Encryption is growing with hackers using encrypted traffic to hide. 60% of attacks are now using encryption to hide and the TOP 4 attacks of 2019 Decryption is not the solution with problems of cost, scalability, performances and implementation. The current cyber solutions have limited visibility on encrypted traffic. Barac helps you detect malware and attacks on encrypted traffic without decryption using machine learning and behavioural analytics for real time and high accuracy detection.

1. ENCRYPTED TRAFFIC VISIBILITY
Why Organisations Need Barac
www.barac.io
+44 (0) 20 3983 3155

2. Who are we?
▪ Barac was established in 2017 by business partners Omar Yaacoubi and Mahdi Ben
Hamden
▪ Barac joined the 2017 Barclays Techstars Accelerator Programme
▪ Barclays chose to purchase our solution from outside of the programme for their own
infrastructure
▪ Barac was selected by UK NCSC to join their Cyber Accelerator Programme
▪ Barac has worldwide sales and technical coverage:
▪ London
▪ Boston(US)
▪ Paris
▪ Tunis

3. We are being recognised
“Security Analytics and
Breach Resolution”
WINNER
“Newcomer Security
Company of the Year”
FINALIST
“Best Emerging
Technology”
FINALIST
“Hottest Tech Start-Up”
FINALIST
“Most Innovative
Artificial Intelligence
Security Solution”
FINALIST
“Rookie Security
Company of the Year”
WINNER!
“Best use of Machine
Learning for
Automation”
FINALIST
“Startup of the Year | Artificial
Intelligence in Security”
BRONZE

4. Barac’s Encrypted Traffic Visibility (ETV) solution accurately
and rapidly detects malicious malware, and suspicious
behaviour, hidden within encrypted network traffic.
We do this without decrypting or ‘breaking’ any encrypted
traffic whatsoever.
What do we do?

5. Hype Cycle Threat Facing Tech (2018)
“Evolution of ransomware that leverage encryption for
malware delivery and command-and-control
communications will have higher financial costs because
of the length of time before detection.
The value of network security controls will
decrease because of encrypted web
traffic blindness.”
Industry-wide concern

6. What’s the ‘Cyber’ Issue?
▪ An increasing number of business applications and services are
using encryption as the primary method of securing information
▪ Unfortunately, cyber criminals are using the same method to
disguise their malicious malware
▪ The solution designed to protect information is now being used
against us, at an increasing rate
▪ Over 80% of worldwide internet traffic is estimated to be
encrypted by 2020

7. Current Weaknesses
▪ Limited Visibility : Some servers are now encrypting and decrypting the traffic at
ingress and egress. If there is an exploit in that traffic it will hit the server before
any of their defences can see it
• File less Malware:More and more malware are file less and using encryption to
hide ! those malware such as Emotet and TrickBot are destructive for
organisations
• Limited IDS and MissedMalware:To see information on encrypted traffic, the
organisationwill need to decrypt everything that hits their servers, IDS and SIEM
can not inspect encrypted traffic to detect malware and are missing 50% of
malware activity
▪ DecryptionIssues: Traffic decryption is very expensive, does not scale, hit your
network latency, increase hacking issues with traffic in plain text and will be very
hard to do with TLS 1.3 growing

8. Example of Attacks
10 of the destructive 2019 cyber attacks are using encryption:
1. Emotet – Malware disguising itself as Snowden’s book
2. Trickbot – Trojan that can disable Windows Defender
3. Ryuk Ransomware – Costliest malware ever
4. Sodinokibi – Successor of GandCrab
https://fossbytes.com/top-malware-2019/

9. How do we do it
Barac’s ETV platform
The metadataof the session
is reassembled, over 200
metrics are extracted and
Artificial Intelligence is
applied to those data flows.
Barac can detect the
difference, with high
accuracy, between
legitimate and malicious
encrypted traffic without
decryption, in real time.
And then use internal
processes and procedures
Analysis of encrypted trafficwithout decryption in real time
AI
Tested with Splunk
Qradar and
Arcsight
Siem / Soc
ETV Platform
Collector
Attack Profile
Encrypted Traffic Visibility
Re-Build
SessionMeta Data
Siem / Soc
Risk Score
Web Interface

