SlideShare a Scribd company logo

Malware evolution and Endpoint Detection and Response Technology

Download as PPTX, PDF
A
Adrian Guthrie

As Malware evolves into targeted Advance Persistent Threat the response has to be layered, proactive response, and highly visible Automated Prevention- Block Malware and exploits prevent future attacks Automated Detection- Targeted and Zero-day attacks are block in real time without signature files. Automated Forensic- Forensic information for in-dept analysis of every attempted attack Automated remediation- Automated malware removal to reduce burden on administrator. All made possible by big data analytic and collective intelligence

Software
1 of 47
Evolution of Malware and the Next Generation Endpoint Protection against Targeted Attacks
17/06/2016Malware Evolution 2 Index 1. Malware volume evolution 2. Malware Eras 3. Panda Adaptive Defense 1. What is it 2. Features & Benefits 3. How does it work 4. Successs Story
17/06/2016Malware Evolution 3 Malware samples evolution
Malware volume evolution 17/06/2016Malware Evolution 4
17/06/2016Malware Evolution 5 Malware Eras
1st Era • Very little samples and Malware families • Virus created for fun, some very harmful, others harmless, but no ultimate goal • Slow propagation (months, years) through floppy disks. Some virus are named after the city where it was created or discovered • All samples are analysed by technicians • Sample static analysis and disassembling (reversing) 17/06/2016Malware Evolution 6
17/06/2016Malware Evolution 7 W32.Kriz Jerusalem
2nd Era • Volume of samples starts growing • Internet slowly grows popular, macro viruses appears, mail worm, etc… • In general terms, low complexity viruses, using social engineering via email, limited distribution, they are not massively distributed • Heuristic Techniques • Increased update frequency 17/06/2016Malware Evolution 8
17/06/2016Malware Evolution 9 Melissa Happy 99
3rd Era • Massive worms apparition overloads the internet • Via mail: I Love You • Via exploits: Blaster, Sasser, SqlSlammer • Proactive Technologies • Dynamic: Proteus • Static: KRE & Heuristics Machine Learning • Malware process identification by events analysis of the process: • Access to mail contact list • Internet connection through non-standard port • Multiple connections through port 25 • Auto run key addition • Web browsers hook 17/06/2016Malware Evolution 10
17/06/2016Malware Evolution 11 I love you Blaster
Sasser 17/06/2016Malware Evolution 12
Static proactive technologies Response times reduced to 0 detecting unknown malware Machine Learning algorithms applied to classic classification problems Ours is ALSO a “class” problem: malware vs goodware. 17/06/2016Malware Evolution 13
4th Era • Hackers switched their profile: the main motivation of malware is now an economic benefit, using bank trojans and phishing attacks. • Generalization of droppers/downloaders/EK • The move to Collective Intelligence • Massive file classification. • Knowledge is delivered from the cloud 17/06/2016Malware Evolution 14
17/06/2016Malware Evolution 15 Banbra Tinba
17/06/2016Malware Evolution 16 El salto a la Inteligencia Colectiva La entrega del conocimiento desde la nube como alternativa al fichero de firmas. Escalabilidad de los servicios de entrega de firmas de malware a los clientes mediante la automatización completa de todos los procesos de backend (procesado, clasificación y detección).
Big Data arrival  Current working set of 12 TB  400K million registries  600 GB of samples per day  400 million samples stored Innovation: to make viable the data processing derived from Collective Intelligence strategy, applying Big Data technologies. 17/06/2016Malware Evolution 17
5th Era • First massive cyber-attack against a country, Estonia from Russia. • Anonymous starts a campaign against several organizations (RIAA, MPAA, SGAE, and others) • Malware professionalization • Use of marketing techniques in spam campaigns • Country/Time based malware variant distribution • Ransomware • APTs • Detection by context • Apart from analysing what a process does, the context of execution is also taken into account… 17/06/2016Malware Evolution 18
17/06/2016Malware Evolution 19 Reveton Ransomware
17/06/2016Malware Evolution 20
APTs… 17/06/2016Malware Evolution 21
17/06/2016Malware Evolution 22 - November / December 2013 - 40 millions credit/debit cards stolen - Attack made through the A/C maintenance company - POS - Unknown author - Information deletion - TB of information stolen Sony Pictures computer system down after reported hack Hackers threaten to release 'secrets' onto web
17/06/2016Malware Evolution 23 Carbanak - Year 2013/2014 - 100 affected entities - Countries affected: Russia, Ukraine, USA, Germany, China - ATMs: 7.300.000 US$ - Transfer: 10.000.000 US$ - Total estimated: 1.000.000.000 US$
17/06/2016Adaptive Defense 24 What is Panda Adaptive Defense? The Next Generation Endpoint Protection
