Cyber Protection requires new thinking

Stops Zero-Day’sStops MalwareStops RansomWare

©2016

Kinetic AttacksAttack Defence Type of

Endpoint

Clubs & Pointed Sticks Stretched Animal Skin Shields Endpoint (E)

Spears with iron tips Hard Shields iron clad E

Swords, Bows & Arrows Wooden Forts and Stone Castles Perimeter (P)

Longbows Castles with high walls P

Gunpowder Muskets & Cannons Stone Castles and Moats P

Repeating rifles & Machine guns Tripwire, Trenches, Barbed Wire P

Tanks & Naval bombardment Landmines & Bunkers P

Aircraft & dropped bombs Anti-Aircraft Guns P & E

Rockets & Guided Missiles SAM P & E

Ballistic Nuclear Weapons Interceptor Missiles & Bunkers P & E

Cyber AttacksAttack Defence Type E/P

Viruses and Worms Signature Based AV E

Polymorphic Malware Signature Based AV with heuristics E

Botnet Command and Control Firewalls, IDS, IPS, AV P

DOS, DDOS Firewalls, IDS, IPS, AV P

Ransomware Firewalls, IDS, IPS, AV P & E

IP Theft Firewalls, IDS, IPS, AV P & E

APTs F, I, I, A, plus White Listing P & E

Zero Day Attacks F, I, I, A, W, Behavioural Sandboxing P & E

Phishing, Spear Phishing, Whaling ? E

SCADA Process Control, ICS attacks ? E

What’s Wrong with Security Tools?

1. Traditional AV is slow bloatware and can’t stop zero-days even with heuristic analysis – Kaspersky found > 121m unique malware samples in 2015

2. Whitelisting – Cumbersome, can’t stop DLL injection, ADS attacks or rootkits (have to whitelist WinLogon & svchost – favourite hacker targets)

3. Reputation based – like an MOT. No standard. False +/-4. Behavioural analysis and sandboxing – like a VW emissions test (it knows!).

Out of band reporting of suspicious behaviour can help to a degree5. Probabilistic analysis in general – will flag but false +/- and requires infections6. Firewalls – have to have open ports which can be abused (encrypted

channels etc)7. IDS/IPS – again probabilistic so false +/- and malware is ‘aware’8. Micro VM – encapsulation of processes and monitoring for errant behaviour

is processor intensive, (currently only available for latest Intel architectures and cannot be used in a safety or mission critical application)

The Abatis HDF Solution

o HDF is a kernel level filter driver of less than 100 KBo Prevention rather than detection followed by clean-upo “Prevents all attempts to write malware to the permanent storage of

the device regardless of system privilege”o Uses fundamental characteristic of malware plus ring-based

architecture of OS to block new binaries with 100% certaintyo Stops ZERO DAY attacks - no performance penalty & no false +ve/–veo Log files stored locally for transfer to CMC or any existing SIEM

product used by the customero Deterministic and proven safe in Safety-Critical, SCADA, etc.o No signature file/white-list updates reduces maintenance cost/timeo Works with all known existing security products

Radically Different

Central Management Console (CMC)

o Central Management Console (CMC) provides facilities for SMEs and Cos. without SIEMs to:o Monitor HDF on an estate

o Retrieve and analyse logs

o Craft policy updates for HDF individually, in groups or globally as required

o CMC and/or Your Enterprise SIEM can:o Identify existing infections such as blocked APT updates

o ‘Clean-up’ existing infection (proven reduction from 3 daysto 2 hours (90% improvement)

o Road map for enterprise APIs for logs and policy management

Energy Saving Capability

o Imperceptible performance impact

o Up to 40% performance (speed) improvement compared to traditional AV

o Massive improvement in laptop battery duration

o Saves 7% of the electricity consumed by server = £35/$60 per server per annum

o Servers run 8°C (15°F) cooler

Evaluation & Report Completed by

Download the management summary report at www.abatis-hdf.com

Protecting New and Legacy Equipment

Windows Version Mainstream Support Ends

Extended Support Ends Market Share %

Windows NT4 Ended 2001 Ended 2004 0.05

Windows 2000 Ended 2005 Ended 2010 0.06

Windows XP Ended 2009 Ended April 2014 19.15

Windows XP Embedded Ended 2011 Ended January 2016 Included above

Windows Vista Ended 2012 Ends April 2017 1.93

Windows 7 Ended January 2015 Ends January 2020 53.01 **

Windows 2003 Server Ended 2010 Ended July 2015 47.9 *

Windows 2008 Web Server Ended July 2013 Ends January 2020 14

Windows 2008 Server Ended January 2015 Ends January 2020 Included above

Windows 8/8.1 Ends 9 January 2018 Ends 10 January 2023 17.81

Windows 10 Ends 13 Oct 2020 Ends 14 Oct 2025 5.38

Windows Server 2012 Ends 9 January 2018 Ends 10 January 2023 31

Abatis – The Company

o Established 2005 at Royal Holloway University of Londono Award winning, innovative, proven and patented software

technology for Windows and Linuxo 10 years development; third-party testing by Lockheed Martin, BAE,

ATOS, GSK, NHS and others to establish TRUST (claims made are validated and verified by organisations who have conducted evals)

o Now in evaluation with SPAWAR, Major Banks, BT, NHS, etc.o Recognised by Forrester Research as “Company to Watch”o US Patent Granted in May 2015, European Patent Pendingo Low profile until patent grant restricted sales to Critical National

Infrastructure, High Integrity Nuclear and Transport

Some Customer Case Studies

Abatis acknowledges all logos are the property of their respective owners

PROSPECTS / IN TESTINGSCADACRITICAL INFRASTRUCTURECOMMERCIAL

Web Site DefacementProtection

E-Tendering Protection

IP Protection

Air Traffic Control

CNI Rail Network

Production System

SCADA&

CCTVProtection

Nuclear PowerMalware Protection

Mega US Bank

Major European Bank

Military Nuclear Defence

Abatis Roadmap Phase One Mobile Devices

o Android Mazar malware can 'wipe phones' spread via SMS

o 500,000,000 Android devices affected by malware that uses "clickjacking" to access the device

o Criminals will target mobile phones with RansomWare

Abatis Roadmap Phase TwoInternet of Things (IOT)

o Over 5 billion connected ‘things’ now

o Some predict that by 2020, the number of Internet-connected things will reach or even exceed 50 billion

o Abatis can already protect some but will have a much broader capability soon to protect internet connected things

Summary

o NEW, Innovative/Disruptive, Patented and Award-Winning Technologyo Stops known and unknown malware in a unique, proactive wayo Provides strong zero -day and targeted attack protection plus benefits of:

– Legacy Preservation (Buys You Time)– SCADA systems protection – proven, credible technical defence– Saves Money (90% lower maintenance & clean-up cost and 7% lower electricity

consumption ~$60 per server per annum)– Zero performance degradation - can be performance enhancing (up to 40%

recovery vs. traditional AV)– Tiny footprint (<100KB) – works everywhere – ideal for Mobile and IoT devices – APT Hunter-Killer can uncover existing infections when used with Central

Management Console (CMC)– Risk-free roll-out using LEARN mode in a try-before-you-buy approach (works

with your existing security products in defence-in-depth approach)

Questions and Contact Details

Alexander Rogan +44 2081237330Managing Directorar@zerodayplus.com

Vlad Georgescu +49 21077155Directorvg@zerodayplus.com

Authorized Reseller:Zero Day Plus anti-malware Ltd.35-37 Ludgate Hill, Office 7London EC4M 7JNUnited Kingdom