The Smartest Way to Protect Websites and Web Apps from Attacks

Port 80

Inconvenient Statistics

Port 80

Network Perimeter

App Server

Database of ALL threats are at the Web application layer.Gartner

70%

of organizations have been hacked in the past two years through insecure Web apps.

73%

Ponemon Institute

Hacker ThreatsTargeted Scans

Advanced Persistent Threat (APT)

Targets a specific site for any vulnerability.

Script loaded onto a bot network to carry out attack.

JAN JUNE DEC

Sophisticated, targeted attack (APT). Low and slow to avoid detection.

Library AttacksScript run against multiple sites seeking a specific vulnerability.

IP ScanScript KiddieGeneric scripts and tools against one site.

Scripts & Tool Exploits Targeted Scan

Botnet Human Hacker

The Cost of an Attack

Theft

RevenueReputation

Sony Stolen Records | 100M

Sony Direct Costs | $171M• 28 day network closure• Lost customers• Security improvements

Sony Lawsuits| $1-2B

Ponemon Institute| Average breach costs $214 per record stolen

Deception Points - detect threats without false positives.

Track individual devices

Understand attacker’s capabilities and intent

Adaptive responses, including block, warn and deceive.

The Mykonos Advantage

Deception-based Security

Detect Track Profile Respond

Detection by Deception

App Server

Client

Server Configuration

Network Perimeter

DatabaseFirewall

Query String Parameters

Tar Traps

Hidden Input Fields

Track Attackers Beyond the IP

Track Software and Script AttacksFingerprinting

HTTP communications.

Track Browser AttacksPersistent Token

Capacity to persist in all browsers including various privacy control features.

Track IP Address

Attacker threat level

Smart Profile of Attacker

Incident history

Every attacker assigned a name

Mykonos ResponsesHuman Hacker

Botnet Targeted Scan

IP Scan Scripts &Tools Exploits

Warn attacker Block user Force CAPTCHA Slow connection Simulate broken application Force log-out

Respond and Deceive

All responses are available for any type of threat. Highlighted responses are most appropriate for each type of threat.

Security Administration

• SMTP alerting• Reporting (Pdf, HTML)• CLI for exporting data into SIEM tool

• Web-based console• Real-time• On-demand threat information

Unified Protection Across Platforms

App Server Database

Internal

Virtualized

Cloud

Conn

ectiv

e Ti

ssue

Case Study & Customers“Within 20 minutes, ….we were looking at the activity taking place on our web applications.”

“10% of our traffic was…malicious.”

Keir Asher Senior Technical AnalystBrown Printing

2010 Cool VendorApplication Security

“The smartest buy of the year for any organization with an online presence.” 1st Place Winner, Security Innovators Throwdown 2010

SINET 16 Security Innovator 2011

1st Place Information SecurityWall Street Journal Technology Innovation Awards 2011