10. TLS Fingerprinting
Creates false-positive
fatigue: cybersecurity
teams investigating
false attacks but not
focusing on the right
ones
Abnormality Detection
Use fingerprint
informationto detect
customer's browser or
client used to connect
to the platform
Browser Detection
Compliantwith
TLS 1.3
TLS 1.3
Detect the
Operating System
used by the client
using TLS
fingerprinting
OS Detection

11. TLS Fingerprinting
OS
Navigator
Type
Cipher Suite
Elliptic Curve
Packet Length OUT
Extension Supported
Group
Barac’s platform helps you detect with high accuracy
Length Window
Some of the indicators used in detection:

12. Detect Man in the Middle C&C
The malicious use of legitimate services like Pastebin, Dropbox, or other cloud storage
services has also tended to grow. In 2019, 10%of the malware communicated directly
with Pastebin, including Trojans, RATs*, and info stealers to hide !
This activity is impossible to detect without Barac
Affected Server
*Remote Access Trojan(RAT)

13. Data Correlation
▪ Over 200 metrics are correlated via the Barac ETV
▪ Each encrypted setup is measured
▪ This allows for correlationand comparisonof any new setups
▪ The ETV looks for changes in connection parameters
▪ Using this known behaviour, it is possible to highlight anomalies which are risk
scored
▪ This has to be done session-by-sessionbecause there is too much variance if
looking at the network data as a whole

14. Our proven results
False Positives
0.00006%
Reductionin DetectionTime
99.00%
An average of 2 false positives forevery 30,000TLS connections seen. This was based on a
large sample of real-world HTTPS sessions and SSL connection of IoT devices of customers
and tester(s).
Improved
accuracy,
reduced false
positives and
faster response
time
Accuracy in Detecting
99.997%

15. What we detect in real-time
DDOS XSS / SQL
Injection
Man-in-the-
Middle
Crypto Hacking Phishing/
Ransomware
Zero Day Attacks

16. “The attack on the unnamed African financial institution in May 2019
was thwarted when Barac identified suspicious, recurring patterns in
the metadata of a small proportion of the encrypted traffic leaving the
bank’s network”
“Elements of the attack were encrypted in an attempt to evade
detection, and the encrypted certificates used were signed in North
Korea”
“The hackers were using encryption is a particularly clever way.
Knowing the bank would, quite rightly, decrypt all of the data leaving its
organisation, they buried their ‘command and control’ calls home in
these traffic flows, in the hope that they would, evade detection”
”[Barac] scanned the metadata of the encrypted traffic,
using behavioural analytics and artificial intelligence to understand
normal traffic patterns, and to alert on any anomalies”
https://www.computerweekly.com/news/252467937/African-
bank-foils-suspected-North-Korean-cyber-attack
Our Recent Case Study

17. Example Use Cases
Threat detection:
Detect attacksand malware on inbound and outbound encrypted
traffic of financial institutions, telecom operators, government and
critical infrastructure on both their data centres and offices
API Threat detection
Detect threats and malware on APIs for a telecom operator and a
financial instituions without decryption in real time
Compliance
Help financial institutions be compliant with their cryptographic
compliance and detect any weak encryption to be predictive instead
of reactive

18. Third-Party Analyst Views
Barac ETV provides accurate detection with a significant reduction in false
positives, is easy to implement and manage, and maintains a small footprint. It
mitigates the increasing riskof complex cyber attacks and malware hidden within
encrypted traffic.
Barac is unique in both its approach and its accessibility.It provides an affordable,
low-maintenanceand transparent means of network anomalydetection with
extremely high accuracy, while maintainingprivacy, making its ETV platform an
ideal considerationfor protecting an organisation’s data.
Barac’s ETV platform sidesteps the decrypt/re-encrypt paradigm. Its approach is
fundamentally different.It looks at the metadatafor both SSL and TCP/IP traffic
and applies both machine learning and behaviouralanalyticsto it to provide
visibility,detection and response, in that it blocks anythingit deems malicious.

19. Making the encrypted
world more secure
and compliant