AG
Uploaded byAdrian Guthrie
PPTX, PDF790 views

Malware evolution and Endpoint Detection and Response Technology

The document discusses the evolution of malware through five distinct eras, highlighting the increasing complexity and motivations behind cyber threats, including economic benefits and professionalization of attacks. It also introduces Panda Adaptive Defense, a next-generation endpoint protection that uses big data and machine learning to classify all running processes, enabling real-time detection and blocking of malware. The effectiveness of Adaptive Defense is demonstrated through impressive statistics on malware detection and successful mitigation of security breaches.

Embed presentation

Downloaded 23 times
Evolution of Malware and the Next Generation Endpoint Protection against Targeted Attacks
17/06/2016Malware Evolution 2 Index 1. Malware volume evolution 2. Malware Eras 3. Panda Adaptive Defense 1. What is it 2. Features & Benefits 3. How does it work 4. Successs Story
17/06/2016Malware Evolution 3 Malware samples evolution
Malware volume evolution 17/06/2016Malware Evolution 4
17/06/2016Malware Evolution 5 Malware Eras
1st Era • Very little samples and Malware families • Virus created for fun, some very harmful, others harmless, but no ultimate goal • Slow propagation (months, years) through floppy disks. Some virus are named after the city where it was created or discovered • All samples are analysed by technicians • Sample static analysis and disassembling (reversing) 17/06/2016Malware Evolution 6
17/06/2016Malware Evolution 7 W32.Kriz Jerusalem
2nd Era • Volume of samples starts growing • Internet slowly grows popular, macro viruses appears, mail worm, etc… • In general terms, low complexity viruses, using social engineering via email, limited distribution, they are not massively distributed • Heuristic Techniques • Increased update frequency 17/06/2016Malware Evolution 8
17/06/2016Malware Evolution 9 Melissa Happy 99
3rd Era • Massive worms apparition overloads the internet • Via mail: I Love You • Via exploits: Blaster, Sasser, SqlSlammer • Proactive Technologies • Dynamic: Proteus • Static: KRE & Heuristics Machine Learning • Malware process identification by events analysis of the process: • Access to mail contact list • Internet connection through non-standard port • Multiple connections through port 25 • Auto run key addition • Web browsers hook 17/06/2016Malware Evolution 10
17/06/2016Malware Evolution 11 I love you Blaster
Sasser 17/06/2016Malware Evolution 12
Static proactive technologies Response times reduced to 0 detecting unknown malware Machine Learning algorithms applied to classic classification problems Ours is ALSO a “class” problem: malware vs goodware. 17/06/2016Malware Evolution 13
4th Era • Hackers switched their profile: the main motivation of malware is now an economic benefit, using bank trojans and phishing attacks. • Generalization of droppers/downloaders/EK • The move to Collective Intelligence • Massive file classification. • Knowledge is delivered from the cloud 17/06/2016Malware Evolution 14
17/06/2016Malware Evolution 15 Banbra Tinba
17/06/2016Malware Evolution 16 El salto a la Inteligencia Colectiva La entrega del conocimiento desde la nube como alternativa al fichero de firmas. Escalabilidad de los servicios de entrega de firmas de malware a los clientes mediante la automatización completa de todos los procesos de backend (procesado, clasificación y detección).
Big Data arrival  Current working set of 12 TB  400K million registries  600 GB of samples per day  400 million samples stored Innovation: to make viable the data processing derived from Collective Intelligence strategy, applying Big Data technologies. 17/06/2016Malware Evolution 17
5th Era • First massive cyber-attack against a country, Estonia from Russia. • Anonymous starts a campaign against several organizations (RIAA, MPAA, SGAE, and others) • Malware professionalization • Use of marketing techniques in spam campaigns • Country/Time based malware variant distribution • Ransomware • APTs • Detection by context • Apart from analysing what a process does, the context of execution is also taken into account… 17/06/2016Malware Evolution 18
17/06/2016Malware Evolution 19 Reveton Ransomware
17/06/2016Malware Evolution 20
APTs… 17/06/2016Malware Evolution 21
17/06/2016Malware Evolution 22 - November / December 2013 - 40 millions credit/debit cards stolen - Attack made through the A/C maintenance company - POS - Unknown author - Information deletion - TB of information stolen Sony Pictures computer system down after reported hack Hackers threaten to release 'secrets' onto web
17/06/2016Malware Evolution 23 Carbanak - Year 2013/2014 - 100 affected entities - Countries affected: Russia, Ukraine, USA, Germany, China - ATMs: 7.300.000 US$ - Transfer: 10.000.000 US$ - Total estimated: 1.000.000.000 US$
17/06/2016Adaptive Defense 24 What is Panda Adaptive Defense? The Next Generation Endpoint Protection