17/06/2016Adaptive Defense 25 Panda Adaptive Defense is a new security model which can guarantee complete protection for devices and servers by classifying 100% of the processes running on every computer throughout the organization and monitoring and controlling their behavior. More than 1.2 billion applications already classified. Adaptive Defense new version (1.5) also includes AV engine, adding the disinfection capability. Adaptive Defense could even replace the company antivirus. RESPONSE … and forensic information to analyze each attempted attack in detail VISIBILITY… and traceability of each action taken by the applications running on a system PREVENTION… and blockage of applications and isolation of systems to prevent future attacks DETECTION… and blockage of Zero-day and targeted attacks in real-time without the need for signature files
17/06/2016Adaptive Defense 26 Features and benefits
Daily and on-demand reports Simple, centralized administration from a Web console Better service, simpler management Detailed and configurable monitoring of running applications Protection of vulnerable systems Protection of intellectual assets against targeted attacks Forensic report Protection Productivity Identification and blocking of unauthorized programs Light, easy-to-deploy solution Management
Key Differentiators - Categorizes all running processes on the endpoint minimizing risk of unknown malware: Continuous monitoring and attestation of all processes fills the detection gap of AV products. - Automated investigation of events significantly reduces manual intervention by the security team: Machine learning and collective intelligence in the cloud definitively identifies goodware & blocks malware. - Integrated remediation of identified malware: Instant access to real time and historical data provides full visibility into the timeline of malicious endpoint activity. - Minimal endpoint performance impact (<3%) 17/06/2016Adaptive Defense 28
17/06/2016Adaptive Defense 29 New malware detection capability* Traditional Antivirus (25) Standard Model Extended Model New malware blocked during the first 24 hours 82% 98,8% 100% New malware blocked during the first 7 days 93% 100% 100% New malware blocked during the first 3 months 98% 100% 100% % detections by Adaptive Defense detected by no other antivirus 3,30% Suspicious detections YES NO (no uncertainty) File Classification Universal Agent** Files classified automatically 60,25% 99,56% Classification certainty level 99,928% 99,9991% < 1 error / 100.000 files * Viruses, Trojans, spyware and ransomware received in our Collective Intelligence platform. Hacking tools, PUPS and cookies were not included in this study. Adaptive Defense vs Traditional Antivirus ** Universal Agent technology is included as endpoint protection in all Panda Security solutions
17/06/2016Adaptive Defense 30 Adaptive Defense vs Other Approaches AV vendors WL vendors* New ATD vendors** Detection gap Do not classify all applications Management of WLs required Not all infection vectors covered (i.e. USB drives) No transparent to end-users and admin (false positives, quarantine administration,… ) Complex deployments required Monitoring sandboxes is not as effective as monitoring real environments Expensive work overhead involved ATD vendors do not prevent/block attacks * WL=Whitelisting. Bit9, Lumension, etc ** ATD= Advanced Threat Defense. FireEye, Palo Alto, Sourcefire, etc
17/06/2016Adaptive Defense 31 How does Adaptive Defense work?
A brand-new three phased cloud-based security model 17/06/2016Adaptive Defense 32 1st Phase: Comprehensive monitoring of all the actions triggered by programs on endpoints 2nd Phase: Analysis and correlation of all actions monitored on customers' systems thanks to Data Mining and Big Data Analytics techniques 3rd Phase: Endpoint hardening & enforcement: Blocking of all suspicious or dangerous processes, with notifications to alert network administrators
17/06/2016Adaptive Defense 33 Panda Adaptive Defense Architecture
17/06/2016Adaptive Defense 34 Success Story
Adaptive Defense in figures +1,2 billion applications already categorized +100 deployments. Malware detected in 100% of scenarios +100,000 endpoints and servers protected +200,000 security breaches mitigated in the past year +230,000 hours of IT resources saved  estimated cost reduction of 14,2M€ Lest’s see an example… 17/06/2016Adaptive Defense 35
17/06/2016Adaptive Defense 36 Scenario Description Concept Value PoC length 60 days Machines currently monitored +/- 690 Machines with malware 73 Machines with malware executed 15 Machines with PUP found 91 Executed PUP files 13 Executed files classified 27.942 Concept Value Malware blocked 160 PUP blocked 623 TOTAL threats mitigated 783
17/06/2016Adaptive Defense 37 Software vendor distribution over 100% of executable files
17/06/2016Adaptive Defense 38 Skillbrains Igor Pavilov
17/06/2016Adaptive Defense 39 Sandboxie Holdings LLC Eolsoft
17/06/2016Adaptive Defense 40 Opera SoftwareDropbox Inc.
17/06/2016Adaptive Defense 41 Vulnerable applications Vulnerable applications activity: - … - (22 vulnerable applications in ALL seats = 2074) Vulnerable applications inventory: - Excel v14.0.7 - v15.0 (279) - Firefox v34.0 - v36 (178) - Java v6 – v7 (80)
17/06/2016Adaptive Defense 42 Top Malware
17/06/2016Adaptive Defense 43 Top Malware
17/06/2016Adaptive Defense 44 PUP (Spigot)
17/06/2016Adaptive Defense 45 Potentially confidential information extraction
17/06/2016Adaptive Defense 46 +
Thank you

