Automated Breach
Defense
CONFIDENTIAL AND PROPRIETARY | ©2014 DAMBALLA
Why Advanced Threat
Protection and Containment?
Percent of breaches that remain
undiscovered for months or more
“There is ...
How big is the problem in terms of dollars?
3
32 days
Average time to resolve a
known cyber attack
$1.04M
Average total co...
How big is the problem in terms of resources?
4
86%
Of CISOs say lack of confidence
in ability to manage risk is due to
st...
The Old Security Stack
Prevention DetectionATTACK INFECTION DAMAGE
INFECTION RISK BUSINESS RISK
Firewall
IDS/IPS
Web Secur...
The New Security Stack
Prevention DetectionATTACK INFECTION DAMAGE
INFECTION RISK BUSINESS RISK
NGFW
Endpoint
Containment
...
Damballa: Automated Breach Defense
› Automatically
identify active
threats
› With certainty
Regardless of
prior visibility...
Predictive Security Analytics Platform
Case Analyzer
Platform
 Connection
 Query
• Indicators of
Compromise
• Threat Act...
Damballa Failsafe Architecture
Hub & Spoke | 1 U Appliances | Out of Band
Damballa Failsafe
Data Center Corporate HQ
Data ...
Our Formula – Delivering Predictive
Security Analytics
Visibility for Security
and Risk Professionals
Infographics styled
dashboards,
presenting critical
information upon login....
Incident Reports for
Security Managers
Assurance for Executives
Damballa Customer Success:
Breach Defense = Lower Risk
› Augment client teams
before, during,
or install
› Provide threat
...
Automated
Breach Defense
Customer
Case Studies
Global Family Entertainment Company
Saves $2.0M Over 18 Months
Challenge
A major entertainment company suspected persisten...
Fortune 500 Entertainment Company
Plugs Gaps in Defense
Challenge
A major media company knew their network was slow, and t...
Major Tech Company Fights APTs
with Lean Security Staff
Challenge
A major technology company needed additional visibility ...
The University of Tampa
Increases Visibility
Challenge
Fostering freedom of learning and exchange of knowledge while prote...
Upcoming SlideShare
Loading in...5
×

Damballa automated breach defense june 2014

527

Published on

Data Security for experts

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
527
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
35
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • More effective discovery is important
    Not more alerts
    Your problem is not finding more advanced malware; it’s finding the really infected devices
  • SOURCE #1: 63% - ISACA, “Advanced Persistent Threat Awareness Report” 2013
    SOURCE #2: Ponemon Institute, “2013 Costs of Cyber Crime Study,” October 2013
  • SOURCE #1: 63% - (ISC)2, sixth “Global Information Security Workforce Study (GISWS),” February 2013
    SOURCE #2: 86% - Forrester, “Surviving the Technical Security Skills Crisis,” May 2013
    SOURCE #3: 81%Forrester, “Surviving the Technical Security Skills Crisis,” May 2013
  • Damballa Enables Organizations to:
    Rapidly identify active threats
    With 100% certainty
    Without triage efforts or delays
    Independent of having a malware sample
    Regardless of malware type, infection vector or source
    As a Breach Resistant Organization You Can:
    Quickly and efficiently stop real losses
    Find previously undetected threats
    Remove the threats that can cause losses NOW
    Increase efficiency, and effectiveness by eliminating alert chasing
    Dramatically reduce overall risk
  • Damballa Enables Organizations to:
    Rapidly identify active threats
    With 100% certainty
    Without triage efforts or delays
    Independent of having a malware sample
    Regardless of malware type, infection vector or source
    As a Breach Resistant Organization You Can:
    Quickly and efficiently stop real losses
    Find previously undetected threats
    Remove the threats that can cause losses NOW
    Increase efficiency, and effectiveness by eliminating alert chasing
    Dramatically reduce overall risk
  • Damballa Failsafe uses a hub and spoke distributed computing system architecture. Sensors are placed in key locations within the network to observe all ports of traffic in both directions (Egress, Proxy, and DNS). The Sensors and their Deep Packet Inspections engines listen to traffic passively off a tap or span. The sensors all talk to each other so they can track a devices activity over time. Suspicious evidence is brought back to the management console to be examined by the Case Analyzer and then a verdict is passed. All evidence is presented through the MC.
  • Because of Our Formula. Damballa has unique access to a very large data set of unfiltered, unstructured and unbiased internet and enterprise network data.
    While most security company’s “Labs” are filled with Reverse Malware Engineers, ours is filled with PhD’s, research scientist and Machine Learning experts that apply mathematical algorithms that reveal techniques and infrastructure being used by threat actors…and we’ve been doing this for seven years.
    No other security company that has the unique, Big Data that Damballa has…much less that has been applying leading-edge security research and related machine learning for as long as Damballa.
    Big Data
    -8 trillion records per year
    -200GB-300GB of internet and enterprise network data each day
    -Malware Samples Analyzed: 100K/day; / 36.5M yr.
    -Unique DNS Records: 22B/day; 8T/yr.
    -7 Years of Machine Learning Refinement
    Machine Learning/Data Science
    -7 years
    -13 Patents Filed, 2 already granted
    -8 Detection Profilers & Expanding
    -9 Risk Profilers & Expanding
    -Partnerships pivoting from Damballa Discoveries
    Engines Leverage Big Data
    -Fortune 2000 Enterprises
    -Global ISPs & Telcos
    -Academic and Industry Partnerships
    -Future Proof
    -Behavioral
    -Example: Domain Fluxing (DGA)
    -Example: Peer-To-Peer
  • Visibility into current security posture for advanced threats
    Rapid knowledge of active infections
    Which infections are under successful control of an adversary
    Which infections pose the highest risk to the organization and which devices have been re-infected.
    Dashboards: Average Infection Age, Riskiest Infected Assets, Maliciously Controlled Assets, Infected Assets Over Time,…
  • Robust reporting, relaying important information regarding the state of your network
    Reports: Infection Lifecycle, Malware in Motion, System Health, Incident, Malware Trace…
  • Providing Assurance Advanced Threats Don’t Remain Undetected
  • Robust reporting, relaying important information regarding the state of your network
    Reports: Infection Lifecycle, Malware in Motion, System Health, Incident, Malware Trace…
  • This is Entrust.
  • Damballa automated breach defense june 2014

