malware labs : unknown malware advanced detection · next generation anti-virus, malware tracking,...

Malware Labs :

Unknown Malware Advanced Detection

Who is

AIUK E N C Y B E R S E C UR ITY ? Aiuken C ybers ecurity is an international

IT S ecurity company, focus ed oncommunications and IT technologies ,s pecialis ed in S ecurity and C loudS ervices s olutions with high addedvalue. Aiuken C ybers ecurity operates in7 countries .

Leading E uropan C ybers ecurity C ompany

1

5 Facts about Aiuken Cybersecurity

❖ Europe Gartner TOP 10 MSSP 2019

❖ Top 400 Financial Times Europe FT1000 Fastest Growing Companies

❖ Over 150 qualified engenieers with over 10 years of experience.

❖ Presence in Europe , Latin America, Africa y Middle East .

❖ +400 Global Enterprise customers.

❖ 40% Annual Growth

2

Global SOC Operations Network

Andora

UAE

Spain

PortugalMarocco

USA

Dominicana

Mexico

Chile

3

120Security EngineersExperienced and Certified

10.000Security DevicesManaged

25.000Security IncidentsProcessed Daily 97.527

Malware SamplesDaily

81.080Phishing URLsDaily

450.000MPSCorrelated

Global Security Operation Centers Power

5

Today’s Malware World

Malware Growing 2018

Total Malware created since 1994

In the last 3 years the total number of new malware grow by 2000 %

A Comprehensive Challenge

Today’s malware is more sophisticated than ever, and traditionalsignature based antivirus is notoriously bad at stopping newer threats,but it’s a cornerstone in most enterprise multi-layer end-point cybersecurity strategies.

Next generation anti-virus, malware tracking, threat hunting, behavioralanalysis, endpoint detection, sandboxing, machine learning, artificialintelligence, reverse engineering. There are several solutions tosupport the inflexible battle against the malware, however, noneincludes all these competences in an Integral Solution.

Aiuken’s Malware Labs Solution® is a threat intelligence platformconstantly updated from multiple sources, designed to help find andrespond effectively in all environments to some malware typeregardless its conduct, morphology, origin or method of propagation.

7

Today’s Unknown Malware World.

Who can you trust?

What is Aiuken’s Malware Labs?

6

Automatic Orchestrationfor

Advanced Malware Analysis“AOAMA”

What is Aiuken’s Malware Labs?

7

“Aiuken Advanced Malware Analysis Platform allows orchestration of machine-based execution of malware investigation actions across a

complex analysis infrastructure”

11

HIGH DETECTION RATE

The malware sample database onthe Aiuken cloud contains morethan 1 billion samples. It quicklydetects whether any uploaded filematches with the malwaresamples.

Aiuken’s Sandboxing can simulaterunning environments and triggerfile activities as creating processes,modifying registry and requestingback chain.

INSTANT DEPLOYMENT

Hillstone Cloud Sandbox isseamlessly integrated with all oursolution portfolio, also integrates aninterface for third-party solutions.Aiuken Malware Labs can bedeployed immediately and seamlesslywithout network disruption.

ANTI-SANDBOX TECHNOLOGY

Support identification and detectionof anti-sandbox malwares. Byhiding the sandbox processinginformation such as kernel modeland registry information, our CloudSandbox can simulate realenvironments running.

To prevent malware frompreventing detection, the platformsimulates manual and interactiveoperations capture the API to

In a few words Malware Labs

What is Aiuken’s Malware Labs?

6

Malware Labs Video

13

Workflow process Malware Labs

APT & CustomReports

Threat Data Feeds

Managed Protection

Threat Intelligence Portal Forensic Training

Incident ResponseService

ForensicData

Discover

Qualify Investigate

Neutralize

Recover

Anti Targeted Attack

Detection and Response

What is Aiuken’s Malware Labs?

8

Specific trojan families + targeted malware

URLsTrojans

Unknown BinariesDocuments

Integration with IT security devicesAutomatic IOCs mitigation

Invisible BitsTrendMicroFortinetAll top vendors

15

Workflow process Malware Labs

The IOCs rules engine integrated in the solution helps provide security informationabout our environments:

o Is this file malicious?o How do we get infected?

o What has this IP done in the past?

o We are engaged?

How is Aiuken’s Malware Labs?

10

MALWARE SOURCESQuality 0day samplesTrojan & countries customer-chosen

ORCHESTRATORCoordination between platform elements

SANDBOXIsolated malware executionIOCs & behaviour extraction

VMs EnvironmentDifferent O.S. (Wos, Xos, Linux, …)Platform for malware execution

NETWORK ISOLATIONElectronic communications forfully emulated corporate target machines

PROFESSIONAL SERVICESFrom setup to delivery consultancyFull support & maintenance services

How is Aiuken’s Malware Labs?

11

Foggy Proxy Network

MongoDB

ORCHESTRATOR

Sandbox Pool

MySQL Elastic

Crystal Reports

SIEM & IPS/IDS Feeds

Dedicated Connection Delfos’ SamplesInternet

18

User portalMalware Labs

How is Aiuken’s Malware Labs?

15

High Quality Malware ~2.000 daily classified malware samples.~60.000 monthly quality malware samples

Fully Classified

Malware types are classified by behaviour:Ransomware trojansFinancial malwareDownloadersRemote Access Trojans

Brand -new, Unknown & 0 -dayMalware

0DAY MALWAREMost of the pieces are unknown to AntiVirusVendors (Oday malware)

Targeted Malware~100 daily malware samples detected in Saudi ArabiaOther countries & specific domains can be included

How is Aiuken’s Malware Labs?

Malware Samples Services

MALWARE SOURCES

15

Use Case: USB real time security test

USB IoT & SCADAUpdate Malware Labs in a box

Malware Detected Malware Clean

Aiuken’s Malware Labs

7

“Aiuken Advanced Malware Analysis Platform is the ONLY platform in the World that combines all Sandboxes vendors with unique

orchestration & automatization, in order to detect ALL kind of KNOWN and UNKNOWN malware, virus and trojans

Is the future for Malware detection and analysis. Today.

Thank You