Recommended

What Is Next-Generation Endpoint Security and Why Do You Need It?
What Is Next-Generation Endpoint Security and Why Do You Need It?What Is Next-Generation Endpoint Security and Why Do You Need It?
What Is Next-Generation Endpoint Security and Why Do You Need It?
Priyanka Aash
 
Panda Security - Adaptive Defense
Panda Security - Adaptive DefensePanda Security - Adaptive Defense
Panda Security - Adaptive Defense
Panda Security
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
Kaspersky
 
Redefining Endpoint Security
Redefining Endpoint SecurityRedefining Endpoint Security
Redefining Endpoint Security
Burak DAYIOGLU
 
Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360
Panda Security
 
NextGen Endpoint Security for Dummies
NextGen Endpoint Security for DummiesNextGen Endpoint Security for Dummies
NextGen Endpoint Security for Dummies
Atif Ghauri
 
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat ProtectionSymantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
infoLock Technologies
 
What’s the State of Your Endpoint Security?
What’s the State of Your Endpoint Security?What’s the State of Your Endpoint Security?
What’s the State of Your Endpoint Security?
IBM Security
 

Recommended

What Is Next-Generation Endpoint Security and Why Do You Need It?
What Is Next-Generation Endpoint Security and Why Do You Need It?What Is Next-Generation Endpoint Security and Why Do You Need It?
What Is Next-Generation Endpoint Security and Why Do You Need It?
Priyanka Aash
 
Panda Security - Adaptive Defense
Panda Security - Adaptive DefensePanda Security - Adaptive Defense
Panda Security - Adaptive Defense
Panda Security
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
Kaspersky
 
Redefining Endpoint Security
Redefining Endpoint SecurityRedefining Endpoint Security
Redefining Endpoint Security
Burak DAYIOGLU
 
Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360
Panda Security
 
NextGen Endpoint Security for Dummies
NextGen Endpoint Security for DummiesNextGen Endpoint Security for Dummies
NextGen Endpoint Security for Dummies
Atif Ghauri
 
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat ProtectionSymantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
infoLock Technologies
 
What’s the State of Your Endpoint Security?
What’s the State of Your Endpoint Security?What’s the State of Your Endpoint Security?
What’s the State of Your Endpoint Security?
IBM Security
 
Detect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersDetect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange Partners
IBM Security
 
Panda Security - Endpoint Protection
Panda Security - Endpoint ProtectionPanda Security - Endpoint Protection
Panda Security - Endpoint Protection
Panda Security
 
What is Next-Generation Antivirus?
What is Next-Generation Antivirus?What is Next-Generation Antivirus?
What is Next-Generation Antivirus?
Ryan G. Murphy
 
IBM Security QFlow & Vflow
IBM Security QFlow & VflowIBM Security QFlow & Vflow
IBM Security QFlow & Vflow
Camilo Fandiño Gómez
 
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationIntegrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Priyanka Aash
 
IDC Security 2014, Endpoint Security in Depth
IDC Security 2014, Endpoint Security in DepthIDC Security 2014, Endpoint Security in Depth
IDC Security 2014, Endpoint Security in Depth
Ken Tulegenov
 
The Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch SystemThe Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch System
Lancope, Inc.
 
20 Security Controls for the Cloud
20 Security Controls for the Cloud20 Security Controls for the Cloud
20 Security Controls for the Cloud
NetStandard
 
Maturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsMaturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key Considerations
Sirius
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controls
AlienVault
 
Panda Adaptive Defense - The evolution of malware
Panda Adaptive Defense - The evolution of malwarePanda Adaptive Defense - The evolution of malware
Panda Adaptive Defense - The evolution of malware
Panda Security
 
Evidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsEvidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five Controls
Priyanka Aash
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
IBM Security
 
Is Antivirus (AV) Dead or Just Missing in Action
Is Antivirus (AV) Dead or Just Missing in Action Is Antivirus (AV) Dead or Just Missing in Action
Is Antivirus (AV) Dead or Just Missing in Action
Quick Heal Technologies Ltd.
 
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
Risk Analysis Consultants, s.r.o.
 
SACON16 - SOC Architecture
SACON16 - SOC ArchitectureSACON16 - SOC Architecture
SACON16 - SOC Architecture
Shomiron Das Gupta
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
Priyanka Aash
 
The road towards better automotive cybersecurity
The road towards better automotive cybersecurityThe road towards better automotive cybersecurity
The road towards better automotive cybersecurity
Rogue Wave Software
 
SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOC
Priyanka Aash
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
Priyanka Aash
 
Security O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionSecurity O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat Protection
Bitglass
 
IMPAKT: Verdediging aangaan t.o.v. (on)bekende ransomware:
IMPAKT: Verdediging aangaan t.o.v. (on)bekende ransomware:IMPAKT: Verdediging aangaan t.o.v. (on)bekende ransomware:
IMPAKT: Verdediging aangaan t.o.v. (on)bekende ransomware:
Nancy Nimmegeers
 

More Related Content

What's hot

Detect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersDetect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange Partners
IBM Security
 
The Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch SystemThe Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch System
Lancope, Inc.
 
Maturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsMaturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key Considerations
Sirius
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
IBM Security
 
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
Risk Analysis Consultants, s.r.o.
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
Priyanka Aash
 
The road towards better automotive cybersecurity
The road towards better automotive cybersecurityThe road towards better automotive cybersecurity
The road towards better automotive cybersecurity
Rogue Wave Software
 

What's hot (20)

Detect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersDetect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange Partners
 
Panda Security - Endpoint Protection
Panda Security - Endpoint ProtectionPanda Security - Endpoint Protection
Panda Security - Endpoint Protection
 
What is Next-Generation Antivirus?
What is Next-Generation Antivirus?What is Next-Generation Antivirus?
What is Next-Generation Antivirus?
 
