Your SlideShare is downloading. ×
0
Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Advanced Threat Protection - Sandboxing 101

1,243

Published on

Advanced Threat Protection Solution Lifecycle Defense

Advanced Threat Protection Solution Lifecycle Defense

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,243
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
103
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. ADVANCED THREAT PROTECTION SANDBOXING 101 KEVIN FLYNN PRODUCT MARKETING OCTOBER, 2013 Blue Coat Confidential – Internal Use Only Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. 1
  • 2. ADVANCED THREAT PROTECTION SOLUTION LIFECYCLE DEFENSE The Blue Coat ATP solution delivers the industry’s most comprehensive protection through the following: 1) Lifecycle Defense: Protection that maps to three threat stages: Realtime blocking for known threats and malware sources (malnets); Advanced threat analysis for unknown threats; and Dwell time reduction for latent threats 2) Adaptive Malware Analysis: Dynamic APT protection that analyzes unknown threats and shares information with other systems in the security infrastructure to increase protection efficiency for unknown and latent threats 3) Network Effect: APT information sharing between 75M users in 15,000 organizations through a feedback loop into the Blue Coat Global Intelligence Network Blue Coat Confidential – Internal Use Only STAGE 3 STAGE 1 Resolve & Remediate Threats Discovered on the Network Block & Enforce All Known Threats GLOBAL INTELLIGENCE NETWORK STAGE 2 Detect & Analyze Unknown Threats Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. 2
  • 3. WHY SANDBOXING? DETECTING & ANALYZING UNKNOWN THREATS  Traditional network defenses are great at dealing with known-threats, terrible at dealing with unknown-threats  Unknown threats require dynamic analysis (aka detonation) in the form of a virtual machine and/or bare-metal or emulation sandbox  Tight integration is necessary between the sandbox and your web gateway Blue Coat Confidential – Internal Use Only Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. 3
  • 4. BLUECOAT SANDBOX MALWARE ANALYSIS APPLIANCE CORE TECHNOLOGY Hybrid Analysis Unmatched intelligence  SandBox emulation  IntelliVM virtualization Behavioral Patterns Expose targeted attacks  Detection patterns  Open source patterns  Custom patterns Plug-in Architecture Extend detection and processing  Interact with running malware  Click-through dialogs and installers Blue Coat Confidential – Internal Use Only SandBox IntelliVM Software x86 emulator Full Windows XP or Win 7 licensed software Hardware emulation Hardware virtualization Generates numerous low-level events – page faults, exceptions, etc. Generates high-level events – file, registry, network, process, etc. Emulated network access and services Real network access and services Hook-based event introspection KernelScout filter driver captures lowlevel events Add your own patterns Add your own patterns Supports EXEs and DLLs Wide range of file support Portable executable memory dumps Extend processing with plugins Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. 4
  • 5. BEHAVIORAL DETECTION PATTERNS INTELLIVM PROFILES AND PLUGINS  Generic and malware campaign specific patterns • Trojan, spyware, worm, ransomware  Extensive pattern library • • • • Core patterns (incl. WebPulse info) Create your own patterns All matching patterns will trigger Global and user-specific patterns  Risk scoring • Set by highest matched pattern • Scores update with new patterns • Script notification triggers for further action Patterns can detect targeted and single-use malware, and do not rely on signature-based detection methodologies Blue Coat Confidential – Internal Use Only Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. 5
  • 6. MALWARE APPLIANCE KEY FEATURES Malware Appliance Enterprise Scalability – Approximately 50,000 analysis tasks per day per appliance – Automated bulk sample processing and risk scoring – Parallel processing on up to 40 virtual machines per appliance Hybrid Analysis – Superior threat dual-detection methodology using SandBox and VM IntelliVMs – Replicate actual production environments including custom applications Plugins – Interact with malware, click through installers, extend custom processing Best-in-class full-featured Web-UI, Analysis Desktop, searching and data mining Open Patterns – Detection criteria is never hidden; Users can add custom patterns Powerful RESTful API – Full programmatic access for integration and automation Pub-Sub API – Secure notifications of analysis task status and task completion Remote management, security, and health status monitoring eases deployment Blue Coat Confidential – Internal Use Only Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. 6
  • 7. BLOCKING, DETECTION & ANALYSIS ProxySG + CAS + Malware Analysis Appliance (Sandbox) Proxy SG Content Analysis System Malware Analysis System Blue Coat Confidential – Internal Use Only Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. 7
  • 8. WWW.BLUECOAT.COM Blue Coat Confidential – Internal Use Only Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. 8

×