Intro To ECAT

•Download as PPTX, PDF•

0 likes•741 views

ECAT is a solution that provides enterprise compromise assessment through host-based deep scanning, network traffic analysis, live memory analysis, and machine suspect level analysis. It fills detection gaps left by traditional antivirus and firewall solutions by using signature-less techniques like application whitelisting, certificate validation, and multi-engine antivirus scans. The ECAT solution enables rapid breach detection, recovery, and forensics through direct physical disk inspection and live memory analysis to identify compromises across an enterprise.

ECAT – Enterprise Compromise Assessment

Chad Loeven, VP Sales and Marketing
Pascal Longpre, Founder and CTO

Enterprise security today
AV on desktop and server
Firewall

• Bluetooth and WiFi can
bypass in-line devices
• Inline devices can’t
identify what
happened on the host
in a compromise

IPS SIEM

Kaspersky – Rated #1 AV overall

>42% of all new
malware passed
through undetected

ECAT fills the detection gap

Incident -> Rapid breach detection Recovery Forensics

The ECAT solution: no signatures
• Host-based Deep Scan

• Network traffic

• Live Memory
Analysis

• Machine
Suspect Level

ECAT Overview – server and agent

Server-side analysis
of the endpoint

ECAT – Baselines and whitelists
Whitelisting:
• Bit9 Global Software Registry (GSR)
• NIST database of known-good hashes
• ECAT whitelist including Microsoft MSDN
• Server-side Cert validation

• Opswat Metascan scans against 6 or more AV engines

ECAT – Enterprise Compromise Assessment

Network Traffic analysis
Multi-engine AV scan
Application Whitelisting
Certificate Validation • Rapid Breach Detection
Direct physical disk inspection • Signature-less
Live Memory Analysis • Fills the gap in desktop defense
Full System Inventory • Actionable information -fast
• Remediation

ECAT – Enterprise Compromise Assessment

Finding an evil
in a
haystack
www.siliciumsecurity.com

What's hot

According to SAP 85% of cybersecurity attacks target the application layer. To be successful in defending against these attacks you need to use a variety of tools. In session we'll go into the various types application security tools and approaches, including SAST, DAST, RASP, PEN, as well as Open Source Vulnerability Management. We'll help you understand the differences between these tools and help you develop a plan for filling your application security toolbox.

Filling your AppSec Toolbox - Which Tools, When to Use Them, and Why

Black Duck by Synopsys

Internet Accessible ICS in Japan (English)

Digital Bond

Digital transformation involves removing the barriers to delivering value to customers. The mechanisms of digital transformation: DevOps, microservices architecture and others, simplify and speed delivery but complicate aspects of security–particularly vulnerability discovery. Yet, as firms release more and more microservices to production, and do so more frequently, the need to understand changes to the attack surface increases. Scaling legacy vulnerability discovery techniques has proven challenging and firms have responded by taking a different approach altogether. Using data from recent surveys, ZeroNorth CTO John Steven will illustrate how, by doing well-known security activities differently and by doing fundamentally different activities, security is able to align with the modern development architectures and cultures. Specifically, we’ll address questions like: What’s the place of OSS in vulnerability discovery? What does a secure SDL and CI/CD pipeline look like? What do governance gates look like in a continuous world?

The Impact of Digital Transformation on Enterprise Security

DevOps.com

Fore scout nac-datasheet

Khoa Nguyen Hong Nguyen

Recover Multi-Vendor Network Infrastructure in minutes

Michael Bell

F5 Web Application Security

MarketingArrowECS_CZ

Genian NAC provides network surveillance and performs ongoing compliance checks to ensure that all connected devices are automatically identified, classified, authorized, and given policy-based access control. It also provides all the major features that network managers expect, such as IP Address Management (IPAM), Desktop Configuration Management, WLAN access control, automated IT security operation, IT asset management, and much more. Genians NAC provides both on-premise and cloud-based deployment options, providing for ease of deployment and ongoing management.

Genian NAC Overview

GENIANS, INC.

Firewall, Router and Switch Configuration Review

Christine MacDonald

Attendees Need To Consolidate - Reduce the number of IT Security Solutions - Select Solutions that provide Multiple Features - Retire Legacy Solutions! Attendees Need More Visibility - Ensure Solutions can see ALL IP Enabled devices - Ensure Solutions provide Detail and Context! - Solution should adapt to YOUR environment Attendees Need Cloud Managed Solutions - Solution should support Vendor our Customer Cloud Options - Ease of Deployment and Pricing Options Matter

What we learned from MISA Ontario 2020 Infosec

GENIANS, INC.