IBM Security QFlow & Vflow
IBM Security QFlow & VflowIBM Security QFlow & Vflow
IBM Security QFlow & Vflow
 
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationIntegrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
 
IDC Security 2014, Endpoint Security in Depth
IDC Security 2014, Endpoint Security in DepthIDC Security 2014, Endpoint Security in Depth
IDC Security 2014, Endpoint Security in Depth
 
The Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch SystemThe Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch System
 
20 Security Controls for the Cloud
20 Security Controls for the Cloud20 Security Controls for the Cloud
20 Security Controls for the Cloud
 
Maturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsMaturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key Considerations
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controls
 
Panda Adaptive Defense - The evolution of malware
Panda Adaptive Defense - The evolution of malwarePanda Adaptive Defense - The evolution of malware
Panda Adaptive Defense - The evolution of malware
 
Evidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsEvidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five Controls
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
 
Is Antivirus (AV) Dead or Just Missing in Action
Is Antivirus (AV) Dead or Just Missing in Action Is Antivirus (AV) Dead or Just Missing in Action
Is Antivirus (AV) Dead or Just Missing in Action
 
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
 
SACON16 - SOC Architecture
SACON16 - SOC ArchitectureSACON16 - SOC Architecture
SACON16 - SOC Architecture
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
 
The road towards better automotive cybersecurity
The road towards better automotive cybersecurityThe road towards better automotive cybersecurity
The road towards better automotive cybersecurity
 
SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOC
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
 

Similar to Malware evolution and Endpoint Detection and Response Technology

Security O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionSecurity O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat Protection
Bitglass
 
Integrated Feature Extraction Approach Towards Detection of Polymorphic Malwa...
Integrated Feature Extraction Approach Towards Detection of Polymorphic Malwa...Integrated Feature Extraction Approach Towards Detection of Polymorphic Malwa...
Integrated Feature Extraction Approach Towards Detection of Polymorphic Malwa...
CSCJournals
 

Similar to Malware evolution and Endpoint Detection and Response Technology (20)

Security O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionSecurity O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat Protection
 
IMPAKT: Verdediging aangaan t.o.v. (on)bekende ransomware:
IMPAKT: Verdediging aangaan t.o.v. (on)bekende ransomware:IMPAKT: Verdediging aangaan t.o.v. (on)bekende ransomware:
IMPAKT: Verdediging aangaan t.o.v. (on)bekende ransomware:
 
Failed Ransom: How IBM XGS Defeated Ransomware
Failed Ransom: How IBM XGS Defeated RansomwareFailed Ransom: How IBM XGS Defeated Ransomware
Failed Ransom: How IBM XGS Defeated Ransomware
 
2016 Trends in Security
2016 Trends in Security 2016 Trends in Security
2016 Trends in Security
 
En msft-scrty-cntnt-e book-cybersecurity
En msft-scrty-cntnt-e book-cybersecurityEn msft-scrty-cntnt-e book-cybersecurity
En msft-scrty-cntnt-e book-cybersecurity
 
Cisco 2018, Annual Cybersecurity Report
Cisco 2018, Annual Cybersecurity ReportCisco 2018, Annual Cybersecurity Report
Cisco 2018, Annual Cybersecurity Report
 
All your files now belong to us
All your files now belong to usAll your files now belong to us
All your files now belong to us
 
McAfee Labs 2017 Threats Predictions
McAfee Labs 2017 Threats PredictionsMcAfee Labs 2017 Threats Predictions
McAfee Labs 2017 Threats Predictions
 
Kaspersky North American Virus Analyst Summit
Kaspersky North American Virus Analyst SummitKaspersky North American Virus Analyst Summit
Kaspersky North American Virus Analyst Summit
 
Insecure magazine - 52
Insecure magazine - 52Insecure magazine - 52
Insecure magazine - 52
 