17/06/2016Adaptive Defense 25 Panda Adaptive Defense is a new security model which can guarantee complete protection for devices and servers by classifying 100% of the processes running on every computer throughout the organization and monitoring and controlling their behavior. More than 1.2 billion applications already classified. Adaptive Defense new version (1.5) also includes AV engine, adding the disinfection capability. Adaptive Defense could even replace the company antivirus. RESPONSE … and forensic information to analyze each attempted attack in detail VISIBILITY… and traceability of each action taken by the applications running on a system PREVENTION… and blockage of applications and isolation of systems to prevent future attacks DETECTION… and blockage of Zero-day and targeted attacks in real-time without the need for signature files
17/06/2016Adaptive Defense 26 Features and benefits
Daily and on-demand reports Simple, centralized administration from a Web console Better service, simpler management Detailed and configurable monitoring of running applications Protection of vulnerable systems Protection of intellectual assets against targeted attacks Forensic report Protection Productivity Identification and blocking of unauthorized programs Light, easy-to-deploy solution Management
Key Differentiators - Categorizes all running processes on the endpoint minimizing risk of unknown malware: Continuous monitoring and attestation of all processes fills the detection gap of AV products. - Automated investigation of events significantly reduces manual intervention by the security team: Machine learning and collective intelligence in the cloud definitively identifies goodware & blocks malware. - Integrated remediation of identified malware: Instant access to real time and historical data provides full visibility into the timeline of malicious endpoint activity. - Minimal endpoint performance impact (<3%) 17/06/2016Adaptive Defense 28
17/06/2016Adaptive Defense 29 New malware detection capability* Traditional Antivirus (25) Standard Model Extended Model New malware blocked during the first 24 hours 82% 98,8% 100% New malware blocked during the first 7 days 93% 100% 100% New malware blocked during the first 3 months 98% 100% 100% % detections by Adaptive Defense detected by no other antivirus 3,30% Suspicious detections YES NO (no uncertainty) File Classification Universal Agent** Files classified automatically 60,25% 99,56% Classification certainty level 99,928% 99,9991% < 1 error / 100.000 files * Viruses, Trojans, spyware and ransomware received in our Collective Intelligence platform. Hacking tools, PUPS and cookies were not included in this study. Adaptive Defense vs Traditional Antivirus ** Universal Agent technology is included as endpoint protection in all Panda Security solutions
17/06/2016Adaptive Defense 30 Adaptive Defense vs Other Approaches AV vendors WL vendors* New ATD vendors** Detection gap Do not classify all applications Management of WLs required Not all infection vectors covered (i.e. USB drives) No transparent to end-users and admin (false positives, quarantine administration,… ) Complex deployments required Monitoring sandboxes is not as effective as monitoring real environments Expensive work overhead involved ATD vendors do not prevent/block attacks * WL=Whitelisting. Bit9, Lumension, etc ** ATD= Advanced Threat Defense. FireEye, Palo Alto, Sourcefire, etc
17/06/2016Adaptive Defense 31 How does Adaptive Defense work?
A brand-new three phased cloud-based security model 17/06/2016Adaptive Defense 32 1st Phase: Comprehensive monitoring of all the actions triggered by programs on endpoints 2nd Phase: Analysis and correlation of all actions monitored on customers' systems thanks to Data Mining and Big Data Analytics techniques 3rd Phase: Endpoint hardening & enforcement: Blocking of all suspicious or dangerous processes, with notifications to alert network administrators
17/06/2016Adaptive Defense 33 Panda Adaptive Defense Architecture
17/06/2016Adaptive Defense 34 Success Story
Adaptive Defense in figures +1,2 billion applications already categorized +100 deployments. Malware detected in 100% of scenarios +100,000 endpoints and servers protected +200,000 security breaches mitigated in the past year +230,000 hours of IT resources saved  estimated cost reduction of 14,2M€ Lest’s see an example… 17/06/2016Adaptive Defense 35
17/06/2016Adaptive Defense 36 Scenario Description Concept Value PoC length 60 days Machines currently monitored +/- 690 Machines with malware 73 Machines with malware executed 15 Machines with PUP found 91 Executed PUP files 13 Executed files classified 27.942 Concept Value Malware blocked 160 PUP blocked 623 TOTAL threats mitigated 783
17/06/2016Adaptive Defense 37 Software vendor distribution over 100% of executable files
17/06/2016Adaptive Defense 38 Skillbrains Igor Pavilov
17/06/2016Adaptive Defense 39 Sandboxie Holdings LLC Eolsoft
17/06/2016Adaptive Defense 40 Opera SoftwareDropbox Inc.
17/06/2016Adaptive Defense 41 Vulnerable applications Vulnerable applications activity: - … - (22 vulnerable applications in ALL seats = 2074) Vulnerable applications inventory: - Excel v14.0.7 - v15.0 (279) - Firefox v34.0 - v36 (178) - Java v6 – v7 (80)
17/06/2016Adaptive Defense 42 Top Malware
17/06/2016Adaptive Defense 43 Top Malware
17/06/2016Adaptive Defense 44 PUP (Spigot)
17/06/2016Adaptive Defense 45 Potentially confidential information extraction
17/06/2016Adaptive Defense 46 +
Thank you

