©2012 Bit9. All Rights Reserved

Criminal Enterprises• Broad-based and

targeted attacks• Financially motivated• Getting more

sophisticated

Hactivists• Targeted and

destructive attacks• Unpredictable

motivations• Generally less

sophisticated

Nation-States• Targeted and

multi-stage attacks • Motivated by

information and IP• Highly sophisticated,

endless resources

The Advanced Threat Landscape

Acceleration of Intellectual Property Loss: Significant Breaches of 2012

Jan Feb Mar Apr May Jun July Aug Sept OctJan Feb Mar Apr May Jun July Aug Sept Oct Nov

2013 is not starting off any better…..

Recent findings from Mandiant

Telvent (Schneider Electric) successfully hacked into by Comment Crew (cybercrime crew)• Power Grids• Oil & Gas• Transportation• Water• Global services• And more!

Java Problems

Attackers adjust their approach.. Do adjust your defense?

Attackers are shifting to delivering UNKNOWN Malware via FTP and Web Pages (Threatpost.com March 27, 2013 by Christopher Brook)

Palo Alto Networks put out a study recently finding:• Attackers have shifted from email exploits to web-based exploits• Web pages load instantly and can be tweaked on the fly versus waiting for

email attack to work• 94% of undetected malware came from web-browsers or web proxies• 95% of the FTP based exploits were never detected by anti-virus• 97% used non-standard ports to infect systemsPalo Alto recommends the following:• Investigate unknown traffic• Restrict rights to DNS domains• Real-time detection and blocking• More fully deployed antimalware technology

Have Hackers invented something earth shattering?

USA Today on 3/27/13 by Geoff Collins

Hacking is incredibly easy. Survey data consistently shows that 80 to 90 percent of successful breaches of corporate networks required only the most basic techniques. Hacking tools are easily acquired from the Internet, including tools that "crack" passwords in minutes.But consider this: a vast majority of hacks are stunningly simple to deflect.

president of product management at 1E

What they found out….. Really?

Australia's Defense Signals Directorate (DSD) and the U.S. National Security Agency (NSA) independently surveyed the techniques hackers used to successfully penetrate networks. NSA , in partnership with private experts, and DSD each came up with a list of measures that stop almost all attacks.DSD found that just four risk reduction measures block most attacks. Agencies and private companies implementing these measures saw risk fall by 85 percent and, in some cases, to zero.

president of product management at 1E

So what ARE the four simple measures?

First is "Application white-listing," which allows only authorized software to run on a computer or network. Second is very rapid patching of Operating Systems and software. This is very rapid patching of softwareThe fourth is minimizing the number of people on a network who have "administrator" privileges.

president of product management at 1E

©2012 Bit9. All Rights Reserved

©2012 Bit9. All Rights Reserved

©2012 Bit9. All Rights Reserved

©2012 Bit9. All Rights Reserved

©2012 Bit9. All Rights Reserved

©2012 Bit9. All Rights Reserved

Trust-based Security: A New Approach

REQUIREMENTS

Real-time visibilityEvery server/desktop/laptopEvery executable and invocationEvery critical system resource

Define your trust policiesWhat do you trust? (all else is “untrusted” by default)

Apply your trust policiesDetectionProtectionIncident response/forensics

Only trusted software

Desktops/laptops

PC

Mac

Kiosks

Fixed-function

ATMs

Point of sale

Virtual/physical

servers

Cloud-based servers

Mobile

Database • Applications •

Email •Storage •

VDI •Domain •

Controllers •

PROACTIVE1

2

3

©2012 Bit9. All Rights Reserved

©2012 Bit9. All Rights Reserved

©2012 Bit9. All Rights Reserved

Analyze Behavior

Complementary and Integrated Technologies

Proactively Protect

Prioritize Alerts

Scope Infection

Unprecedented Protection Against Advanced Threats

Real-time endpoint sensor

Stops untrusted software

File inventory & audit trail

Desktops/laptop

Fixed-function

Virtual/physical

servers

Network monitoringDetonates files

Malware notifications

web traffic

email

file share

Automatically

Sensor Strategy – Faster Response & Improved Security

Immediate access to any file on any system across the enterprise and automatically submits it for detonation and analysis.

3

4

1 Combine a real-time endpoint sensor and continuous recorder with network detection to automatically confirm and prioritize alerts

2

Automatically configure trust-based endpoint and server protection based on events identified by network file analysis

Immediate enterprise-wide visibility into all systems infected by malware discovered by network detection

Industry FIRSTS:

+

Bit9 Integration with Leaders in Network Security

Incoming files on network

“Detonate” files for analysis

Submit files

Transfer alerts

Next-Generation Network Security

Prioritize alertsProtect endpoints and servers Remediate by identifyingaffected endpoints and servers

Next-GenerationEndpoint and Server

Security

Correlate endpoint/server

and network data

Analyze files on endpoints and servers

Retrieve files from endpoints and

servers

Addressing Critical Security Challenges

“Prioritize: I am receiving network malware alerts, how do I prioritize them?”

“Analyze: an unknown file arrived on an endpoint or server: is it malware?

Did the malware land on my machines?How many machines?Did it execute?How severe is the threat?

How do I immediately ban the malware from all endpoints and servers?

What will it do if I allow it to execute?Should I ban it or approve it?Am I going to approve an APT?

“Protect: How do I stop the malware from spreading?”

1

3

4

2

“Remediate: Where do I start remediation?”Which machines are affected?Who is patient zero?What else happened around this time?

©2012 Bit9. All Rights Reserved