This document discusses the need for advanced threat protection and containment solutions due to the high percentage of cyber attacks that go undetected for months. It notes that traditional prevention-focused security approaches are no longer sufficient. The document then highlights statistics on the financial and resource costs of cyber attacks. It introduces Damballa's automated breach defense platform, which uses behavioral analytics to automatically identify active threats, regardless of prior knowledge. The platform aims to enable a breach resistant organization. The document concludes by presenting several customer case studies where Damballa helped reduce costs, detection times, and improve visibility and response.
What can go wrong?!
Thirty years of commercial information security have taught us to orchestrate perimeter controls, to correctly configure AAA systems, to evaluate risks and manage them.
But when we talk about the supply chain, the context dramatically changes and we risk realising we did not understand it all or we naively transferred our risk to an unaware third party.
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...Kaspersky
A key business goal of any organization is to maintain the constant availability of data and systems that can be trusted for decision-making purposes. The evolving threat landscape has resulted in increasing focus, right to board level, on cybersecurity. IT operational and security teams should demonstrate a comprehensive, cohesive approach in their response to security incidents and data breaches.
Who is responsible for security in the enterprise? Every company takes a different approach, but in many cases, accountability and authority do not reside in the same role. When this happens, it’s hard to tell who is responsible for securing digital assets. No wonder executives are worried.
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Security B-Sides
The following lecture will cover very advanced techniques and trade craft of subversive multi-vector threat's (SMT's) and advanced persistent threats (APTs) by two of the world's leading experts in this specific field. It is important to understand that APT's have a long history and though typically not talked about unless you are dealing with Governments, Defense Industrial Base (DIB), research organizations and global financials are all too real. The techniques and tradecraft associated are so mature and diverse, they literally go undetected. Today’s Internet is far more complex, dynamic and diverse than ever before. Because of this fast-paced evolution within the threat landscape these types of attacks (as we predicted in a recent lecture at ToorCon in October 2009 in San Diego, Ca), have swiftly become mainstream. The telemetry of the attack surface knows no bounds and includes any mediums necessary for the completing their operational charter and missions. In most instances, these attacks are sponsored by nation state and sub-national entities either politically or economically motivated. During our discussion, we will address the history and psychology of these cyber actors as it relates to APTs and while advancing in an in-depth discussion on SMT's, crypto-virology, asymmetric forms of information gathering, recent use cases and next generation countermeasures for detecting and defending these types of attacks. Lastly, as we predicted last fall on the rise of the APT's into the mainstream, we will also leave you with yet another prediction of what to expect in the coming year.
What can go wrong?!
Thirty years of commercial information security have taught us to orchestrate perimeter controls, to correctly configure AAA systems, to evaluate risks and manage them.
But when we talk about the supply chain, the context dramatically changes and we risk realising we did not understand it all or we naively transferred our risk to an unaware third party.
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...Kaspersky
A key business goal of any organization is to maintain the constant availability of data and systems that can be trusted for decision-making purposes. The evolving threat landscape has resulted in increasing focus, right to board level, on cybersecurity. IT operational and security teams should demonstrate a comprehensive, cohesive approach in their response to security incidents and data breaches.
Who is responsible for security in the enterprise? Every company takes a different approach, but in many cases, accountability and authority do not reside in the same role. When this happens, it’s hard to tell who is responsible for securing digital assets. No wonder executives are worried.
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Security B-Sides
The following lecture will cover very advanced techniques and trade craft of subversive multi-vector threat's (SMT's) and advanced persistent threats (APTs) by two of the world's leading experts in this specific field. It is important to understand that APT's have a long history and though typically not talked about unless you are dealing with Governments, Defense Industrial Base (DIB), research organizations and global financials are all too real. The techniques and tradecraft associated are so mature and diverse, they literally go undetected. Today’s Internet is far more complex, dynamic and diverse than ever before. Because of this fast-paced evolution within the threat landscape these types of attacks (as we predicted in a recent lecture at ToorCon in October 2009 in San Diego, Ca), have swiftly become mainstream. The telemetry of the attack surface knows no bounds and includes any mediums necessary for the completing their operational charter and missions. In most instances, these attacks are sponsored by nation state and sub-national entities either politically or economically motivated. During our discussion, we will address the history and psychology of these cyber actors as it relates to APTs and while advancing in an in-depth discussion on SMT's, crypto-virology, asymmetric forms of information gathering, recent use cases and next generation countermeasures for detecting and defending these types of attacks. Lastly, as we predicted last fall on the rise of the APT's into the mainstream, we will also leave you with yet another prediction of what to expect in the coming year.