More Related Content

PPTX
NextGen Endpoint Security for Dummies
byAtif Ghauri
 
PDF
Panda Security - Adaptive Defense
byPanda Security
 
PDF
Panda Security - Adaptive Defense 360
byPanda Security
 
PDF
What’s the State of Your Endpoint Security?
byIBM Security
 
PPT
Redefining Endpoint Security
byBurak DAYIOGLU
 
PDF
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
byKaspersky
 
PDF
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
byinfoLock Technologies
 
PDF
What Is Next-Generation Endpoint Security and Why Do You Need It?
byPriyanka Aash
 
NextGen Endpoint Security for Dummies
byAtif Ghauri
 
Panda Security - Adaptive Defense
byPanda Security
 
Panda Security - Adaptive Defense 360
byPanda Security
 
What’s the State of Your Endpoint Security?
byIBM Security
 
Redefining Endpoint Security
byBurak DAYIOGLU
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
byKaspersky
 
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
byinfoLock Technologies
 
What Is Next-Generation Endpoint Security and Why Do You Need It?
byPriyanka Aash
 

What's hot

PPTX
SOC Architecture Workshop - Part 1
byPriyanka Aash
 
PDF
Panda Security - Endpoint Protection
byPanda Security
 
PPTX
Detect and Respond to Threats Better with IBM Security App Exchange Partners
byIBM Security
 
PPTX
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
byIBM Security
 
PDF
Security operations center 5 security controls
byAlienVault
 
PDF
20 Security Controls for the Cloud
byNetStandard
 
PDF
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
byPriyanka Aash
 
PPTX
The road towards better automotive cybersecurity
byRogue Wave Software
 
PDF
SOC Architecture - Building the NextGen SOC
byPriyanka Aash
 
PDF
The Critical Security Controls and the StealthWatch System
byLancope, Inc.
 
PPTX
What is Next-Generation Antivirus?
byRyan G. Murphy
 
PDF
IDC Security 2014, Endpoint Security in Depth
byKen Tulegenov
 
PDF
Panda Adaptive Defense - The evolution of malware
byPanda Security
 
PDF
IBM Security QFlow & Vflow
byCamilo Fandiño Gómez
 
PPTX
Maturing Endpoint Security: 5 Key Considerations
bySirius
 
PPTX
Is Antivirus (AV) Dead or Just Missing in Action
byQuick Heal Technologies Ltd.
 