Making the Transition from Suite to the Hub

Black Duck by Synopsys

checkpoint

Mayank Dhingra

Sasa milic, cisco advanced malware protection

Dejan Jeremic

Check Point sizing security

Group of company MUK

As presented at OpenShift Commons Sept 8, 2016. Cyber threats consistently rank as a high priority for data center operators and their reliability teams. As increasingly sophisticated attacks mount, the risk associated with a zero-day attack is significant. Traditional responses include perimeter monitoring and associated network defenses. Since those defenses are reactive to application issues attackers choose to exploit, it’s critical to have visibility into both what is in your container library, but also what the current state of vulnerability activity might be. Current vulnerability information for container images can readily be obtained by using the scan action on Atomic hosts in your OpenShift Container Platform. In this session we’ll cover how an issue becomes a disclosed vulnerability, how to determine the risk associated with your container usage, and potential mitigation patterns you might choose to utilize to limit any potential scope of compromise.

The How and Why of Container Vulnerability Management

Tim Mackey

BreakingPoint & Crossbeam RSA Conference 2011 Presentation: Evaluating High P...

Ixia

BreakingPoint Storm CTM Cost-Effective Testing Solution

Ixia

Webinar remote access_no_vpn_pitfalls_111517

Zscaler

Integration and automation are cornerstones of DevOps. Black Duck Hub provides integrations to CI/CD solutions like Jenkins and TeamCity, but what if you are using a different solution or maybe even your own custom tools? Never fear! Black Duck Hub API's allow you to leverage Black Duck open source scanning and policies into your environment. In this session we'll roll up our sleeves and dig into some coding examples to show you how to do it.

Integrating Black Duck into Your Environment with Hub APIs

Black Duck by Synopsys

Browser isolation (isc)2 may presentation v2

Wen-Pai Lu

LTE Testing

Ixia

What's hot (20)

Filling your AppSec Toolbox - Which Tools, When to Use Them, and Why

Internet Accessible ICS in Japan (English)

The Impact of Digital Transformation on Enterprise Security

Fore scout nac-datasheet

Recover Multi-Vendor Network Infrastructure in minutes

F5 Web Application Security

Genian NAC Overview

Firewall, Router and Switch Configuration Review

What we learned from MISA Ontario 2020 Infosec

Making the Transition from Suite to the Hub

checkpoint

Sasa milic, cisco advanced malware protection

Check Point sizing security

The How and Why of Container Vulnerability Management

BreakingPoint & Crossbeam RSA Conference 2011 Presentation: Evaluating High P...

BreakingPoint Storm CTM Cost-Effective Testing Solution

Webinar remote access_no_vpn_pitfalls_111517

Integrating Black Duck into Your Environment with Hub APIs

Browser isolation (isc)2 may presentation v2

LTE Testing

Viewers also liked

Chapter 12

application developer

Chapter 19

application developer

CSS3 notes

Rex Wang

Chapter 25

application developer

CSS

Akila Iroshan

HTML5 &CSS: Chapter 08

Steve Guinan

HTML & CSS: Chapter 07

Steve Guinan

HTML: Chapter 01

Steve Guinan

HTML & CSS: Chapter 03

Steve Guinan

Html and CSS: Chapter 02

Steve Guinan

HTML & CSS: Chapter 06

Steve Guinan

CSS - Basics

Shubham_Saurabh

HTML & CSS: Chapter 04

Steve Guinan

Unit 6, Lesson 3 - Vectors

Bread board

Breadboard

Basic css

Web Engineering - Basic CSS Properties

Nosheen Qamar

Vernier caliper

Abinashpapu

Spline Interpolation

aiQUANT

Viewers also liked (20)

