1 © 2016 Jack Henry & Associates, Inc.

FINANCIAL PERFORMANCE RETAIL DELIVERY IMAGING PAYMENT SOLUTIONS INFORMATION SECURITY & RISK MANAGEMENT ONLINE & MOBILE

Gladiator® Incident AlertAllen Eaves

Sabastian Fazzino

Cybersecurity Threat Landscape

• Buffer Overflow

• Service Overwhelm

• Stealth Diagnostics

• DoS

• SQL Injections

• Phishing

• Web Browser Pop-Ups

• VBA, ActiveX Flash Tricks

• OS Specific Attack Tools

• Cross-site Scripting

• SSL-encrypted threats

• Zombie Bots

• RDP Exploits

• Memory

• Scrapping

• Ddos

• Ransomeware

• APT’s

• Spear Phising

• Trageted Attacks

• Drive-by Downloads

• Watering Hole Attacks

Many, Highly Sophisticated,

Significant Impact

Few, Moderately

Sophisticated, Medium Impact

Few, unsophisticated, Low

Impact

• Self Replicating Code

• Password Guessing

• Password Cracking

• Disabling Audits

• Hijacking Sessions

• Exploit Known Vulnerabilites

• Packet Forging & Spoofing

• SPAM

• Back Doors

• Sweeper & Sniffers

3 © 2016 Jack Henry & Associates, Inc.

• Increase cost of data

breaches to $2.1 trillion

globally by 2019

• Increasing to almost four

times the estimated cost of

breaches in 2015

• Rapid digitization of

consumers’ lives and

enterprise records

Cybercrime will Cost Businesses $2 Trillion

Source: JuniperThe Future of Cybercrime & Security: Financial and Corporate Threats & Mitigation

4 © 2016 Jack Henry & Associates, Inc.

• More than 430 million new pieces of malware

in 2015

– 36% increase from 2014

• Attacks targeting businesses with fewer than

250 employees are increasing each year

– 43% of all attacks in 2015 were targeted at

small businesses

More Malware & More Attacks

Symantec Internet Security Threat Report

Single Digit Incident Notifications

Millions of Raw Events a Day

6 © 2016 Jack Henry & Associates, Inc.

1. Server Host IPS

2. Endpoint Security Protection

3. Security Event Log Analysis

4. System and Application Patching

5. Email Protection

6. UTM (Fortinet, SonicWall, Cisco)

7. AMP (Advanced Malware Protection)

8. Incident Alert Sandbox

9. Enterprise Vulnerability Scanning

10. Enterprise Mobility Management

11. JHA Core System & NetTeller Monitoring ESM

12. eSAT – End-user Security Awareness Training

CoreDEFENSE (Managed end to end Security)

1

25

4

5

9

2

4

10

116

8

6

8

10

2

3

4

3

4

3 4

5

5

10

5

12

7

7 © 2016 Jack Henry & Associates, Inc.

• Automated tools have made it simple to author

new, effective malware variants

–5.5 million new variants of malware monthly

–Obfuscation makes it easy to get around pesky

signature based solutions

Why Most Malware Protections Fail

The “Arms Race” is in their favor

35 © 2016 Jack Henry & Associates, Inc.

8 © 2016 Jack Henry & Associates, Inc.

• Signature Based “Safety Net”

AV is Failing, and IPS is not far Behind

Zero Day and

APT attacks – the

Sacrificial Lambs

9 © 2016 Jack Henry & Associates, Inc.

• Solutions must focus on

behavior and threat intelligence

How do we Gain an Edge?

150,000 Malware Variants a Day

Nearly Infinite Exploit Methods

End Users Opening Holes

Attack Sources Expected Behavior Malware Hosting

AV and IPS

focus here

Gladiator® advanced

solutions AMP & IA

focus here

10 © 2016 Jack Henry & Associates, Inc.

• 24/7 Managed Security Services: Integrated with Gladiator® Expert SIEM

Architecture to identify malware and prevent cybersecurity incidents.

• Superior Detection: Detects unknown threats (APTs, ATAs, zero-days, etc.)

specifically designed to evade first-generation APT sandbox appliances.

• Advanced Threat Intelligence: Contains active command and control (C&C)

servers, objects with zero-day exploits, toxic web sites, and malware distribution

points identified as having breach intent.

Gladiator® Incident Alert

11 © 2016 Jack Henry & Associates, Inc.

Incident Alert

Unified Threat Management Security Appliance• FW

• DS/IPS

• AV

• WCF

• VPN

LastLine Sandbox Deep Content Inspection

Security Appliance• Memory

• CPU

• Operating Systems

• Applications

Users

Gladiator® SOCExpert Threat Intelligence SIEM

12 © 2016 Jack Henry & Associates, Inc.

The Deep Content Inspection Difference

Deep Content Inspection Engine

Memory

Dormant code analysis enables LastLine

To identify dormant behavior, enabling

Identification of even the most targeted

malware

Able to inspect memory contents of

malware including encrypted strings

CPU

LastLine emulates computing hardware

enabling visibility into CPU instructions,

system memory and device interaction

Operation Systems

Dynamic analysis of artifacts enable

LastLine to interact with malware

During Hidden execution paths to

identify Evasive behavior

True Kernel Visibility enables

identification and manipulation of stalling

loops, delay tactic and other evasions

used to avoid detection

Applications

Scripts hidden in documents can

Compromise users and server as a

Launch pad for further compromises

Application vulnerabilities exploited by

malware are highly version dependent

13 © 2016 Jack Henry & Associates, Inc.

• In the history of

NSS Labs

evaluations,

Lastline is the

first and only

vendor ever to

score 100%

Security

Effectiveness

with zero false

positives

LastLine | NSS Labs – 100%

14 © 2016 Jack Henry & Associates, Inc.

LastLine – Best in Breed

15 © 2016 Jack Henry & Associates, Inc.

LastLine - Innovation

16 © 2016 Jack Henry & Associates, Inc.

Last Line Analytics

17 © 2016 Jack Henry & Associates, Inc.

• Perimeter Protection

• Malware Protection

• Data Exfiltration

• User Education

• Detailed Reporting

CoreDEFENSE Multi-layered

Web based training w/ quiz & reporting

Content updated regularly

Separate module for Board members

Monthly Security Timely Tips email newsletter

eSAT – Employee Security AwarenessTraining

Incident Alert & Advanced Malware Protection

Gladiator® - SIEM

Sandbox-enabled deep content inspection

Hosted DNS Anomaly Detection Service blocks

connectivity to sites hosting malware

Server SecurityMonitoring

Gladiator® - SIEM

Event log monitoring

Vulnerability scanning

Server IPS

Intrusion Prevention

Gladiator® - SIEM

Monitor all incoming and outgoing traffic

Looking for virus and hacker signatures

Provided by Fortinet, Cisco, SonicWall

Firewall Monitoring & Management

Gladiator® - SIEM

First layer of defense

Protect ports of entry to the financial institution

Raw traffic analysis

Cloud Services DDOS Mitigation

QUESTIONSAllen Eaves

aeaves@jackhenry.com