PDF
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
byRisk Analysis Consultants, s.r.o.
 
PDF
Evidence-Based Security: The New Top Five Controls
byPriyanka Aash
 
PDF
Wfh security risks - Ed Adams, President, Security Innovation
byPriyanka Aash
 
PDF
SACON16 - SOC Architecture
byShomiron Das Gupta
 
SOC Architecture Workshop - Part 1
byPriyanka Aash
 
Panda Security - Endpoint Protection
byPanda Security
 
Detect and Respond to Threats Better with IBM Security App Exchange Partners
byIBM Security
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
byIBM Security
 
Security operations center 5 security controls
byAlienVault
 
20 Security Controls for the Cloud
byNetStandard
 
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
byPriyanka Aash
 
The road towards better automotive cybersecurity
byRogue Wave Software
 
SOC Architecture - Building the NextGen SOC
byPriyanka Aash
 
The Critical Security Controls and the StealthWatch System
byLancope, Inc.
 
What is Next-Generation Antivirus?
byRyan G. Murphy
 
IDC Security 2014, Endpoint Security in Depth
byKen Tulegenov
 
Panda Adaptive Defense - The evolution of malware
byPanda Security
 
IBM Security QFlow & Vflow
byCamilo Fandiño Gómez
 
Maturing Endpoint Security: 5 Key Considerations
bySirius
 
Is Antivirus (AV) Dead or Just Missing in Action
byQuick Heal Technologies Ltd.
 
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
byRisk Analysis Consultants, s.r.o.
 
Evidence-Based Security: The New Top Five Controls
byPriyanka Aash
 
Wfh security risks - Ed Adams, President, Security Innovation
byPriyanka Aash
 
SACON16 - SOC Architecture
byShomiron Das Gupta
 

Similar to Malware evolution and Endpoint Detection and Response Technology

PPTX
What is Threat Hunting? - Panda Security
byPanda Security
 
PPTX
PowerPoint on advanced network threats.pptx
byAngieloBecenia1
 
PPTX
Microsoft-Defender-for-Business-Customer-Ready-Deck copy.pptx
byNhanT3
 
PDF
Bitdefender - Solution Paper - Active Threat Control
byJose Lopez
 
PPT
Chapter-10 key management and distribution.ppt
byubaidullah75790
 
DOCX
Journal of Computer and System Sciences 80 (2014) 973–993Con
bykarenahmanny4c
 
PPTX
Malware in the Wild: Evolving to Evade Detection
byLastline, Inc.
 
PDF
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
byPanda Security
 
PPTX
[Infographic] The MSP Journey to AI_ML-Powered Detection and Response.pptx
byCompanySeceon
 
PDF
A New Era of Cybersecurity
byDigital Transformation EXPO Event Series
 
DOCX
Journal of Computer and System Sciences 80 (2014) 973–993Con.docx
bycroysierkathey
 
PPTX
Operationalizing Security Intelligence
bySplunk
 
PPTX
Understand How Machine Learning Defends Against Zero-Day Threats
byRahul Mohandas
 
PPTX
Understand How Machine Learning Defends Against Zero-Day Threats
byRahul Mohandas
 
PDF
Adaptive Defense_Case Studies_INDRA_EN
byPhilip Walthew
 
PDF
Declaration of Mal(WAR)e
byNetSPI
 
PDF
Declaration of malWARe
byScott Sutherland
 
PPTX
Splunk EMEA Webinar: Scoping infections and disrupting breaches
bySplunk
 
PDF
NIC2012 - System Center Endpoint Protection 2012
byNicolai Henriksen
 
PDF
Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017
bySplunk
 
What is Threat Hunting? - Panda Security
byPanda Security
 
PowerPoint on advanced network threats.pptx
byAngieloBecenia1
 
Microsoft-Defender-for-Business-Customer-Ready-Deck copy.pptx
byNhanT3
 
Bitdefender - Solution Paper - Active Threat Control
byJose Lopez
 
Chapter-10 key management and distribution.ppt
byubaidullah75790
 
Journal of Computer and System Sciences 80 (2014) 973–993Con
bykarenahmanny4c
 
Malware in the Wild: Evolving to Evade Detection
byLastline, Inc.
 
