Defeat Ransomware and Ward off Extortionists with LightCyber + Ayehu

NOTE:To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholder to insert your own image.

1

Guy NadiviDirector, Business Development

Peter LeeDirector, Professional Services

Todays Webinar is Presented by:

Kasey CrossSr. Product Marketing Manager

2

Behavioral Attack Detection

Magna Platform OverviewNetwork-Centric Detection Agentless & Signature-lessPost-Intrusion: NTA/UEBADifferentiationMost Accurate & Efficient: Proven & Measured SuccessBroadest Context: Network + Endpoint + UserBroadest Attack Coverage with Integrated RemediationVerticals ServedFinance & Insurance Public SectorRetail, Healthcare, LegalService ProvidersMedia, Technology, & MoreOperations OverviewUS HQ - CA EMEA HQ - AmsterdamIL HQ - Ramat GanCustomers World-WideMAGNA

About LightCyber

3

FOUNDED: 2007 (bootstrapped)

FOUNDERS: Gabby NizriYaron Levy

FUNDING: July 2015: $3M Series A, BGV & KEC(Palo Alto & NY)

CUSTOMERS: 100+ Mid-Large Ent. (and growing)

OFFICES:Tel AvivNew York (2015) Bay Area (2016)

EMPLOYEES: 20+(and growing)PRODUCT: eyeShare v4.8 first GA 2009About Ayehu

4

State of Ransomware Ransomware is getting more advanced, using targeted attack techniques to maximize damage$209M paid out by US victims in Q1/2016*38% of companies hit by ransomware in 2016* 38% and 17% of ransomware attacks target the service and manufacturing industries, despite many, high-profile healthcare attacks

* FBI, KnowBe4 Survey of 1,138 companies, Symantec

5

Opportunistic Ransomware Attacks

LaptopFile ServersMalicious Website

kInfected client contacts command and control server and receives a unique cryptographic key User downloads ransomware From a website or opens a malicious email attachmentlRansomware encrypts data on the local client

mRansomware encrypts data on network drives

Infected Email

Command &Control

Internet

6

Targeted Ransomware AttackIntrusion(Seconds Minutes)IntrusionOutside the NetworkActive Breach (Hours - Weeks)Establish BackdoorRecon & Lateral MovementRansomware InstallationInside the Network

Attacker compromises a client or server in thenetworkkAttacker moves laterally to infect asmany machines as possible with ransomware

7

Steps to Defeat Ransomware: Prevention

Educate employees Patch vulnerable client and server software Inspect network traffic for malware Install endpoint protection (anti-virus software) Back up files regularly

8

Challenges with Preventing Ransomware

Polymorphic malware with new strains generated everyday bypass AV signatures Many delivery methods: email, malvertising, compromised sites, targeted attacks May use default processes like Explorer to encrypt files, making it difficult to terminate

9

DMZ

Internet

SPAN

Detection by LightCyber MagnaLateral movement of ransomwarePathfinder identifies anomalous tools and processesEncryption of file servers and sharesSecurity Ecosystem

Servers: DHCP, DNS, AD, File Servers

How LightCyber Detects Targeted RansomwareHow Ransomware SpreadsAttackers gain persistent accessSystem tools and scripts are used Ransomware is installed on other machinesFile servers are encrypted

Ayehu Remediation

Why Automation?

People dont scale very well

11

Ransomware Comprised of 2 Enemies

12

Speed of Response is Critical to Defeat Ransomware

13

Speed of Response is Critical to Defeat Ransomware

Cyber Security IncidentResponse Automation

14

Automating Cyber Security Incident Response

POSSIBLE QUESTIONSDo we really have a ransomware infection? Is only one computer infected? Multiple computers?Did the ransomware infect any shared folders?Have the latest security updates (Antivirus/Patches) been applied to infected computer(s)?

POSSIBLE ACTIONSSend the host to a different VLAN using NAC/IPS.Inform the user via SMS or email.Report every step in the ITSM system.Update watch list for communication with the C&C Server.

RansomwareQuarantine Automatic Playbook

15

Building an Automated Security Playbook

No Programming Required !Over 500 pre-built activitiesOver 150 pre-built workflows / playbooksEasy-to-use drag-and-drop interface

16

Integrating with Your Infrastructure

17

Live Demo!

NOTE:To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholder to insert your own image.

18

Sandboxing

Stateful FW

IPS / IDS

Network AV

SIEMActive Attack Phase(Weeks Months)Intrusion Attempt Phase(Seconds Minutes)

Security ExpenditureIncident Response(Weeks Months)LightCyber Finds Active Threats, Ayehu Eliminates Them

Breach Detection Gap

+Network File Encryption

19

Detect Threats w/LightCyber, Eliminate Them w/Ayehu

+

20

Questions?

NOTE:To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholder to insert your own image.

21

Thank You!

LightCyberAyehuKasey CrossGuy Nadivikasey@lightcyber.comguy@ayehu.comwww.lightcyber.comwww.ayehu.com

NOTE:To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholder to insert your own image.

22