powerful security. operationally simple. - data connectors€¦ · matrix v3.0 cerber v5.0.1 cerber...
TRANSCRIPT
Cool Vendor 2016
People’sChoiceAward2016
Powerful Security.Operationally Simple.
© Morphisec Inc., 2019 | CONFIDENTIAL
Response & Remediation
Detection
IDEAL architecture
Risk & Cost
Attacks
!
Prevention
Prevention
The Most Strategic Element in the Security Architecture
2
© Morphisec Inc., 2019 | CONFIDENTIAL
EXISTING architecture
!Prevention
Response &
Remediation
Detection
Behavioral, AI, Sandbox, Knowledge Based
Risk & Cost
Prevention
The Most Strategic Element in the Security Architecture
Attacks
3
© Morphisec Inc., 2019 | CONFIDENTIAL
UTP
Risk & Cost
Response & Remediation
Detection
MOVING TARGET DEFENSEarchitecture
!Prevention
Real Time , Deterministic, No knowledge
Prevention
The Most Strategic Element in the Security Architecture
Attacks
4
© Morphisec Inc., 2019 | CONFIDENTIAL
The static nature of computer
networks and systems makes
them easy to attack…and
therefore difficult to defend.
The Problem
Phishing
Web/Browser Attacks
Exploits
File and Doc Attacks
Malicious Adware
Server Attacks
POS Systems
Unknown
Vulnerabilities
Lateral Movement
Ransomware and
Miners
Runtime Process
Memory is the
Battleground
Compliance (Win 7,
other)
The Next Generation Cyber Infrastructure (NGCI) Apex Program
5
Supply Chain Attacks
© Morphisec Inc., 2019 | CONFIDENTIAL
Defender’s Advantage:
Unpredictable moving targets
| 6
Our Innovation
Moving Target Defense
Attacker’s Advantage:
Predictable static targets
MOVING TARGET DEFENSE
Proactive PreventionEXISTING SOLUTIONS
Reactive Detection
A Fundamental Change in Cyber Defense
© Morphisec Inc., 2019 | CONFIDENTIAL
ORGANIZATION
Data Center
Network
Command & Control Server
Endpoint
DISK
MEMORY
AV
FW / GW / IPS / IDS
!
A D V A N C E D
Attacks
▪ Advanced attacks use memory resources and vulnerabilities
▪ Memory is used at one or multiple stages in the attack kill chain to penetrate or evade
▪ Traditional security products focus on executables and memory scanning and need to know what, where and when precisely
Moving target defense stops attacks at the initial penetration stage, before malware is downloaded from C2C and even if malware has persisted and tries to evade
Memory
A Mission Critical Battlefield
Malware
App/OS Vulnerabilities
7
© Morphisec Inc., 2019 | CONFIDENTIAL
End Point
Prevention
Prevents zero-days, targeted and unknown attacks
Deterministic
No detection, rules, or prior knowledge
Resilience
Randomization of each process – Moving TargetProcess
Memory
SkeletonProcesssMemory
Moving Target Defense
Implementation
Memory
AV
Disk
!
MorphedProcessMemory
8
© Morphisec Inc., 2019 | CONFIDENTIAL
E-Downloads
PayloadNon-Executable Attachments Zip, Scripts, Payload
Exploitation, OLE, MacroDocuments
Links Shortcuts, Shares, Web
Fileless
Payload
Logical
Web
Payload
Drive by Downloads
Exploit Kits(Prevalent)
Malicious ScriptFlash, Java, VB, Plugins
Payload
Kernel Exploitation
Physical
Network
Kernel ExploitationShellcode Injection User-mode
Persisting Through Kernel
Additional Network Based AttackLateral Movement Payload
ExecutionPre-executionInfiltration
Attacks
Maximize Coverage
9
© Morphisec Inc., 2019 | CONFIDENTIAL
Coverage from Moment Attack Created
Window of Exposure Delayed Start of Coverage
Moving Target Defense
Adobe Flash Zero-Day Attack (CVE 2018 – 4878)
Dec Jan Feb
Status Quo
2018
10
Time
Exposure Collapses to Zero
Attacks
Nov
2017
© Morphisec Inc., 2019 | CONFIDENTIAL
Malware Prevented by Moving Target Defense
2017
Tropic Trooper
Bunitu
Yakes
QakBotSmoke Loader
MyloBot
NymaimHancitor
Vidar Formbook
Ursnif
Ramnit
AZORult