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
byPanda Security
 
[Infographic] The MSP Journey to AI_ML-Powered Detection and Response.pptx
byCompanySeceon
 
A New Era of Cybersecurity
byDigital Transformation EXPO Event Series
 
Journal of Computer and System Sciences 80 (2014) 973–993Con.docx
bycroysierkathey
 
Operationalizing Security Intelligence
bySplunk
 
Understand How Machine Learning Defends Against Zero-Day Threats
byRahul Mohandas
 
Understand How Machine Learning Defends Against Zero-Day Threats
byRahul Mohandas
 
Adaptive Defense_Case Studies_INDRA_EN
byPhilip Walthew
 
Declaration of Mal(WAR)e
byNetSPI
 
Declaration of malWARe
byScott Sutherland
 
Splunk EMEA Webinar: Scoping infections and disrupting breaches
bySplunk
 
NIC2012 - System Center Endpoint Protection 2012
byNicolai Henriksen
 
Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017
bySplunk
 

Recently uploaded

PDF
From Experiment to Enterprise: Scaling AI Coding Assistants Across Engineerin...
byMaxim Salnikov
 
PDF
Cloud-Based Underwriting Software for Insurance
byInsurance Tech Services
 
PPTX
Modern P&C Insurance Software for Smarter, Faster Operations.pptx
byInsurance Tech Services
 
PDF
DSD-INT 2025 Stochastic flood event generation using wflow and a diffusion do...
byDeltares
 
PDF
How Modern Custom Software is Revolutionizing Mortgage Lending Processes -Ma...
byMatellio
 
PDF
Revolutionising-SQL-Data-Modelling-with-SqlDBM.pdf
bySQL DBM
 
PPTX
application security presentation 2 by harman
byharmanideapad
 
PDF
How NetSuite Cloud ERP Helps Businesses Overcome Legacy System Downtime.
byTechWize
 
PDF
BCS-FACS Peter Landin Semantics Seminar - Formal Methods: Whence and Whither?
byJonathan Bowen
 
PDF
Jeremy Millul - An NYU Computer Science Graduate
byJeremy Millul
 
PPTX
NSF Converter Software to Convert NSF to PST, EML, MSG
byNSF Converter Software
 
PPTX
Lecture 3 - Scheduling - Operating System
bynurulalomador
 
PDF
Cybersecurity Alert- What Organisations Must Watch Out For This Christmas Fes...
byCybernetic Global Intelligence
 
PPTX
1_MIL_Introduction_Influence-of-Media-and-Information-on-Communication (1).pptx
byDeltaDomsMamas1
 
PPTX
Python-Functions-A-Comprehensive-Overview.pptx
byMuhammad Fahad Bashir
 
PDF
Database Management Systems(DBMS):UNIT-I Introduction to Database(DBMS) BCA S...
byKuvempu University
 
PPTX
SAP FICO Training Agenda for new learners
bysasidhar unnagiri
 
PPTX
Week 7 Introduction to HTML PowerPoint Notes.pptx
bylesandawelgens
 
PPTX
List on Python Programming Language.pptx
byRICHARDALONSAGAY1
 
PDF
Database Management Systems(DBMS):UNIT-II Relational Data Model BCA SEP SEM ...
byKuvempu University
 
From Experiment to Enterprise: Scaling AI Coding Assistants Across Engineerin...
byMaxim Salnikov
 
Cloud-Based Underwriting Software for Insurance
byInsurance Tech Services
 
Modern P&C Insurance Software for Smarter, Faster Operations.pptx
byInsurance Tech Services
 
DSD-INT 2025 Stochastic flood event generation using wflow and a diffusion do...
byDeltares
 