Cisco asr-2016-160121231711
Cisco asr-2016-160121231711Cisco asr-2016-160121231711
Cisco asr-2016-160121231711
 
Cisco Annual Security Report
Cisco Annual Security ReportCisco Annual Security Report
Cisco Annual Security Report
 
Cisco 2016 Annual Security Report
Cisco 2016 Annual Security ReportCisco 2016 Annual Security Report
Cisco 2016 Annual Security Report
 
Cisco Annual Security Report 2016
Cisco Annual Security Report 2016Cisco Annual Security Report 2016
Cisco Annual Security Report 2016
 
Cisco 2016 Security Report
Cisco 2016 Security Report Cisco 2016 Security Report
Cisco 2016 Security Report
 
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
 
Advanced Endpoint Protection
Advanced Endpoint ProtectionAdvanced Endpoint Protection
Advanced Endpoint Protection
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat Intelligence
 
Cisco 2015 Midyear Security Report Slide Deck
Cisco 2015 Midyear Security Report Slide DeckCisco 2015 Midyear Security Report Slide Deck
Cisco 2015 Midyear Security Report Slide Deck
 
Integrated Feature Extraction Approach Towards Detection of Polymorphic Malwa...
Integrated Feature Extraction Approach Towards Detection of Polymorphic Malwa...Integrated Feature Extraction Approach Towards Detection of Polymorphic Malwa...
Integrated Feature Extraction Approach Towards Detection of Polymorphic Malwa...
 

Recently uploaded

%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
masabamasaba
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
masabamasaba
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
masabamasaba
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
Juha-Pekka Tolvanen
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
panagenda
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
 

Recently uploaded (20)