Chapter 12

Chapter 19

CSS3 notes

Chapter 25

CSS

HTML5 &CSS: Chapter 08

HTML & CSS: Chapter 07

HTML: Chapter 01

HTML & CSS: Chapter 03

Html and CSS: Chapter 02

HTML & CSS: Chapter 06

CSS - Basics

HTML & CSS: Chapter 04

Unit 6, Lesson 3 - Vectors

Bread board

Breadboard

Basic css

Web Engineering - Basic CSS Properties

Vernier caliper

Spline Interpolation

Similar to Intro To ECAT

CYBER INTELLIGENCE & RESPONSE TECHNOLOGY

jmical

Demystifying Visual Studio 2012 Performance Tools

Martin Kulov

Transforming your Security Products at the Endpoint

Ivanti

Enterprise Cyber-Physical Edge Virtualization Engine (EVE) Project.pdf

Dmitri Shiryaev

Web Based Security

John Wiley

Towards secure & dependable storage services in cloud

Rahid Abdul Kalam

Zero footprint guest memory introspection from xen

Bitdefender Enterprise

Kaseya Connect 2012 - THE ABC'S OF MONITORING

Kaseya

ISS Capstone - Martinez Technology Consulting and Cedar Hills Church Security...

Robert Conti Jr.

Detecting Evasive Malware in Sandbox

Rahul Mohandas

Still wrestling with patching 3rd party applications? We’ll walk you through the new “Latest Software Patches” widget available on Spiceworks and show you what valuable information can be learned about the state of your security. Find out what’s coming in the near future (specifically more patch management functionality built into Spiceworks) and how easy it will be to always keep your IT infrastructure secure.

Bringing Patch Management to Spiceworks

Spiceworks

Quick wins in the NetOps Journey by Vincent Boon, Opengear

MyNOG

IOT Exploitation

Cysinfo Cyber Security Community

NIC2012 - System Center Endpoint Protection 2012

Nicolai Henriksen

Ball Systems Capabilities

amhoff

Preventing The Next Data Breach Through Log Management

Novell

1. How to integrate OpenStack environment to our existing infrastructure. 2. How to efficiently interconnect the SAE & SWS, while preserving security properties and seamless connection. 3. The challenges we are facing when building & providing OpenStack-based public cloud service and how we solved it. http://openstackconferencespring2012.sched.org/event/370f9d74a4e9e938a7f6f1e2af0958fe?iframe=yes&w=990&sidebar=no&bg=no#?iframe=yes&w=990&sidebar=no&bg=no#sched-body-outer

Integrating OpenStack To Existing Infrastructure

Hui Cheng

Cybersecurity - Jim Butterworth

TechBiz Forense Digital

CloudStack Secured

John Kinsella

The Age of Network Operations Management Software Defined Data Centers Author: Bill Erdman VMware’s Software Defined Data Center (SDDC) is a reference architecture designed to deliver important business outcomes in a scalable, highly flexible manner. SDDC enables intelligent operations from apps to storage. Learn how to unlock the business value of SDDC for your enterprise, experiencing gains in key areas such as: - Securing your infrastructure - Speed and agility - Time-to-market - Compute capacity utilization

The Age of Network Operations Management in Software Defined Data Centers

Virtualization and Cloud Management Solutions

Similar to Intro To ECAT (20)

CYBER INTELLIGENCE & RESPONSE TECHNOLOGY

Demystifying Visual Studio 2012 Performance Tools

Transforming your Security Products at the Endpoint

Enterprise Cyber-Physical Edge Virtualization Engine (EVE) Project.pdf

Web Based Security

Towards secure & dependable storage services in cloud

Zero footprint guest memory introspection from xen

Kaseya Connect 2012 - THE ABC'S OF MONITORING

ISS Capstone - Martinez Technology Consulting and Cedar Hills Church Security...

Detecting Evasive Malware in Sandbox

Bringing Patch Management to Spiceworks

Quick wins in the NetOps Journey by Vincent Boon, Opengear

IOT Exploitation

NIC2012 - System Center Endpoint Protection 2012

Ball Systems Capabilities

Preventing The Next Data Breach Through Log Management

Integrating OpenStack To Existing Infrastructure

Cybersecurity - Jim Butterworth

CloudStack Secured

The Age of Network Operations Management in Software Defined Data Centers

Intro To ECAT

1. ECAT – Enterprise Compromise Assessment Chad Loeven, VP Sales and Marketing Pascal Longpre, Founder and CTO

2. Enterprise security today AV on desktop and server Firewall • Bluetooth and WiFi can bypass in-line devices • Inline devices can’t identify what happened on the host in a compromise IPS SIEM

3. Kaspersky – Rated #1 AV overall >42% of all new malware passed through undetected

4. ECAT fills the detection gap Incident -> Rapid breach detection Recovery Forensics

5. The ECAT solution: no signatures • Host-based Deep Scan • Network traffic • Live Memory Analysis • Machine Suspect Level