    1. 1. Automated Breach Defense CONFIDENTIAL AND PROPRIETARY | ©2014 DAMBALLA
    2. 2. Why Advanced Threat Protection and Containment? Percent of breaches that remain undiscovered for months or more “There is widespread agreement that advanced attacks are bypassing traditional signature-based security… The threat is real. You are compromised; you just don't know it.” – Gartner, Inc., 2012 69% of breaches were spotted by an external party – 9% were spotted by customers. 69% “Prevention is crucial, and we can’t lose sight of that goal. But we must accept the fact that no barrier is impenetrable, and detection/response represents an extremely critical line of defense. Let’s stop treating itlike a backup plan if things go wrong and start making it a core part of the plan.” – Verizon Data Breach Study 2013
    3. 3. How big is the problem in terms of dollars? 3 32 days Average time to resolve a known cyber attack $1.04M Average total cost to the organization over 32 days 63% Of enterprises say it’s only a matter of time until they’re targeted by APT
    4. 4. How big is the problem in terms of resources? 4 86% Of CISOs say lack of confidence in ability to manage risk is due to staffing 81% Of security leaders say staffing challenges will remain the same or get worse over next 5-10 years 2/3’s Of CISOs say they are short- staffed and therefore vulnerable to breaches
    5. 5. The Old Security Stack Prevention DetectionATTACK INFECTION DAMAGE INFECTION RISK BUSINESS RISK Firewall IDS/IPS Web Security Email Security Sandboxing Host AV/IPS/FW Resource intensive, inefficient manual investigation efforts. “Is this alert real or a false positive?” ALERT & LOGS SOC SIEM Single Pane of Glass
    6. 6. The New Security Stack Prevention DetectionATTACK INFECTION DAMAGE INFECTION RISK BUSINESS RISK NGFW Endpoint Containment Sandboxing Email Gateway ALERT & LOGS SOC SIEM Single Pane of Glass LEGACY Host AV/IPS/FW Damballa fills the security gap between failed prevention and your incident response
    7. 7. Damballa: Automated Breach Defense › Automatically identify active threats › With certainty Regardless of prior visibility or knowledge of malware sample, infection vector or source Focus on true, active infections Confidently prioritize response Proactively block infections you haven’t gotten to Enabling A Breach Resistant Organization
    8. 8. Predictive Security Analytics Platform Case Analyzer Platform  Connection  Query • Indicators of Compromise • Threat Actors / Intent  File  Request • Zero Day Files • Suspicious HTTP Content  Domain Fluxing  Automation  Execution  Peer-To-Peer • Automated Malicious Activity • Observed Evasion Tactics  Data Transferred  PCAPs  Communication Success  Malicious File Availability  Sequence of Events  Importance of Endpoint  Malware Family Intent  Severity  AV Coverage Damage Potential •Observed Activity •Device Properties •Threat Sophistication •Threat Intent 9 Risk Profilers Prioritized Risk of Confirmed Infections 8 Detection Engines Rapid Discovery & Validation of Infections 8
    9. 9. Damballa Failsafe Architecture Hub & Spoke | 1 U Appliances | Out of Band Damballa Failsafe Data Center Corporate HQ Data Center Remote Office Data Center / Office Sensor Sensor Backhaul Sensor Management Console Egress Proxy DNS Proxy DNS Egress Traffic Monitored by Sensor
    10. 10. Our Formula – Delivering Predictive Security Analytics
    11. 11. Visibility for Security and Risk Professionals Infographics styled dashboards, presenting critical information upon login. Dashboard Assets Files Reports System Threats Damballa Failsafe 5.2 Welcome Admin My Account | Help | Logout
    12. 12. Incident Reports for Security Managers
    13. 13. Assurance for Executives
    14. 14. Damballa Customer Success: Breach Defense = Lower Risk › Augment client teams before, during, or install › Provide threat analysis & research Professional Services Customer Support Customer Advocacy Education & Training Ensure adoption & value realization Provide tech & functional support Manage updates & upgrades Teach customers how to use Failsafe Provide industry knowledge
    15. 15. Automated Breach Defense Customer Case Studies