%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
 

Malware evolution and Endpoint Detection and Response Technology

  • 1. Evolution of Malware and the Next Generation Endpoint Protection against Targeted Attacks
  • 2. 17/06/2016Malware Evolution 2 Index 1. Malware volume evolution 2. Malware Eras 3. Panda Adaptive Defense 1. What is it 2. Features & Benefits 3. How does it work 4. Successs Story
  • 6. 1st Era • Very little samples and Malware families • Virus created for fun, some very harmful, others harmless, but no ultimate goal • Slow propagation (months, years) through floppy disks. Some virus are named after the city where it was created or discovered • All samples are analysed by technicians • Sample static analysis and disassembling (reversing) 17/06/2016Malware Evolution 6
  • 8. 2nd Era • Volume of samples starts growing • Internet slowly grows popular, macro viruses appears, mail worm, etc… • In general terms, low complexity viruses, using social engineering via email, limited distribution, they are not massively distributed • Heuristic Techniques • Increased update frequency 17/06/2016Malware Evolution 8
  • 10. 3rd Era • Massive worms apparition overloads the internet • Via mail: I Love You • Via exploits: Blaster, Sasser, SqlSlammer • Proactive Technologies • Dynamic: Proteus • Static: KRE & Heuristics Machine Learning • Malware process identification by events analysis of the process: • Access to mail contact list • Internet connection through non-standard port • Multiple connections through port 25 • Auto run key addition • Web browsers hook 17/06/2016Malware Evolution 10
  • 13. Static proactive technologies Response times reduced to 0 detecting unknown malware Machine Learning algorithms applied to classic classification problems Ours is ALSO a “class” problem: malware vs goodware. 17/06/2016Malware Evolution 13
  • 14. 4th Era • Hackers switched their profile: the main motivation of malware is now an economic benefit, using bank trojans and phishing attacks. • Generalization of droppers/downloaders/EK • The move to Collective Intelligence • Massive file classification. • Knowledge is delivered from the cloud 17/06/2016Malware Evolution 14
  • 16. 17/06/2016Malware Evolution 16 El salto a la Inteligencia Colectiva La entrega del conocimiento desde la nube como alternativa al fichero de firmas. Escalabilidad de los servicios de entrega de firmas de malware a los clientes mediante la automatización completa de todos los procesos de backend (procesado, clasificación y detección).
  • 17. Big Data arrival  Current working set of 12 TB  400K million registries  600 GB of samples per day  400 million samples stored Innovation: to make viable the data processing derived from Collective Intelligence strategy, applying Big Data technologies. 17/06/2016Malware Evolution 17
  • 18. 5th Era • First massive cyber-attack against a country, Estonia from Russia. • Anonymous starts a campaign against several organizations (RIAA, MPAA, SGAE, and others) • Malware professionalization • Use of marketing techniques in spam campaigns • Country/Time based malware variant distribution • Ransomware • APTs • Detection by context • Apart from analysing what a process does, the context of execution is also taken into account… 17/06/2016Malware Evolution 18
  • 22. 17/06/2016Malware Evolution 22 - November / December 2013 - 40 millions credit/debit cards stolen - Attack made through the A/C maintenance company - POS - Unknown author - Information deletion - TB of information stolen Sony Pictures computer system down after reported hack Hackers threaten to release 'secrets' onto web
  • 23. 17/06/2016Malware Evolution 23 Carbanak - Year 2013/2014 - 100 affected entities - Countries affected: Russia, Ukraine, USA, Germany, China - ATMs: 7.300.000 US$ - Transfer: 10.000.000 US$ - Total estimated: 1.000.000.000 US$
  • 24. 17/06/2016Adaptive Defense 24 What is Panda Adaptive Defense? The Next Generation Endpoint Protection
  • 25. 17/06/2016Adaptive Defense 25 Panda Adaptive Defense is a new security model which can guarantee complete protection for devices and servers by classifying 100% of the processes running on every computer throughout the organization and monitoring and controlling their behavior. More than 1.2 billion applications already classified. Adaptive Defense new version (1.5) also includes AV engine, adding the disinfection capability. Adaptive Defense could even replace the company antivirus. RESPONSE … and forensic information to analyze each attempted attack in detail VISIBILITY… and traceability of each action taken by the applications running on a system PREVENTION… and blockage of applications and isolation of systems to prevent future attacks DETECTION… and blockage of Zero-day and targeted attacks in real-time without the need for signature files
  • 27. Daily and on-demand reports Simple, centralized administration from a Web console Better service, simpler management Detailed and configurable monitoring of running applications Protection of vulnerable systems Protection of intellectual assets against targeted attacks Forensic report Protection Productivity Identification and blocking of unauthorized programs Light, easy-to-deploy solution Management
  • 28. Key Differentiators - Categorizes all running processes on the endpoint minimizing risk of unknown malware: Continuous monitoring and attestation of all processes fills the detection gap of AV products. - Automated investigation of events significantly reduces manual intervention by the security team: Machine learning and collective intelligence in the cloud definitively identifies goodware & blocks malware. - Integrated remediation of identified malware: Instant access to real time and historical data provides full visibility into the timeline of malicious endpoint activity. - Minimal endpoint performance impact (<3%) 17/06/2016Adaptive Defense 28
  • 29. 17/06/2016Adaptive Defense 29 New malware detection capability* Traditional Antivirus (25) Standard Model Extended Model New malware blocked during the first 24 hours 82% 98,8% 100% New malware blocked during the first 7 days 93% 100% 100% New malware blocked during the first 3 months 98% 100% 100% % detections by Adaptive Defense detected by no other antivirus 3,30% Suspicious detections YES NO (no uncertainty) File Classification Universal Agent** Files classified automatically 60,25% 99,56% Classification certainty level 99,928% 99,9991% < 1 error / 100.000 files * Viruses, Trojans, spyware and ransomware received in our Collective Intelligence platform. Hacking tools, PUPS and cookies were not included in this study. Adaptive Defense vs Traditional Antivirus ** Universal Agent technology is included as endpoint protection in all Panda Security solutions
  • 30. 17/06/2016Adaptive Defense 30 Adaptive Defense vs Other Approaches AV vendors WL vendors* New ATD vendors** Detection gap Do not classify all applications Management of WLs required Not all infection vectors covered (i.e. USB drives) No transparent to end-users and admin (false positives, quarantine administration,… ) Complex deployments required Monitoring sandboxes is not as effective as monitoring real environments Expensive work overhead involved ATD vendors do not prevent/block attacks * WL=Whitelisting. Bit9, Lumension, etc ** ATD= Advanced Threat Defense. FireEye, Palo Alto, Sourcefire, etc
  • 31. 17/06/2016Adaptive Defense 31 How does Adaptive Defense work?
  • 32. A brand-new three phased cloud-based security model 17/06/2016Adaptive Defense 32 1st Phase: Comprehensive monitoring of all the actions triggered by programs on endpoints 2nd Phase: Analysis and correlation of all actions monitored on customers' systems thanks to Data Mining and Big Data Analytics techniques 3rd Phase: Endpoint hardening & enforcement: Blocking of all suspicious or dangerous processes, with notifications to alert network administrators
  • 33. 17/06/2016Adaptive Defense 33 Panda Adaptive Defense Architecture
  • 35. Adaptive Defense in figures +1,2 billion applications already categorized +100 deployments. Malware detected in 100% of scenarios +100,000 endpoints and servers protected +200,000 security breaches mitigated in the past year +230,000 hours of IT resources saved  estimated cost reduction of 14,2M€ Lest’s see an example… 17/06/2016Adaptive Defense 35
  • 36. 17/06/2016Adaptive Defense 36 Scenario Description Concept Value PoC length 60 days Machines currently monitored +/- 690 Machines with malware 73 Machines with malware executed 15 Machines with PUP found 91 Executed PUP files 13 Executed files classified 27.942 Concept Value Malware blocked 160 PUP blocked 623 TOTAL threats mitigated 783
  • 37. 17/06/2016Adaptive Defense 37 Software vendor distribution over 100% of executable files
  • 40. 17/06/2016Adaptive Defense 40 Opera SoftwareDropbox Inc.
  • 41. 17/06/2016Adaptive Defense 41 Vulnerable applications Vulnerable applications activity: - … - (22 vulnerable applications in ALL seats = 2074) Vulnerable applications inventory: - Excel v14.0.7 - v15.0 (279) - Firefox v34.0 - v36 (178) - Java v6 – v7 (80)
  • 45. 17/06/2016Adaptive Defense 45 Potentially confidential information extraction

