Detection is Dead
•Download as PPT, PDF•
0 likes•54 views
A Master Class given by Yul Bahat during the Forum Internationale de la Cybersécurité (FIC) 2018. Brief: "Detection, the core cyber security mechanism we have been using for the past 50 years is failing us. We need to be open to new innovations, and new ways to achieve protection".
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Detection is Dead
Similar to Detection is Dead (20)
Recently uploaded
Recently uploaded (20)
Detection is Dead
- 2. 2
- 3. Introduction • Previous roles include: • Head of IT Risk Surveys for a leading consulting firm in Israel • Head of Cyber Security Threat Intelligence at the Israeli e-Gov department • Senior Information Security Specialist at the Organisation for Economic Cooperation and Development (OECD) • Currently • Co-Founder of Securitude Cyber Solutions – Come visit us at booth D24, or on our website: www.securitude.com But if I must… 3
- 4. Introduction (CyAN) CYbersecurity Advisors Network (CyAN) An international not-for-profit association established in 2015. CyAN aims to strengthen cybersecurity and fight against cybercrime through a multi-disciplinary approach based on mutual trust among its members and on complementarity of their profiles and experiences. CyAN is a pool of experts in all disciplines, with 67 worldwide members in 2017. Partnerships: Partnerships in the works with organisations as reputable as Bloomberg, Kaspersky, Viva Tech Forum, CyberSec Krakow, FIC and more. Projects: CyAN takes part in European projects such as OSINT by Europol and MANDOLA by the European Commission More information: meet us at our stand (E20) or visit www.cyan.network But I’m here under a different hat… 4
- 5. The Big Old AV Myth 5
- 6. The Big AV Myth 6 Taken from Anti-Virus Comparative Malware Protection Test Oct 2017
- 7. The Big AV Myth 7 Taken from Anti-Virus Comparative Malware Protection Test Oct 2017
- 8. The Big AV Myth 8 Taken from Anti-Virus Comparative Malware Protection Test Oct 2017
- 9. 9
- 10. Detection Technologies • Anti Malware (also Next-Gen Anti Malware) • Network based IDS/IPS • Host based IDS/IPS • Sandbox (In-Band or Out-of-Band) • … It’s not just the Anti-Malwares that are failing 10
- 11. Evolution of Detection • Signatures • Heuristics • Baseline / Anomalies • Cloud Based • Threat Intelligence • Machine Learning • Artificial Intelligence Rise of the buzzwords 11
- 13. 13
- 14. Evasive Techniques • ~90% of advanced malware use evasive techniques • Obfuscation (Packers, API Hashing…) • Domain Generation Algorithms • DNS Tunnelling • Military Grade Encryption • Timed Delays • Environmental Awareness Hide from detection, seek the detectors 14
- 15. 15
- 16. Isolation 16
- 17. Isolation • Shut down direct access to assets • Content Disarmament & Reconstruction (CDR) • Segmentation, Segmentation, Segmentation • Micro Virtual Machines and Micro-Segmentation • Move interaction to outside your network • Web Browsing Isolation Keep malicious stuff as contained and as far away as possible 17
- 18. Isolation – Web Browsing Isolation 18 HTTP Request HTML Response
- 19. Isolation – Web Browsing Isolation 19 HTTP Request HTML ResponseInteractive HTML5 Video Stream
- 20. Deception 20
- 21. Deception • Confuse the attacker • Fake Environment Simulation • Lure the attacker • Breadcrumbs Somehow, somewhen, somewhere – somebody got in 21
- 25. 25 Deception – The Art of Confusion
- 26. 26 Deception – The Art of Confusion
- 27. Deception – The Art of Confusion 27
- 28. Deception – Believable Traps 28 • Cookies • Credentials • Net Shares • SSH Keys Decoys
- 29. Conclusion 29
- 30. Conclusion • Detection is Dead (or at least, dying) • It’s a good last line of defense • Isolation • Nothing should get in your perimeter directly • Deception • Use their evasive techniques in your benefit Imagine something funny written here 30
- 31. Thank you! 31 Yul Bahat Securitude Cyber Solutions / CyAN yul@securitude.com
Editor's Notes
- With representation in initiatives such as the fake news comission
- Market share in corporates of McAfee, Symantec and Trend, combined is ~80%.
- And this is even before we discussed the fact that in some cases, there’s a person whose entire job is to maintain exceptions and whitelisting. And this is a legacy machine, so we can’t activate half the features, and this server is too important, so we don’t dare install anything on it.
- And this is even before we discussed the fact that in some cases, there’s a person whose entire job is to maintain exceptions and whitelisting. And this is a legacy machine, so we can’t activate half the features, and this server is too important, so we don’t dare install anything on it.
- And this is even before we discussed the fact that in some cases, there’s a person whose entire job is to maintain exceptions and whitelisting. And this is a legacy machine, so we can’t activate half the features, and this server is too important, so we don’t dare install anything on it.
- Hackers and malwares are the world champions of Hide and Seek. They are, unfortunately, much better than my kid is.
- There are many trends and things to look out for in the next couple of years, but I don’t have time to go voer all them. I chose two. And the fact is, they are not new. But in the last couple of years there were some amazing developments, and I think you should really take a closer look at them in 2018-2019.
- The name of the game is seamless protection
- The name of the game is seamless protection
- The name of the game is seamless protection
- My personal favorite trend. When clients are asking me where the future of cyber security lies, this is my answer
- The name of the game is seamless protection
- The name of the game is seamless protection
- The name of the game is seamless protection
- The name of the game is seamless protection
- The name of the game is seamless protection
- The name of the game is seamless protection
- The name of the game is seamless protection
- The name of the game is seamless protection
- The name of the game is seamless protection