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICESKatherine Duffy
A guide for organizations faced with a ransomware
infection. This guide is split into several sections, with the most
critical and time-sensitive being in the initial response section.
If you are currently experiencing a ransomware incident, it is highly recommended you immediately review the containment section.
Secure Access – Anywhere by Prisma, PaloAltoPrime Infoserv
The purpose of the session is to ensure security on the rapidly scaled work from Home situations during the COVID-19 outbreak. The objective is to ensure that they can securely and rapidly connect to all of their applications, including SaaS, cloud, and data-center applications.
The session will be delivered by Mohammad Faizan Sheikh, Channel Systems Engineer, India & SAARC for Palo Alto Networks..
Peter Wood has worked as an ethical hacker for the past 20 years, with clients in sectors as diverse as banking, insurance, retail and manufacturing. He will describe how advanced persistent threats operate from a security intelligence perspective, based on published case studies and analysis. He will highlight APT entry points and exploitation techniques and suggest practical prevention and detection strategies.
SentinelOne was founded in 2013 by an elite group of cybersecurity and defense experts who share a strong passion for disruption, and a clear vision for a path forward in a post-antivirus era. Building on their experiences learned at Check Point Software Technologies, IBM, Intel Security, Palo Alto Networks, and White Hat Security, the team is committed to the mission of defeating advanced cyber threats and instilling confidence in our digital way of life.
Find out more at https://sentinelone.com
Proactive cyber defence through adversary emulation for improving your securi...idsecconf
Organization using Adversary Emulation plan to develop an attack emulation and/or simulation and execute it against enterprise infrastructure. These activities leverage real-world attacks and TTPs by Threat Actor, so you can identify and finding the gaps in your defense before the real adversary attacking your infrastructure. Adversary Emulation also help security team to get more visibility into their environment. Performing Adversary Emulation continuously to strengthen and improve your defense over the time.
Presentacion realizada en Argentina y Paraguay Durante Marzo 2014.
En Argentina por Faustino Sanchez. En Paraguay por Santiago Cavanna.
Trata sobre el problema de la presencia de vulnerabilidades en aplicaciones, el impacto que tiene en las organizaciones y la forma que se encuentra disponible para descubrirlas en forma temprana y facilitar su remediacion
Links disponibles en
http://www.santiagocavanna.com/segurinfo-2014-el-costo-oculto-de-las-aplicaciones-vulnerables/
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICESKatherine Duffy
A guide for organizations faced with a ransomware
infection. This guide is split into several sections, with the most
critical and time-sensitive being in the initial response section.
If you are currently experiencing a ransomware incident, it is highly recommended you immediately review the containment section.
Secure Access – Anywhere by Prisma, PaloAltoPrime Infoserv
The purpose of the session is to ensure security on the rapidly scaled work from Home situations during the COVID-19 outbreak. The objective is to ensure that they can securely and rapidly connect to all of their applications, including SaaS, cloud, and data-center applications.
The session will be delivered by Mohammad Faizan Sheikh, Channel Systems Engineer, India & SAARC for Palo Alto Networks..
Peter Wood has worked as an ethical hacker for the past 20 years, with clients in sectors as diverse as banking, insurance, retail and manufacturing. He will describe how advanced persistent threats operate from a security intelligence perspective, based on published case studies and analysis. He will highlight APT entry points and exploitation techniques and suggest practical prevention and detection strategies.
