Technologies of Tomorrow, Today

John Viega

john@stonewallsoftware.com

Twitter: viega

Why HIPS Sucks

xxx.exexxx.exe

yyy.exeyyy.exe UnpacksUnpacks

Web Reputation

Browser exploits

Adware/ Spyware/ Trojan /Virus High Volume Commercial Email

Affiliations with other risky sites Aggressive Pop-up Marketing

Community reviews/ comments

Real Time / Cloud analysis

omgwtfetc.exe

omgwtfetc.exe

Possible analysis, or random guessing

Possible analysis, or random guessing

OMG, WTF?

ETC…AV Vendor

AV is dead, whitelisting is killing it!

AV is dead, whitelisting is killing it!

Problems Still Remain

• Seeing enough samples• Operational scale• The testing problem• Disabling the product

Herd Technology

xxx.exe

xxx.exe

YYY.exe

YYY.exe UnpacksUnpacks

xxx.exe

xxx.exe

ZZZ.exe

ZZZ.exe UnpacksUnpacks

xxx.exe

xxx.exe

StonewallStonewall

Please Monitor!

xxx.exe is bad!

kthx!

xxx.exe is bad!

Virtualization

Security SWSecurity SW