6. ECAT Overview – server and agent Server-side analysis of the endpoint

7. ECAT – Baselines and whitelists Whitelisting: • Bit9 Global Software Registry (GSR) • NIST database of known-good hashes • ECAT whitelist including Microsoft MSDN • Server-side Cert validation • Opswat Metascan scans against 6 or more AV engines

8. ECAT – Enterprise Compromise Assessment Network Traffic analysis Multi-engine AV scan Application Whitelisting Certificate Validation • Rapid Breach Detection Direct physical disk inspection • Signature-less Live Memory Analysis • Fills the gap in desktop defense Full System Inventory • Actionable information -fast • Remediation

9. ECAT – Enterprise Compromise Assessment Finding an evil in a haystack www.siliciumsecurity.com

Editor's Notes

Welcome to Silicium Security, the makers of ECAT, an Enterprise Compromise Assessment Tool for signature-less malware detection.We’ve been delivering security solutions to large enterprises, government and military for over a decade and work with a global network of partners to deploy and support ECAT worldwide.In this brief video we’ll explain why current signature-based security solutions come up short and how ECAT can bridge the detection gap.
Virtually every enterprise today has in-line and host based security solutions blocking, monitoring and remediating threats at multiple levels. However, most of these solutions share one common trait in that they overwhelmingly rely on signatures. In other words, they can only block or detect what they already know about. In line and network-based solutions also have major blind spots. Laptops and remote workstations are often invisible. Bluetooth and WiFi can be hijacked to bypass network controls.
So what’s the problem with signatures?An advertised 99% detection rate sounds great, but that stat is measured over an entire body of mostly old threats. The 1% not detected is overwhelmingly new, and targeted, attacks. Even minor variants of existing threats can bypass AV, IPS.As an example, let’s take a closer look at the best AV on the market and see how it fares…..Kaspersky was recently ranked as the Product of the Year by a respected independent testing agency – but what does that mean? Unfortunately, when we drill down into the details of the report, ‘winning’ meant only failing 42% of the time on new threats. Which was still better than virtually all other AV products on the market!
ECAT fills the gap between traditional signature-based security tools and forensics, delivering rapid breach detection and compromise assessment.
The solution is not to depend on signatures, but rather do a deep analysis of the endpoint combining multiple technologies and approaches. Host-based analysis is key, signature-less network-based solutions will not identify what process is infected or how. No assumptions can be made about the integrity of the endpoint prior to a scan, and analysis must be independent of the end user and done on the server, not the target machine. By assigning a suspect level to each component of the machine, we can build an overall Machine Suspect Level to determine if there has been a compromise and take action.
ECAT can be deployed as an incident response tool, as part of a security audit or for ongoing monitoring of the enterprise machines.Each ECAT server can handle up to 20K agents. Each agent scans silently in the background with no user interaction. The load is minimal as all information is gathered and sent back to the server, where the analysis is done. The ECAT server verifies the system integrity, and builds a holistic view of the endpoint.
An important feature of ECAT is the ability to set an enterprise-wide baseline from a clean machine. This process eliminates background noise and false positives, and means truly suspect behaviour will be highlighted.As a 1st step, ECAT conducts server-side Certificate validation to avoid any possible compromise of the cert validation process on the endpoint. Next, ECAT compares every file against 3 powerful whitelists from NIST, Microsoft and Bit9. Combined, every file found is scanned against a database of billions of files. Custom homegrown applications can also be whitelisted system-wide.Finally, each file can be run against OpswatMetascan’smuti-AV scanner to quickly identify known bad files that the desktop AV may have missed. By quickly sorting found files into known good, and known bad, ECAT brings to the fore in the console machines that need immediate attention.
To summarise, ECAT fills the gap between existing solutions. It delivers accurate, actionable information quickly to the people that need it. ECAT does this by layering on multiple approaches and technologies, starting with aFull system inventory,Live memory analysisPhysical disk analysisCertificate validationWhitelistingMulti-AV scansNetwork Traffic monitoring and statistical Analysis.No other approach delivers detection results like ECAT can.
Thank you for watching. Consult our website or youtube channel to view ECAT in action, or contact us for more information.

Intro To ECAT

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to Intro To ECAT

Similar to Intro To ECAT (20)

Intro To ECAT

Editor's Notes