SentinelOne was founded in 2013 by an elite group of cybersecurity and defense experts who share a strong passion for disruption, and a clear vision for a path forward in a post-antivirus era. Building on their experiences learned at Check Point Software Technologies, IBM, Intel Security, Palo Alto Networks, and White Hat Security, the team is committed to the mission of defeating advanced cyber threats and instilling confidence in our digital way of life.
Find out more at https://sentinelone.com
Proactive cyber defence through adversary emulation for improving your securi...idsecconf
Organization using Adversary Emulation plan to develop an attack emulation and/or simulation and execute it against enterprise infrastructure. These activities leverage real-world attacks and TTPs by Threat Actor, so you can identify and finding the gaps in your defense before the real adversary attacking your infrastructure. Adversary Emulation also help security team to get more visibility into their environment. Performing Adversary Emulation continuously to strengthen and improve your defense over the time.
Presentacion realizada en Argentina y Paraguay Durante Marzo 2014.
En Argentina por Faustino Sanchez. En Paraguay por Santiago Cavanna.
Trata sobre el problema de la presencia de vulnerabilidades en aplicaciones, el impacto que tiene en las organizaciones y la forma que se encuentra disponible para descubrirlas en forma temprana y facilitar su remediacion
Links disponibles en
http://www.santiagocavanna.com/segurinfo-2014-el-costo-oculto-de-las-aplicaciones-vulnerables/
Palestra do evento "Cybersecurity: a nova era em resposta a incidentes e auditoria de dados"
Sam Maccherola - VP and General Manager Public Sector Guidance Software Inc.
Brasília, 04 de agosto de 2010
All product and company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
Partner with HARMAN Digital Transformation Solutions (DTS) to build products and solutions that address real customer needs in real-time, and accelerate business growth.
Endpoints are everywhere, and endpoint security is evolving. Endpoints also remain the most attractive target for hackers as a point of entry for attacks because they’re connected to the weakest link in enterprise data protection: humans.
View the SlideShare to learn:
--Why evolving threats require increased endpoint defense capabilities.
--What organizations can do to protect against known and unknown threats, while reducing manual processes for administrators.
--The primary capabilities of endpoint detection and response (EDR) tools, and how you can find the right fit for your business.
--Where your organization sits on the endpoint security maturity scale.
--Keys to maturing your endpoint security strategy.
A new generation of products and services is helping organizations keep pace with modern threats and advance beyond traditional, prevention-oriented endpoint protection to a more comprehensive — and realistic — focus on detection and incident response.
Mobile Security: 5 Steps to Mobile Risk ManagementDMIMarketing
Hundreds of companies, and the most demanding Federal agencies rely on DMI for Mobile Security services and solutions. And with more than 500,000 devices under management, we know how to do it right.
Now we’ve distilled 9 years of Mobile Security best practices into a white paper you can download. The paper lays out a smart, sensible approach to managing mobile risk without unnecessary cost and business disruption.
Please be our guest and check out the white paper. You’ll learn:
How to identify and protect against the threats that matter the most
What to do about “the hottest new technologies”
How to get the most protection for the least cost and disruption
The key differences and similarities between Mobile and traditional cybersecurity
- See more at: http://dminc.com/solutions/enterprise-mobility-services/mobilesecuritywp/#sthash.yTptNZRw.dpuf
Media Conglomerate Chooses Lastline For Advanced Malware Protection
Industry: Mass Media
Company: A national media company serving a global audience
Description: Media organization focused on providing business news
Challenge: Provide protection against advanced threats that elude standard virus protection systems
Solution: Lastline Enterprise Hosted
Results: Fill void in security portfolio and protect both company and user base from advanced persistent threats, zero-day attacks, and evasive malware
Five Reasons Why You Need Cloud Investigation & Response AutomationChristopher Doman
With more than 60% of corporate data currently stored in the cloud, cloud computing has influenced a true renaissance in how we manage and deliver applications and services. The appeal of migrating to the cloud is clear – greater speed, agility, flexibility, cost savings, and more. However, digital transformation also poses new security challenges -- especially when it comes to forensics and incident response.
