evolution of malware and the next
play

Evolution of Malware and the Next Generation Endpoint Protection - PowerPoint PPT Presentation

Evolution of Malware and the Next Generation Endpoint Protection against Targeted Attacks Index 1. Malware volume evolution 2. Malware Eras 3. Panda Adaptive Defense 1. What is it 2. Features & Benefits 3. How does it work 4.


  1. Evolution of Malware and the Next Generation Endpoint Protection against Targeted Attacks

  2. Index 1. Malware volume evolution 2. Malware Eras 3. Panda Adaptive Defense 1. What is it 2. Features & Benefits 3. How does it work 4. Successs Story Malware Evolution 02/07/2015 2

  3. Malware samples evolution Malware Evolution 02/07/2015 3

  4. Malware volume evolution Malware Evolution 02/07/2015 4

  5. Malware Eras Malware Evolution 02/07/2015 5

  6. 1 st Era Very little samples and Malware • families Virus created for fun, some very • harmful, others harmless, but no ultimate goal Slow propagation (months, years) • through floppy disks. Some virus are named after the city where it was created or discovered All samples are analysed by • technicians Sample static analysis and • disassembling (reversing) Malware Evolution 02/07/2015 6

  7. W32.Kriz Jerusalem Malware Evolution 02/07/2015 7

  8. 2 nd Era Volume of samples starts growing • Internet slowly grows popular, macro • viruses appears , mail worm, etc… In general terms, low complexity • viruses, using social engineering via email, limited distribution, they are not massively distributed Heuristic Techniques • Increased update frequency • Malware Evolution 02/07/2015 8

  9. Melissa Happy 99 Malware Evolution 02/07/2015 9

  10. 3 rd Era • Massive worms apparition overloads the internet • Via mail: I Love You • Via exploits: Blaster, Sasser, SqlSlammer • Proactive Technologies • Dynamic: Proteus • Static: KRE & Heuristics Machine Learning • Malware process identification by events analysis of the process: • Access to mail contact list • Internet connection through non-standard port • Multiple connections through port 25 • Auto run key addition • Web browsers hook Malware Evolution 02/07/2015 10

  11. I love you Blaster Malware Evolution 02/07/2015 11

  12. Sasser Malware Evolution 02/07/2015 12

  13. Static proactive technologies Response times reduced to 0 detecting unknown malware Machine Learning algorithms applied to classic classification problems Ours is ALSO a “class” problem: malware vs goodware. Malware Evolution 02/07/2015 13

  14. 4 th Era • Hackers switched their profile: the main motivation of malware is now an economic benefit, using bank trojans and phishing attacks. • Generalization of droppers/downloaders/EK • The move to Collective Intelligence • Massive file classification. • Knowledge is delivered from the cloud Malware Evolution 02/07/2015 14

  15. Banbra Tinba Malware Evolution 02/07/2015 15

  16. El salto a la La entrega del conocimiento desde la Inteligencia nube como alternativa al fichero de Colectiva firmas. Escalabilidad de los servicios de entrega de firmas de malware a los clientes mediante la automatización completa de todos los procesos de backend (procesado, clasificación y detección). Malware Evolution 02/07/2015 16

  17. Big Data arrival Innovation: to make viable the data processing derived from Collective Intelligence strategy, applying Big Data technologies.  Current working set of 12 TB  400K million registries  600 GB of samples per day  400 million samples stored Malware Evolution 02/07/2015 17

  18. 5 th Era First massive cyber-attack against a country, • Estonia from Russia. Anonymous starts a campaign against • several organizations (RIAA, MPAA, SGAE, and others) Malware professionalization • Use of marketing techniques in spam • campaigns Country/Time based malware variant • distribution Ransomware • APTs • Detection by context • Apart from analysing what a process does, • the context of execution is also taken into account… Malware Evolution 02/07/2015 18

  19. Reveton Ransomware Malware Evolution 02/07/2015 19

  20. Malware Evolution 02/07/2015 20

  21. APTs … Malware Evolution 02/07/2015 21

  22. Sony Pictures computer system down after reported hack Hackers threaten to release 'secrets' onto web - Unknown author - November / December 2013 - Information deletion - 40 millions credit/debit cards stolen - TB of information stolen - Attack made through the A/C maintenance company - POS Malware Evolution 02/07/2015 22

