Defeat Tomorrows Threats Today Problems Evolving threat landscape
Defeat Tomorrow’s Threats Today
Problems • Evolving threat landscape • Traditional security detection easy to defeat • Lack of enterprise incident response tools
Endpoint Automation Physical Memory Forensics Code Reverse Engineering Digital DNA (Behavioral Analysis)
Digital DNA • Automated malware detection • Digital object classification system • 5000 software and malware behavioral traits • Example – Huge number of key logger variants in the wild – About 10 logical ways to build a key logger
Digital DNA Ranking Software Modules by Threat Severity 0 B 8 A C 2 05 0 F 51 03 0 F 64 27 27 7 B ED 06 19 42 00 C 2 02 21 3 D 00 63 02 21 8 A C 2 0 F 51 0 F 64 Software Behavioral Traits
Under the Hood These images show the volume of decompiled information produced by the DDNA engine. Both malware use stealth to hide on the system. To DDNA, they read like an open book.
ZERO KNOWLEDGE DETECTION RATE Efficacy Curve Efficacy is rising DDNA ) ot (> 80% n n a th re o m g Detecting ver y little Signatures And scaling is sue getting w orse
Traditional Incident Response, Memory Forensics, and Malware Analysis are Difficult • Requires lots of technical expertise • Time consuming • Expensive • Doesn’t scale
Responder Professional
HBGary’s Approach Scan all endpoints Digital DNA Sort into buckets Responder Pro Queries IOC query database constantly getting smarter Look at closer Infected Remediation IOC queries CLEAN Ongoing Remission Detection
Demo
- Slides: 11