This white paper covers five reasons why you need Cloud Investigation and Response Automation to ensure your organization is equipped to efficiently understand and respond to cloud threats.
Developers are there, attackers are there, you need to be there too!
Cloud experts are hard to find
Risk escalates at cloud speed
Multi-cloud is on the rise
Ephemeral means data
disappears in the blink of an eye
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
2. Why Advanced Threat
Protection and Containment?
Percent of breaches that remain
undiscovered for months or more
“There is widespread agreement that advanced attacks are
bypassing traditional signature-based security… The threat
is real. You are compromised; you just don't know it.”
– Gartner, Inc., 2012
69% of breaches
were spotted by an
external party –
9% were spotted
by customers. 69%
“Prevention is crucial, and we can’t lose sight of that goal.
But we must accept the fact that no barrier is
impenetrable, and detection/response represents an
extremely critical line of defense. Let’s stop treating
itlike a backup plan if things go wrong and start
making it a core part of the plan.”
– Verizon Data Breach Study 2013
3. How big is the problem in terms of dollars?
3
32 days
Average time to resolve a
known cyber attack
$1.04M
Average total cost to the
organization over 32 days
63%
Of enterprises say it’s only a
matter of time until they’re
targeted by APT
4. How big is the problem in terms of resources?
4
86%
Of CISOs say lack of confidence
in ability to manage risk is due to
staffing
81%
Of security leaders say staffing
challenges will remain the same
or get worse over next 5-10 years
2/3’s
Of CISOs say they are short-
staffed and therefore
vulnerable to breaches
5. The Old Security Stack
Prevention DetectionATTACK INFECTION DAMAGE
INFECTION RISK BUSINESS RISK
Firewall
IDS/IPS
Web Security
Email Security
Sandboxing
Host AV/IPS/FW
Resource intensive, inefficient manual
investigation efforts.
“Is this alert real or a false positive?”
ALERT & LOGS
SOC
SIEM
Single Pane of Glass
6. The New Security Stack
Prevention DetectionATTACK INFECTION DAMAGE
INFECTION RISK BUSINESS RISK
NGFW
Endpoint
Containment
Sandboxing
Email Gateway
ALERT & LOGS
SOC
SIEM
Single Pane of Glass
LEGACY
Host AV/IPS/FW
Damballa fills the
security gap
between failed
prevention and
your incident
response
7. Damballa: Automated Breach Defense
› Automatically
identify active
threats
› With certainty
Regardless of
prior visibility or
knowledge of
malware sample,
infection vector
or source
Focus on true,
active infections
Confidently
prioritize response
Proactively block
infections you
haven’t gotten to
Enabling A
Breach Resistant Organization
8. Predictive Security Analytics Platform
Case Analyzer
Platform
Connection
Query
• Indicators of
Compromise
• Threat Actors / Intent
File
Request
• Zero Day Files
• Suspicious HTTP
Content
Domain Fluxing
Automation
Execution
Peer-To-Peer
• Automated Malicious Activity
• Observed Evasion Tactics
Data Transferred
PCAPs
Communication Success
Malicious File Availability
Sequence of Events
Importance of Endpoint
Malware Family Intent
Severity
AV Coverage
Damage Potential
•Observed Activity
•Device Properties
•Threat Sophistication
•Threat Intent
9 Risk
Profilers
Prioritized Risk
of Confirmed
Infections
8 Detection
Engines
Rapid Discovery &
Validation
of Infections
8
9. Damballa Failsafe Architecture
Hub & Spoke | 1 U Appliances | Out of Band
Damballa Failsafe
Data Center Corporate HQ
Data Center Remote Office
Data Center / Office
Sensor Sensor
Backhaul
Sensor
Management
Console
Egress
Proxy
DNS
Proxy
DNS
Egress
Traffic Monitored by Sensor
10. Our Formula – Delivering Predictive
Security Analytics
11. Visibility for Security
and Risk Professionals
Infographics styled
dashboards,
presenting critical
information upon login.
