anup ghosh

Download Anup Ghosh

Post on 19-Feb-2016

38 views

Category:

Documents

0 download

Embed Size (px)

DESCRIPTION

Anup Ghosh. Founder and CEO Invincea , Inc. www.invincea.com. The Time for Innovation is NOW The Stakes Are Enormous. The Lost Decade of Information Security. Security industry has fundamentally failed in its mission Classifying exploits & victim mentality have inhibited - PowerPoint PPT Presentation

TRANSCRIPT

PowerPoint Presentation

1Anup GhoshFounder and CEO Invincea, Inc.www.invincea.com The Time for Innovation is NOW The Stakes Are EnormousThe Lost Decade of Information Security

Security industry has fundamentally failed in its mission

Classifying exploits & victim mentality have inhibited innovation

Compliance drove mediocrity

Industry fallen in love with crime scene analytics while given up on prevention

List based techniques developed in the 1990s no longer work

The Time for Innovation is NOW The Stakes Are EnormousWe ALL Own This Problem FUD? Or Fact

RSA Epsilon LizaMoon Barracuda Networks Oak Ridge National Labs Sony Lockheed Martin Northrup GrummanGMAIL CitiGannet Military Publications Pacific Northwest National BAH DigiNotarRaytheonUSAF Drones

2011 so far White House eCard OddJob HBGary FederalNight Dragon Tatanga London Stock ExchangeFrench Finance Ministry Dupont, J&J, GE DroidDream Charlieware Nasdaq Office of Australian Prime Minister Comodo

Shady RAT One CampaignDozens of Victims

The Time for Innovation is NOW The Stakes Are EnormousThe User is The Unwitting AccompliceUbiquitous usage of Internet and Email has enabled adversaries to shift tactics Full frontal assaults still exist but it is far easier to prey on the psychology of the user

Spear Phishing The New Black Drive by Downloads Malicious sites Hijacked trusted sites Trust in social networks Facebook and Twitter wormsFaith in Internet search enginesPoisoned SEO User Initiated Infections Fake A/V and fear mongering

ClickClickBoom!

I dont know securitybut I know what I like. Click, click, click

Stan from Accounting| December 2010

Time for a Paradigm Shift 7

The Web is the primary source of malware infection.The better approach is a protective layer that complements existing anti-virus solutions and that never allows those threats to enter the PC environment in the first place.

A new approach to end-point security is needed.

Invincea - Innovating to Combat the Malware Scourge

Take Security decisions out of the users hands Protect the network from the user and the user from himselfput him in a bubble while on the Internet or interfacing with ANY untrusted content

Make the users mistakes irrelevant to the security of your network

Give the user free reign to complete his mission without fear for your overall security footing zero trust with zero drag

Drive real-time situational awareness by making ALL of your desktop browsers and PDF readers malware detectors and forensics agents Addressing the largest attack surface:

Spear PhishingDrive bys Social Network Worms Poisoned SEO User Initiated Infections

Invincea Browser Protection9

The Time for Innovation is NOW The Stakes Are EnormousHost Operating System(native kernel)10Compromise of Normal OS and Browser leads to direct compromise of Host OSHave to reimage entire systemPhysical HardwareBrowserVirtual MachineSeparate OS KernelInvincea Browser ProtectionIncoming Threats

Incoming Threats

VulnerabilityNormal OS and BrowserINVINCEAInvincea provides complete isolation from the Host OS by deploying a Windows XP OS with IE in a virtual environment. Attacks can only exploit vulnerabilities in the virtual OS. This is unlike many Sandbox or Partial Virtualization solutions that can not provide:

Process confinementFile system confinementKernel confinement10Host Operating System(native kernel)11Invincea (Guest Kernel) is distinct from host systemInfections of the virtual browser and kernel do not effect Host OSPhysical HardwareVirtual MachineSeparate OS KernelInvincea Browser ProtectionIncoming Threats

VulnerabilityINVINCEA

Invincea provides complete isolation from the Host OS by deploying a Windows XP OS with IE in a virtual environment. Attacks can only exploit vulnerabilities in the virtual OS. This is unlike many Sandbox or Partial Virtualization solutions that can not provide:

Process confinementFile system confinementKernel confinement11Host Operating System(native kernel)12Invincea (Guest Kernel) is distinct from host systemInfections of the virtual browser and kernel do not effect Host OSPhysical HardwareVirtual Machine(VMWare)Separate OS KernelInvincea Browser ProtectionIncoming Threats

VulnerabilityINVINCEA

Invincea provides complete isolation from the Host OS by deploying a Windows XP OS with IE in a virtual environment. Attacks can only exploit vulnerabilities in the virtual OS. This is unlike many Sandbox or Partial Virtualization solutions that can not provide:

Process confinementFile system confinementKernel confinement12Host Operating System(native kernel)13Invincea (Guest Kernel) is distinct from host systemInfections of the virtual browser and kernel do not effect Host OSPhysical Hardware

Invincea provides complete isolation from the Host OS by deploying a Windows XP OS with IE in a virtual environment. Attacks can only exploit vulnerabilities in the virtual OS. This is unlike many Sandbox or Partial Virtualization solutions that can not provide:

Process confinementFile system confinementKernel confinement13Host Operating System(native kernel)14Invincea (Guest Kernel) is distinct from host systemInfections of the virtual browser and kernel do not effect Host OSPhysical Hardware

Virtual MachineSeparate OS KernelInvincea Browser Protection

INVINCEA

Invincea provides complete isolation from the Host OS by deploying a Windows XP OS with IE in a virtual environment. Attacks can only exploit vulnerabilities in the virtual OS. This is unlike many Sandbox or Partial Virtualization solutions that can not provide:

Process confinementFile system confinementKernel confinement14

CEFInvincea Threat Analyzer

COLLECT INTEL ON THE ADVERSARYInvincea Threat Data Server

Integration showing ArcSight event of interest then search into NetWitness to find related data.

Alert from netwitness into ArcSight Session data available immediately.15Invincea ArcSight Dashboard16

Invincea Event Graph 17

Invincea Named Most Innovative Company at RSA 2011

www.invincea.com

The Time for Innovation is NOW The Stakes Are Enormous

Recommended

View more >