How Modern Custom Software is Revolutionizing Mortgage Lending Processes -Ma...
byMatellio
 
Revolutionising-SQL-Data-Modelling-with-SqlDBM.pdf
bySQL DBM
 
application security presentation 2 by harman
byharmanideapad
 
How NetSuite Cloud ERP Helps Businesses Overcome Legacy System Downtime.
byTechWize
 
BCS-FACS Peter Landin Semantics Seminar - Formal Methods: Whence and Whither?
byJonathan Bowen
 
Jeremy Millul - An NYU Computer Science Graduate
byJeremy Millul
 
NSF Converter Software to Convert NSF to PST, EML, MSG
byNSF Converter Software
 
Lecture 3 - Scheduling - Operating System
bynurulalomador
 
Cybersecurity Alert- What Organisations Must Watch Out For This Christmas Fes...
byCybernetic Global Intelligence
 
1_MIL_Introduction_Influence-of-Media-and-Information-on-Communication (1).pptx
byDeltaDomsMamas1
 
Python-Functions-A-Comprehensive-Overview.pptx
byMuhammad Fahad Bashir
 
Database Management Systems(DBMS):UNIT-I Introduction to Database(DBMS) BCA S...
byKuvempu University
 
SAP FICO Training Agenda for new learners
bysasidhar unnagiri
 
Week 7 Introduction to HTML PowerPoint Notes.pptx
bylesandawelgens
 
List on Python Programming Language.pptx
byRICHARDALONSAGAY1
 
Database Management Systems(DBMS):UNIT-II Relational Data Model BCA SEP SEM ...
byKuvempu University
 