Dashboard Assets Files Reports System Threats
Damballa Failsafe 5.2
Welcome Admin
My Account | Help | Logout
14. Damballa Customer Success:
Breach Defense = Lower Risk
› Augment client teams
before, during,
or install
› Provide threat
analysis & research
Professional
Services
Customer
Support
Customer
Advocacy
Education
& Training
Ensure adoption
& value realization
Provide tech &
functional support
Manage updates &
upgrades
Teach customers
how to use Failsafe
Provide industry
knowledge
16. Global Family Entertainment Company
Saves $2.0M Over 18 Months
Challenge
A major entertainment company suspected persistent threats on their network and
brought in a well-known incident response firm to help. The firm’s evidence was
hard to corroborate and lack of visibility forced IT to constantly perform bare-metal
restores to machines that may or may not have actually been a risk to the
organization.
Solution
The company, which operates many non-Windows devices (Macs, iOS, Android
and even embedded systems), purchased Damballa Failsafe because the solution
is platform-agnostic. “The ability to cover multiple platforms and operating systems
across the enterprise separated Damballa Failsafe from the others.” The company
currently protects over 100,000 enterprise devices throughout the organization.
Result
The company has saved $2.0M in 18 months from improved response capabilities.
“ We’re not wasting
money and time
for truck rolls on
things that aren’t
actually infected.
One hundred percent
of the machines that
Damballa Failsafe
has identified as
infected have in
fact been infected.”
17. Fortune 500 Entertainment Company
Plugs Gaps in Defense
Challenge
A major media company knew their network was slow, and they were spending a lot of
time troubleshooting users systems, related to security. None of their solutions were
alerting them to malicious traffic, so infections remained hidden.
Solution
The company selected Damballa Failsafe to fill the gaps resulting from signature-based
defenses.“Within 48 hours, we saw a clear difference with Damballa Failsafe. We
understood what, where and how the threat activity was occurring, blocked the threat and
triaged that information into an actionable task such as patch management or cleaning up
other security instrumentation.”
Result
The IT team reduced the number of monthly incidents by over 99%.
“ Everybody does
signatures and
sandboxing. Failsafe
does behavior
detection, and that’s
the right ingredient for
our network security
sandwich. Damballa
is the secret sauce we
were missing,” said
their information
security director. ”
18. Major Tech Company Fights APTs
with Lean Security Staff
Challenge
A major technology company needed additional visibility into threats on their network. They
were spending 4-5 days responding to a single malware incident, meaning higher-priority
projects were not getting completed by their small team.
Solution
“We were interested in a company that was focused on researching APTs and innovating in
this space. We wanted strong focus on detection, not a one-box-does-all solution,” said
their Senior IT Security Specialist. The company began its Damballa Failsafe deployment
with one sensor and immediately realized benefits as a result of the added visibility
provided by the product.
Result
Damballa saved more than a week, reducing the time to resolve a threat from hours/days to
less than 20 minutes, depending on the criticality of the threat. Damballa also accelerated
incident response decisions and reactions due to the accurate data and the ability to
pinpoint threats early and easily remediate them.
“ I love the product –
it is extremely easy
to set up and deploy.
In just five to ten
minutes I can have a
new sensor up and
running and see
what’s on the network.”
19. The University of Tampa
Increases Visibility
Challenge
Fostering freedom of learning and exchange of knowledge while protecting the school’s
research and information. “I have two challenges,” said Tammy Clark, CISO. “Protecting
these environments in a manner that allows us to maintain that open culture and being
able to see what the bad guys are doing.”
Solution
The University of Tampa purchased Damballa for its ability to identify active threats and
level of intelligence it provides on command-and-control behavior sets it apart from other
advanced threat detection solutions. “Other technologies don’t provide the same level of
intelligence. Failsafe is like having a pair of eyes on the network that let you see what is
otherwise invisible to the naked eye,” said Clark.
Result
Clark credits Damballa for enabling her team to reduce the time required to respond to an
incident while improving overall network security.
