Adaptive Defense detected by no other antivirus 3,30%Suspicious detections YES NO (no uncertainty)
File Classification Universal Agent**
Files classified automatically 60,25% 99,56%Classification certainty level 99,928% 99,9991%
< 1 error / 100.000 files
* Viruses, Trojans, spyware and ransomware received in our Collective Intelligence platform. Hacking tools, PUPS and cookies were not included in this study.
Adaptive Defense vs Traditional Antivirus
** Universal Agent technology is included as endpoint protection in all Panda Security solutions
![Page 30: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/30.jpg)
02/05/2023Adaptive Defense 30
Adaptive Defense vs Other Approaches
AV vendors WL vendors* New ATD vendors**
Detection gapDo not classify all applications Management of WLs required Not all infection vectors covered
(i.e. USB drives)
No transparent to end-users and admin (false positives, quarantine administration,… ) Complex deployments required Monitoring sandboxes is not as effective as
monitoring real environments
Expensive work overhead involved ATD vendors do not prevent/block attacks
* WL=Whitelisting. Bit9, Lumension, etc ** ATD= Advanced Threat Defense. FireEye, Palo Alto, Sourcefire, etc
![Page 31: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/31.jpg)
02/05/2023Adaptive Defense 31
How does Adaptive Defense work?
![Page 32: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/32.jpg)
A brand-new three phased cloud-based security model
02/05/2023Adaptive Defense 32
1st Phase: Comprehensive monitoring of all
the actions triggered by programs on endpoints
2nd Phase: Analysis and correlation of
all actions monitored on customers' systems thanks to Data Mining and Big Data
Analytics techniques
3rd Phase: Endpoint hardening &
enforcement: Blocking of all suspicious or dangerous
processes, with notifications to alert network administrators
![Page 33: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/33.jpg)
02/05/2023Adaptive Defense 33
Panda Adaptive Defense Architecture
![Page 34: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/34.jpg)
02/05/2023Adaptive Defense 34
Success Story
![Page 35: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/35.jpg)
Adaptive Defense in figures
+1,2 billion applications already categorized
+100 deployments. Malware detected in 100% of scenarios
+100,000 endpoints and servers protected
+200,000 security breaches mitigated in the past year
+230,000 hours of IT resources saved estimated cost reduction of 14,2M€
Lest’s see an example…
02/05/2023Adaptive Defense 35
![Page 36: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/36.jpg)
02/05/2023Adaptive Defense 36
Scenario Description
Concept Value
PoC length 60 days
Machines currently monitored +/- 690
Machines with malware 73
Machines with malware executed 15
Machines with PUP found 91
Executed PUP files 13
Executed files classified 27.942
Concept Value
Malware blocked 160
PUP blocked 623
TOTAL threats mitigated 783
![Page 37: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/37.jpg)
02/05/2023Adaptive Defense 37
Software vendor distribution over 100% of executable files
![Page 38: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/38.jpg)
02/05/2023Adaptive Defense 38
Skillbrains Igor Pavilov
![Page 39: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/39.jpg)
02/05/2023Adaptive Defense 39
Sandboxie Holdings LLC
Eolsoft
![Page 40: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/40.jpg)
02/05/2023Adaptive Defense 40
Opera SoftwareDropbox Inc.
![Page 41: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/41.jpg)
02/05/2023Adaptive Defense 41
Vulnerable applicationsVulnerable applications activity:
- … - (22 vulnerable applications in ALL seats = 2074)
Vulnerable applications inventory:- Excel v14.0.7 - v15.0 (279)
- Firefox v34.0 - v36 (178)
- Java v6 – v7 (80)
![Page 42: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/42.jpg)
02/05/2023Adaptive Defense 42
Top Malware
![Page 43: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/43.jpg)
02/05/2023Adaptive Defense 43
Top Malware
![Page 44: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/44.jpg)
02/05/2023Adaptive Defense 44
PUP (Spigot)
![Page 45: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/45.jpg)
02/05/2023Adaptive Defense 45
Potentially confidential information extraction
![Page 46: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/46.jpg)
02/05/2023Adaptive Defense 46
+
![Page 47: Malware evolution and Endpoint Detection and Response Technology](https://reader035.vdocument.in/reader035/viewer/2022062900/58ec9ee71a28ab754e8b46d9/html5/thumbnails/47.jpg)
Thank you