  23. Carbanak - Year 2013/2014 - ATMs: 7.300.000 US$ - 100 affected entities - Transfer: 10.000.000 US$ - Countries affected: Russia, Ukraine, - Total estimated: 1.000.000.000 US$ USA, Germany, China Malware Evolution 02/07/2015 23

  24. What is Panda Adaptive Defense? The Next Generation Endpoint Protection Adaptive Defense 02/07/2015 24

  25. PREVENTION… and blockage of applications Panda Adaptive Defense is a new security model and isolation of systems to prevent future attacks which can guarantee complete protection for devices and servers by classifying 100% of the processes running on every computer throughout DETECTION… RESPONSE… and blockage and forensic the organization and monitoring and controlling of Zero-day and information their behavior. targeted to analyze attacks in real- each time without the attempted More than 1.2 billion applications already classified. need for attack in signature files detail Adaptive Defense new version (1.5) also includes VISIBILITY… and traceability of each AV engine, adding the disinfection capability. action taken by the Adaptive Defense could even replace the applications running on a system company antivirus. Adaptive Defense 02/07/2015 25

  26. Features and benefits Adaptive Defense 02/07/2015 26

  27. Management Protection Detailed and configurable monitoring Daily and on-demand reports of running applications Simple, centralized Protection of vulnerable systems administration from a Web console Protection of intellectual assets against targeted attacks Better service, simpler management Forensic report Productivity Identification and blocking of unauthorized programs Light, easy-to-deploy solution

  28. Key Differentiators - Categorizes all running processes on the endpoint minimizing risk of unknown malware: Continuous monitoring and attestation of all processes fills the detection gap of AV products. - Automated investigation of events significantly reduces manual intervention by the security team: Machine learning and collective intelligence in the cloud definitively identifies goodware & blocks malware. - Integrated remediation of identified malware: Instant access to real time and historical data provides full visibility into the timeline of malicious endpoint activity. - Minimal endpoint performance impact (<3%) Adaptive Defense 02/07/2015 28

  29. Adaptive Defense vs Traditional Antivirus Traditional New malware detection capability* Antivirus (25) Standard Model Extended Model New malware blocked during the first 24 hours 82% 98,8% 100% New malware blocked during the first 7 days 93% 100% 100% New malware blocked during the first 3 months 98% 100% 100% % detections by Adaptive Defense detected by no other antivirus 3,30% Suspicious detections YES NO (no uncertainty) * Viruses, Trojans, spyware and ransomware received in our Collective Intelligence platform. Hacking tools, PUPS and cookies were not included in this study. Universal File Classification Agent** Files classified automatically 60,25% 99,56% Classification certainty level 99,928% 99,9991% < 1 error / 100.000 files ** Universal Agent technology is included as endpoint protection in all Panda Security solutions Adaptive Defense 02/07/2015 29

  30. Adaptive Defense vs Other Approaches AV vendors WL vendors* New ATD vendors** Detection gap Not all infection vectors covered Management of WLs required Do not classify all applications (i.e. USB drives) No transparent to end-users and admin (false Monitoring sandboxes is not as effective as Complex deployments required positives, quarantine administration,… ) monitoring real environments Expensive work overhead involved ATD vendors do not prevent/block attacks * WL=Whitelisting. Bit9, Lumension, etc ** ATD= Advanced Threat Defense. FireEye, Palo Alto, Sourcefire, etc Adaptive Defense 02/07/2015 30

  31. How does Adaptive Defense work? Adaptive Defense 02/07/2015 31

  32. A brand-new three phased cloud-based security model 2nd Phase: 3rd Phase: 1st Phase: Analysis and correlation of all Endpoint hardening & Comprehensive monitoring of all actions monitored on customers' enforcement: Blocking of all the actions triggered by systems thanks to Data Mining suspicious or dangerous programs on endpoints and Big Data Analytics processes, with notifications to techniques alert network administrators Adaptive Defense 02/07/2015 32

  33. Panda Adaptive Defense Architecture Adaptive Defense 02/07/2015 33

  34. Success Story Adaptive Defense 02/07/2015 34

  35. Adaptive Defense +1,2 billion applications already categorized in figures +100 deployments. Malware detected in 100% of scenarios +100,000 endpoints and servers protected +200,000 security breaches mitigated in the past year +230,000 hours of IT resources saved  estimated cost reduction of 14,2M € Lest’s see an example… Adaptive Defense 02/07/2015 35

Recommend


More recommend