Malware evolution and Endpoint Detection and Response Technology

  • 1.
    Evolution of Malwareand the Next Generation Endpoint Protection against Targeted Attacks
  • 2.
    17/06/2016Malware Evolution 2 Index 1.Malware volume evolution 2. Malware Eras 3. Panda Adaptive Defense 1. What is it 2. Features & Benefits 3. How does it work 4. Successs Story
  • 3.
  • 4.
  • 5.
  • 6.
    1st Era • Verylittle samples and Malware families • Virus created for fun, some very harmful, others harmless, but no ultimate goal • Slow propagation (months, years) through floppy disks. Some virus are named after the city where it was created or discovered • All samples are analysed by technicians • Sample static analysis and disassembling (reversing) 17/06/2016Malware Evolution 6
  • 7.
  • 8.
    2nd Era • Volumeof samples starts growing • Internet slowly grows popular, macro viruses appears, mail worm, etc… • In general terms, low complexity viruses, using social engineering via email, limited distribution, they are not massively distributed • Heuristic Techniques • Increased update frequency 17/06/2016Malware Evolution 8
  • 9.
  • 10.
    3rd Era • Massiveworms apparition overloads the internet • Via mail: I Love You • Via exploits: Blaster, Sasser, SqlSlammer • Proactive Technologies • Dynamic: Proteus • Static: KRE & Heuristics Machine Learning • Malware process identification by events analysis of the process: • Access to mail contact list • Internet connection through non-standard port • Multiple connections through port 25 • Auto run key addition • Web browsers hook 17/06/2016Malware Evolution 10
  • 11.
  • 12.
  • 13.
    Static proactive technologies Response timesreduced to 0 detecting unknown malware Machine Learning algorithms applied to classic classification problems Ours is ALSO a “class” problem: malware vs goodware. 17/06/2016Malware Evolution 13
  • 14.
    4th Era • Hackersswitched their profile: the main motivation of malware is now an economic benefit, using bank trojans and phishing attacks. • Generalization of droppers/downloaders/EK • The move to Collective Intelligence • Massive file classification. • Knowledge is delivered from the cloud 17/06/2016Malware Evolution 14
  • 15.
  • 16.
    17/06/2016Malware Evolution 16 Elsalto a la Inteligencia Colectiva La entrega del conocimiento desde la nube como alternativa al fichero de firmas. Escalabilidad de los servicios de entrega de firmas de malware a los clientes mediante la automatización completa de todos los procesos de backend (procesado, clasificación y detección).
  • 17.
    Big Data arrival Current working set of 12 TB  400K million registries  600 GB of samples per day  400 million samples stored Innovation: to make viable the data processing derived from Collective Intelligence strategy, applying Big Data technologies. 17/06/2016Malware Evolution 17
  • 18.
    5th Era • Firstmassive cyber-attack against a country, Estonia from Russia. • Anonymous starts a campaign against several organizations (RIAA, MPAA, SGAE, and others) • Malware professionalization • Use of marketing techniques in spam campaigns • Country/Time based malware variant distribution • Ransomware • APTs • Detection by context • Apart from analysing what a process does, the context of execution is also taken into account… 17/06/2016Malware Evolution 18
  • 19.
  • 20.
  • 21.
  • 22.
    17/06/2016Malware Evolution 22 -November / December 2013 - 40 millions credit/debit cards stolen - Attack made through the A/C maintenance company - POS - Unknown author - Information deletion - TB of information stolen Sony Pictures computer system down after reported hack Hackers threaten to release 'secrets' onto web
  • 23.
    17/06/2016Malware Evolution 23 Carbanak -Year 2013/2014 - 100 affected entities - Countries affected: Russia, Ukraine, USA, Germany, China - ATMs: 7.300.000 US$ - Transfer: 10.000.000 US$ - Total estimated: 1.000.000.000 US$
  • 24.
    17/06/2016Adaptive Defense 24 Whatis Panda Adaptive Defense? The Next Generation Endpoint Protection
  • 25.
    17/06/2016Adaptive Defense 25 PandaAdaptive Defense is a new security model which can guarantee complete protection for devices and servers by classifying 100% of the processes running on every computer throughout the organization and monitoring and controlling their behavior. More than 1.2 billion applications already classified. Adaptive Defense new version (1.5) also includes AV engine, adding the disinfection capability. Adaptive Defense could even replace the company antivirus. RESPONSE … and forensic information to analyze each attempted attack in detail VISIBILITY… and traceability of each action taken by the applications running on a system PREVENTION… and blockage of applications and isolation of systems to prevent future attacks DETECTION… and blockage of Zero-day and targeted attacks in real-time without the need for signature files
  • 26.
  • 27.
    Daily and on-demandreports Simple, centralized administration from a Web console Better service, simpler management Detailed and configurable monitoring of running applications Protection of vulnerable systems Protection of intellectual assets against targeted attacks Forensic report Protection Productivity Identification and blocking of unauthorized programs Light, easy-to-deploy solution Management
  • 28.
    Key Differentiators - Categorizesall running processes on the endpoint minimizing risk of unknown malware: Continuous monitoring and attestation of all processes fills the detection gap of AV products. - Automated investigation of events significantly reduces manual intervention by the security team: Machine learning and collective intelligence in the cloud definitively identifies goodware & blocks malware. - Integrated remediation of identified malware: Instant access to real time and historical data provides full visibility into the timeline of malicious endpoint activity. - Minimal endpoint performance impact (<3%) 17/06/2016Adaptive Defense 28
  • 29.
    17/06/2016Adaptive Defense 29 Newmalware detection capability* Traditional Antivirus (25) Standard Model Extended Model New malware blocked during the first 24 hours 82% 98,8% 100% New malware blocked during the first 7 days 93% 100% 100% New malware blocked during the first 3 months 98% 100% 100% % detections by Adaptive Defense detected by no other antivirus 3,30% Suspicious detections YES NO (no uncertainty) File Classification Universal Agent** Files classified automatically 60,25% 99,56% Classification certainty level 99,928% 99,9991% < 1 error / 100.000 files * Viruses, Trojans, spyware and ransomware received in our Collective Intelligence platform. Hacking tools, PUPS and cookies were not included in this study. Adaptive Defense vs Traditional Antivirus ** Universal Agent technology is included as endpoint protection in all Panda Security solutions
  • 30.
    17/06/2016Adaptive Defense 30 AdaptiveDefense vs Other Approaches AV vendors WL vendors* New ATD vendors** Detection gap Do not classify all applications Management of WLs required Not all infection vectors covered (i.e. USB drives) No transparent to end-users and admin (false positives, quarantine administration,… ) Complex deployments required Monitoring sandboxes is not as effective as monitoring real environments Expensive work overhead involved ATD vendors do not prevent/block attacks * WL=Whitelisting. Bit9, Lumension, etc ** ATD= Advanced Threat Defense. FireEye, Palo Alto, Sourcefire, etc
  • 31.
    17/06/2016Adaptive Defense 31 Howdoes Adaptive Defense work?
  • 32.
    A brand-new threephased cloud-based security model 17/06/2016Adaptive Defense 32 1st Phase: Comprehensive monitoring of all the actions triggered by programs on endpoints 2nd Phase: Analysis and correlation of all actions monitored on customers' systems thanks to Data Mining and Big Data Analytics techniques 3rd Phase: Endpoint hardening & enforcement: Blocking of all suspicious or dangerous processes, with notifications to alert network administrators
  • 33.
    17/06/2016Adaptive Defense 33 PandaAdaptive Defense Architecture
  • 34.
  • 35.
    Adaptive Defense in figures +1,2billion applications already categorized +100 deployments. Malware detected in 100% of scenarios +100,000 endpoints and servers protected +200,000 security breaches mitigated in the past year +230,000 hours of IT resources saved  estimated cost reduction of 14,2M€ Lest’s see an example… 17/06/2016Adaptive Defense 35
  • 36.
    17/06/2016Adaptive Defense 36 Scenario Description ConceptValue PoC length 60 days Machines currently monitored +/- 690 Machines with malware 73 Machines with malware executed 15 Machines with PUP found 91 Executed PUP files 13 Executed files classified 27.942 Concept Value Malware blocked 160 PUP blocked 623 TOTAL threats mitigated 783
  • 37.
    17/06/2016Adaptive Defense 37 Softwarevendor distribution over 100% of executable files
  • 38.
  • 39.
  • 40.
  • 41.
    17/06/2016Adaptive Defense 41 Vulnerable applications Vulnerableapplications activity: - … - (22 vulnerable applications in ALL seats = 2074) Vulnerable applications inventory: - Excel v14.0.7 - v15.0 (279) - Firefox v34.0 - v36 (178) - Java v6 – v7 (80)
  • 42.
  • 43.
  • 44.
  • 45.
    17/06/2016Adaptive Defense 45 Potentiallyconfidential information extraction
  • 46.
  • 47.