Loki Bot
DanaBot
IcedID BEBLOH
AZORult New Variant
2018
Bunitu
Pushdo/Cutwail
Others
XMRig Miner
CoinMiner
Miner
CCleaner
Agent Tesla
DiamondFox/Gorynch
InfoStealer
WannaCry
NotPetya
Info/Key Stealer
Snatch Loader
Andromeda
Quant Loader
Smoke Loader
Downloader
Globeimposter
GandCrab Dharma
Scarab
GandCrab 4.0/4.1
LockCrypt 2.0
RotorCrypt
MagniberSigma Ransomware
Shade
STOP
Paradise
MVP
Hermes
Legend
Locky/Lukitus
Locky/Diablo6
Gryphon
Globeimposter
Cerber CBRB
Kovter/Locky
Cerber-ML bypass
Revenge
Sage2.2
CryptoShield v2.0
Locky Osiris
MORDOR
Jaff
Philadelphia
Matrix v3.0
Cerber v6.0Cerber v5.0.1
CryptoMix
Shade
Sega2.0
CryptoShieldv1.1
Spora
Nemucod
Mole
Scarab
Sigma
Locky/Asasin
Bad Rabbit
Magniber
Cobra
Ransomware
NanoCore RAT
PcRat/GH0ST
Ammyy RAT Monitor
Imminent
RokRat
Remcos
LatentBot
RAT
Monero Mining
Trickbot
QUANT LOADER
Zeus Panda Banker
Osiris Dropper
Trickbot gtag-sat77
Redaman
Trickbot gtag-del8
Emotet
Chthonic
Hancitor
GOZI-ISFB
Trickbot gtag-sat74
ZeusPanda
Chthonic
Geodo/Emotet
ZeusVM
Dreambot
ZeusPanda
Icedid
Qakbot
Nymaim
ZBot
CoreBot
Trickbot
Ursnif/ISFB
Ramnit
Dridex
Kronos
Banking Trojan
© Morphisec Inc., 2019 | CONFIDENTIAL | 12
Unified Threat Prevention (UTP) Platform
On-Prem, Private/Public Cloud
Enterprise SIEM
Management Server
Install
▪ 2MB user mode agent
▪ SCCM / standard dist
▪ No reboot
▪ No configuration
▪ No rules / policies
Operate▪ Set and forget
▪ Prevention reports
▪ No updates
▪ Offline protection
▪ No CPU consumption
Windows
Virtual App
PC/Laptops Virtual Desktops
Serverless
Linux – Starting Q3/2019
2020
ContainerServer
© Morphisec Inc., 2019 | CONFIDENTIAL
Unknown,In-Memory
File-less attacks
Evasive malware
Exploits
Web / browser attacks File document attack
Supply chain attack
20%Residual
80%Primary
MITIGATED BREACH RISK
Known &
Non-memory
* Extended Supports ends Jan 20’
▪ Lower cost
▪ Higheroperational efficiency
Windows 10
Compensating Control for
Compliance
The Optimal Prevention Stack
Defender AV
Windows 7*
AV
Virtual Patching
MOVING
TARGET
DEFENSE
MOVING
TARGET
DEFENSE
13
| 14© Morphisec Ltd., 2017
Control Strategies for Endpoint Security
Examples
Technology
Deterministic
Prevent
Moving Target
Defense
Dynamically Morph
Runtime Environment
Prescriptive
Detect
App Controls
AV/NGAV
Whitelisting.
Signatures,
Known Patterns
Probabilistic
Find
EDR, Sandboxing
Behavior, AI,
and Detection
Character Easy Less Easy Hard
Impact High, Fast Medium After the Fact
| 15© Morphisec Ltd., 2017
Front-End the Most Important ControlsEasy and Meaningful First
Cost & Effort & Time
Risk
DETERMINISTIC
PreventionMoving Target
Defense
PRESCRIPTIVE
DetectionAV, EPP, NGAV
PROBABILISTIC
Analytics and
DiagnosticsEndpoint Detection &
Response
• 80% of
breaches
• Unknown
attacks
• 20% of
breaches
• Known attacks
© Morphisec Inc., 2019 | CONFIDENTIAL
▪ Instantaneous, early, and effortless
▪ Prevents evasive, unknown attacks
▪ Virtual patch
▪ Shifts costs to attacker
▪ Low TCO
▪ Defense in Depth
▪ Disables attack framework
▪ ‘Set and forget’
▪ Time to value
Challenges Defending Against Advanced Threats
▪ Requires discovery
▪ After the fact
▪ Malware focus
▪ Poor at unknown attacks
▪ Alerts
▪ Complexity
▪ Cost burden on defender
▪ Endless escalation
Time
When
Vectors
Where
ROI
Simplicity
ATT&CK
What
16
Status QuoAV, NGAV, and EDR
© Morphisec Inc., 2019 | CONFIDENTIAL
Operational Savings
Business Enablement
Risk Reduction
MOVING TARGET DEFENSE
Rapid time to value
Simple operations
Reduced cost of stack
Empowers security teams
Operational continuity
User productivity
Proactive prevention
Future-proof
Window 7 compliance
Strategic Value of Prevention
17
Thank You!
18