Editor's Notes

  1. Mw de Macro
  2. Mw de Macro
  3. Como dato curioso MS ofreció una recompensa de 250.000 dólares a quien diera alguna pista que llevara hasta el autor del mw. Jaschan fue fichado en septiembre de 2004 por Securepoint lo que motivó no pocas quejas en el mundillo e incluso conflictos diplomáticos entre empresas del sector (http://en.wikipedia.org/wiki/Sven_Jaschan)
  4. Panda Adaptive Defense is focused on zero day threats, advanced persistent threats, targeted attacks. It is focused on identifying and blocking previously unknown malware. Traditional AV products use known properties like signatures or behaviors to identify malware. The challenge is to protect against malware that has yet to be identified by the AV vendors. Panda Adaptive defense does this by monitoring all running processes on the endpoint. It then uses local capabilities and collective intelligence / big data in the cloud to categorize and attest as to whether an executable is goodware (and not malware). And because it is constantly monitoring all process, it can detect APT malware that may lie dormant for a period of time before being activated. Panda Adaptive Defense goes a step beyond simply providing the security team a slew of IOCs (indicators of compromise). Panda Adaptive Defense leverages collective intelligence to provide a definitive attestation as to whether an executable (and its processes) are malware and It blocks any executable categorized as malware. This automatic investigation saves the security team from having to investigate a large number of IOCs Panda’s experience with remediating malware adds to the capability of Panda Adaptive Defense. Panda Adaptive Defense also logs activities making investigation and remediation a much easier task