Editor's Notes

  • #10 Mw de Macro
  • #12 Mw de Macro
  • #13 Como dato curioso MS ofreció una recompensa de 250.000 dólares a quien diera alguna pista que llevara hasta el autor del mw. Jaschan fue fichado en septiembre de 2004 por Securepoint lo que motivó no pocas quejas en el mundillo e incluso conflictos diplomáticos entre empresas del sector (http://en.wikipedia.org/wiki/Sven_Jaschan)
  • #29 Panda Adaptive Defense is focused on zero day threats, advanced persistent threats, targeted attacks. It is focused on identifying and blocking previously unknown malware. Traditional AV products use known properties like signatures or behaviors to identify malware. The challenge is to protect against malware that has yet to be identified by the AV vendors. Panda Adaptive defense does this by monitoring all running processes on the endpoint. It then uses local capabilities and collective intelligence / big data in the cloud to categorize and attest as to whether an executable is goodware (and not malware). And because it is constantly monitoring all process, it can detect APT malware that may lie dormant for a period of time before being activated. Panda Adaptive Defense goes a step beyond simply providing the security team a slew of IOCs (indicators of compromise). Panda Adaptive Defense leverages collective intelligence to provide a definitive attestation as to whether an executable (and its processes) are malware and It blocks any executable categorized as malware. This automatic investigation saves the security team from having to investigate a large number of IOCs Panda’s experience with remediating malware adds to the capability of Panda Adaptive Defense. Panda Adaptive Defense also logs activities making investigation and remediation a much easier task