View
133
Download
0
Embed Size (px)
Citation preview
Defeat Ransomware and Ward off Extortionists with LightCyber + Ayehu
NOTE:To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholder to insert your own image.
1
Guy NadiviDirector, Business Development
Peter LeeDirector, Professional Services
Todays Webinar is Presented by:
Kasey CrossSr. Product Marketing Manager
2
Behavioral Attack Detection
Magna Platform OverviewNetwork-Centric Detection Agentless & Signature-lessPost-Intrusion: NTA/UEBADifferentiationMost Accurate & Efficient: Proven & Measured SuccessBroadest Context: Network + Endpoint + UserBroadest Attack Coverage with Integrated RemediationVerticals ServedFinance & Insurance Public SectorRetail, Healthcare, LegalService ProvidersMedia, Technology, & MoreOperations OverviewUS HQ - CA EMEA HQ - AmsterdamIL HQ - Ramat GanCustomers World-WideMAGNA
About LightCyber
3
FOUNDED: 2007 (bootstrapped)
FOUNDERS: Gabby NizriYaron Levy
FUNDING: July 2015: $3M Series A, BGV & KEC(Palo Alto & NY)
CUSTOMERS: 100+ Mid-Large Ent. (and growing)
OFFICES:Tel AvivNew York (2015) Bay Area (2016)
EMPLOYEES: 20+(and growing)PRODUCT: eyeShare v4.8 first GA 2009About Ayehu
4
State of Ransomware Ransomware is getting more advanced, using targeted attack techniques to maximize damage$209M paid out by US victims in Q1/2016*38% of companies hit by ransomware in 2016* 38% and 17% of ransomware attacks target the service and manufacturing industries, despite many, high-profile healthcare attacks
* FBI, KnowBe4 Survey of 1,138 companies, Symantec
5
Opportunistic Ransomware Attacks
LaptopFile ServersMalicious Website
kInfected client contacts command and control server and receives a unique cryptographic key User downloads ransomware From a website or opens a malicious email attachmentlRansomware encrypts data on the local client
mRansomware encrypts data on network drives
Infected Email
Command &Control
Internet
6
Targeted Ransomware AttackIntrusion(Seconds Minutes)IntrusionOutside the NetworkActive Breach (Hours - Weeks)Establish BackdoorRecon & Lateral MovementRansomware InstallationInside the Network
Attacker compromises a client or server in thenetworkkAttacker moves laterally to infect asmany machines as possible with ransomware
7
Steps to Defeat Ransomware: Prevention
Educate employees Patch vulnerable client and server software Inspect network traffic for malware Install endpoint protection (anti-virus software) Back up files regularly
8
Challenges with Preventing Ransomware
Polymorphic malware with new strains generated everyday bypass AV signatures Many delivery methods: email, malvertising, compromised sites, targeted attacks May use default processes like Explorer to encrypt files, making it difficult to terminate
9
DMZ
Internet
SPAN
Detection by LightCyber MagnaLateral movement of ransomwarePathfinder identifies anomalous tools and processesEncryption of file servers and sharesSecurity Ecosystem
Servers: DHCP, DNS, AD, File Servers
How LightCyber Detects Targeted RansomwareHow Ransomware SpreadsAttackers gain persistent accessSystem tools and scripts are used Ransomware is installed on other machinesFile servers are encrypted
Ayehu Remediation
Why Automation?
People dont scale very well
11
Ransomware Comprised of 2 Enemies
12
Speed of Response is Critical to Defeat Ransomware
13
Speed of Response is Critical to Defeat Ransomware
Cyber Security IncidentResponse Automation
14
Automating Cyber Security Incident Response
POSSIBLE QUESTIONSDo we really have a ransomware infection? Is only one computer infected? Multiple computers?Did the ransomware infect any shared folders?Have the latest security updates (Antivirus/Patches) been applied to infected computer(s)?
POSSIBLE ACTIONSSend the host to a different VLAN using NAC/IPS.Inform the user via SMS or email.Report every step in the ITSM system.Update watch list for communication with the C&C Server.
RansomwareQuarantine Automatic Playbook
15
Building an Automated Security Playbook
No Programming Required !Over 500 pre-built activitiesOver 150 pre-built workflows / playbooksEasy-to-use drag-and-drop interface
16
Integrating with Your Infrastructure
17
Live Demo!
NOTE:To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholder to insert your own image.
18
Sandboxing
Stateful FW
IPS / IDS
Network AV
SIEMActive Attack Phase(Weeks Months)Intrusion Attempt Phase(Seconds Minutes)
Security ExpenditureIncident Response(Weeks Months)LightCyber Finds Active Threats, Ayehu Eliminates Them
Breach Detection Gap
+Network File Encryption
19
Detect Threats w/LightCyber, Eliminate Them w/Ayehu
+
20
Questions?
NOTE:To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholder to insert your own image.
21
Thank You!
LightCyberAyehuKasey CrossGuy [email protected]@ayehu.comwww.lightcyber.comwww.ayehu.com
NOTE:To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholder to insert your own image.
22