“ Damballa lets us be
highly proactive in
detecting advanced
threats. When we see
network activity in
Failsafe, we can quickly
pivot to other security
controls to see if that
activity is also showing
up somewhere else and
shut it down. There is
a high confidence factor
in the solution being
able to find a threat and
show it to us quickly,
so we can take action
to contain and remediate
it effectively.”
Editor's Notes
More effective discovery is important
Not more alerts
Your problem is not finding more advanced malware; it’s finding the really infected devices
SOURCE #1: 63% - ISACA, “Advanced Persistent Threat Awareness Report” 2013
SOURCE #2: Ponemon Institute, “2013 Costs of Cyber Crime Study,” October 2013
SOURCE #1: 63% - (ISC)2, sixth “Global Information Security Workforce Study (GISWS),” February 2013
SOURCE #2: 86% - Forrester, “Surviving the Technical Security Skills Crisis,” May 2013
SOURCE #3: 81%Forrester, “Surviving the Technical Security Skills Crisis,” May 2013
Damballa Enables Organizations to:
Rapidly identify active threats
With 100% certainty
Without triage efforts or delays
Independent of having a malware sample
Regardless of malware type, infection vector or source
As a Breach Resistant Organization You Can:
Quickly and efficiently stop real losses
Find previously undetected threats
Remove the threats that can cause losses NOW
Increase efficiency, and effectiveness by eliminating alert chasing
Dramatically reduce overall risk
Damballa Enables Organizations to:
Rapidly identify active threats
With 100% certainty
Without triage efforts or delays
Independent of having a malware sample
Regardless of malware type, infection vector or source
As a Breach Resistant Organization You Can:
Quickly and efficiently stop real losses
Find previously undetected threats
Remove the threats that can cause losses NOW
Increase efficiency, and effectiveness by eliminating alert chasing
Dramatically reduce overall risk
Damballa Failsafe uses a hub and spoke distributed computing system architecture. Sensors are placed in key locations within the network to observe all ports of traffic in both directions (Egress, Proxy, and DNS). The Sensors and their Deep Packet Inspections engines listen to traffic passively off a tap or span. The sensors all talk to each other so they can track a devices activity over time. Suspicious evidence is brought back to the management console to be examined by the Case Analyzer and then a verdict is passed. All evidence is presented through the MC.
Because of Our Formula. Damballa has unique access to a very large data set of unfiltered, unstructured and unbiased internet and enterprise network data.
While most security company’s “Labs” are filled with Reverse Malware Engineers, ours is filled with PhD’s, research scientist and Machine Learning experts that apply mathematical algorithms that reveal techniques and infrastructure being used by threat actors…and we’ve been doing this for seven years.
No other security company that has the unique, Big Data that Damballa has…much less that has been applying leading-edge security research and related machine learning for as long as Damballa.
Big Data
-8 trillion records per year
-200GB-300GB of internet and enterprise network data each day
-Malware Samples Analyzed: 100K/day; / 36.5M yr.
-Unique DNS Records: 22B/day; 8T/yr.
-7 Years of Machine Learning Refinement
Machine Learning/Data Science
-7 years
-13 Patents Filed, 2 already granted
-8 Detection Profilers & Expanding
-9 Risk Profilers & Expanding
-Partnerships pivoting from Damballa Discoveries
Engines Leverage Big Data
-Fortune 2000 Enterprises
-Global ISPs & Telcos
-Academic and Industry Partnerships
-Future Proof
-Behavioral
-Example: Domain Fluxing (DGA)
-Example: Peer-To-Peer
Visibility into current security posture for advanced threats
Rapid knowledge of active infections
Which infections are under successful control of an adversary
Which infections pose the highest risk to the organization and which devices have been re-infected.
Dashboards: Average Infection Age, Riskiest Infected Assets, Maliciously Controlled Assets, Infected Assets Over Time,…
Robust reporting, relaying important information regarding the state of your network
Reports: Infection Lifecycle, Malware in Motion, System Health, Incident, Malware Trace…
Robust reporting, relaying important information regarding the state of your network
Reports: Infection Lifecycle, Malware in Motion, System Health, Incident, Malware Trace…