Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Anatomy of an Attack - Sophos Day Belux 2014


Published on

Anatomy of an Attack - Next Generation Endpoint, presentation given by Vincent Vanbiervliet at Sophos Day Belux on November 25th, 2014.

Published in: Education
  • Be the first to comment

Anatomy of an Attack - Sophos Day Belux 2014

  1. 1. 1 Next Generation Endpoint Sophos Security Day – 25/11/2014 Vincent Vanbiervliet Senior Sales Engineer
  2. 2. 2
  3. 3. 3 The perception of endpoint security “Antivirus software is now so ineffective “Conventional “The current antivirus anti-virus software method is of an at detecting new malware threats most outmoded way of protecting computers enterprises are probably wasting their detecting and blocking known samples is no longer effective.” against malware.” money buying it.”
  4. 4. 4 Some vendors overcompensate • Sophisticated functionality • Endless add-ons • Requires major time investment • Not simple
  5. 5. 5 Our products are sophisticated and simple Malicious Attack Perimeter Malware Spam Web behavior surface protection detection blocking defense prevention reduction
  6. 6. 6 SophosLabs makes it possible Threat intelligence
  7. 7. 7 Big data 2–3 TB of threat data per week 5 million spam emails per day 600 million live lookups per day 150,000 suspicious URLs per day 300,000 new files per day
  8. 8. 8 Automation Malware analysis Decision making Analytics New identity every 4–5 seconds Live Protection
  9. 9. 9 Leveraged expertise Web security — bad URLs Web security — exploit code Signatures Unpacking Static code analysis Emulation Live Protection HIPS Buffer Overflow Protection Exploit patterns 19 identities account for Multi-factor identities 50% of detections Behavior-based rules
  10. 10. 10 • Zero day malware protection • Tuned by SophosLabs • Over 80% adoption • No one else makes it this simple HIPS for everyone This doesn’t look right!
  11. 11. 11 Effortless application control Them: Complex, manual rule sets Us: Simple point and click
  12. 12. 12 What simple, effective security means IT Department Support Threat Intelligence & Response Software development Infrastructure • Less time managing protection • Fewer security incidents • More time to focus on business priorities
  13. 13. 13 Building next gen endpoint security Web security — bad URLs Web security — exploit code Signatures Unpacking Static code analysis Emulation Live Protection HIPS Buffer Overflow Protection Download reputation File tracking New emulator C&C traffic detection
  14. 14. 14 Advanced Persistent Threat: Protection Advanced Threat Protection: Detects Botnets, stops outbound traffic, selective analysis Firewall Antivirus IPS Web Email WAF Social media Events Other websites ….. Phishing Spoof calls USB sticks ….. Lay low Do nothing ‘low & slow’ …. Collate data Encrypt Extract …. 1 Gather information 2 Find a way in 3 Avoid being discovered 4 data Get out with the data Layered protection is the best defense against targeted attacks
  15. 15. 15 Advanced Threat Protection in Sophos UTM
  16. 16. 16 Advanced Threat Protection in Sophos UTM Alerts to infected clients Provides: • Consolidated reporting • Threat information • Link to SophosLabs Threat Center
  17. 17. 17 Context-Aware Security A coordinated threat sensing system The traditional way: One point in time and space The new way: Many points in time and space How? • We watch all points • We correlate intelligence • We coordinate protection • We strengthen every point • We build a stronger system Laptop Network Server App Mobile Cloud Another Suspicious outbound traffic Suspicious runtime behavior Indicators of Compromise: alert & respond Application reputation Application categorization and tracking Mal/sus attributes pre-execution IPS/IDS events System events
  18. 18. 18 What if robots could work together? Looks like your PC is infected. Let’s isolate it from the network. Oops, you’re right. I’ll clean it up. Tell the others to watch out for badfile.exe.
  19. 19. 19 • Simple, effective protection • SophosLabs does the work, so customers don’t have to • Ongoing innovation – here comes next gen endpoint security Summary
  20. 20. 20 © Sophos Ltd. All rights reserved.