    16. 16. Global Family Entertainment Company Saves $2.0M Over 18 Months Challenge A major entertainment company suspected persistent threats on their network and brought in a well-known incident response firm to help. The firm’s evidence was hard to corroborate and lack of visibility forced IT to constantly perform bare-metal restores to machines that may or may not have actually been a risk to the organization. Solution The company, which operates many non-Windows devices (Macs, iOS, Android and even embedded systems), purchased Damballa Failsafe because the solution is platform-agnostic. “The ability to cover multiple platforms and operating systems across the enterprise separated Damballa Failsafe from the others.” The company currently protects over 100,000 enterprise devices throughout the organization. Result The company has saved $2.0M in 18 months from improved response capabilities. “ We’re not wasting money and time for truck rolls on things that aren’t actually infected. One hundred percent of the machines that Damballa Failsafe has identified as infected have in fact been infected.”
    17. 17. Fortune 500 Entertainment Company Plugs Gaps in Defense Challenge A major media company knew their network was slow, and they were spending a lot of time troubleshooting users systems, related to security. None of their solutions were alerting them to malicious traffic, so infections remained hidden. Solution The company selected Damballa Failsafe to fill the gaps resulting from signature-based defenses.“Within 48 hours, we saw a clear difference with Damballa Failsafe. We understood what, where and how the threat activity was occurring, blocked the threat and triaged that information into an actionable task such as patch management or cleaning up other security instrumentation.” Result The IT team reduced the number of monthly incidents by over 99%. “ Everybody does signatures and sandboxing. Failsafe does behavior detection, and that’s the right ingredient for our network security sandwich. Damballa is the secret sauce we were missing,” said their information security director. ”
    18. 18. Major Tech Company Fights APTs with Lean Security Staff Challenge A major technology company needed additional visibility into threats on their network. They were spending 4-5 days responding to a single malware incident, meaning higher-priority projects were not getting completed by their small team. Solution “We were interested in a company that was focused on researching APTs and innovating in this space. We wanted strong focus on detection, not a one-box-does-all solution,” said their Senior IT Security Specialist. The company began its Damballa Failsafe deployment with one sensor and immediately realized benefits as a result of the added visibility provided by the product. Result Damballa saved more than a week, reducing the time to resolve a threat from hours/days to less than 20 minutes, depending on the criticality of the threat. Damballa also accelerated incident response decisions and reactions due to the accurate data and the ability to pinpoint threats early and easily remediate them. “ I love the product – it is extremely easy to set up and deploy. In just five to ten minutes I can have a new sensor up and running and see what’s on the network.”
    19. 19. The University of Tampa Increases Visibility Challenge Fostering freedom of learning and exchange of knowledge while protecting the school’s research and information. “I have two challenges,” said Tammy Clark, CISO. “Protecting these environments in a manner that allows us to maintain that open culture and being able to see what the bad guys are doing.” Solution The University of Tampa purchased Damballa for its ability to identify active threats and level of intelligence it provides on command-and-control behavior sets it apart from other advanced threat detection solutions. “Other technologies don’t provide the same level of intelligence. Failsafe is like having a pair of eyes on the network that let you see what is otherwise invisible to the naked eye,” said Clark. Result Clark credits Damballa for enabling her team to reduce the time required to respond to an incident while improving overall network security. “ Damballa lets us be highly proactive in detecting advanced threats. When we see network activity in Failsafe, we can quickly pivot to other security controls to see if that activity is also showing up somewhere else and shut it down. There is a high confidence factor in the solution being able to find a threat and show it to us quickly, so we can take action to contain and remediate it effectively.”
    1. ¿Le ha llamado la atención una diapositiva en particular?

      Recortar diapositivas es una manera útil de recopilar información importante para consultarla más tarde.

    ×