1 © 2016 Jack Henry & Associates, Inc.
FINANCIAL PERFORMANCE RETAIL DELIVERY IMAGING PAYMENT SOLUTIONS INFORMATION SECURITY & RISK MANAGEMENT ONLINE & MOBILE
Gladiator® Incident AlertAllen Eaves
Sabastian Fazzino
Cybersecurity Threat Landscape
• Buffer Overflow
• Service Overwhelm
• Stealth Diagnostics
• DoS
• SQL Injections
• Phishing
• Web Browser Pop-Ups
• VBA, ActiveX Flash Tricks
• OS Specific Attack Tools
• Cross-site Scripting
• SSL-encrypted threats
• Zombie Bots
• RDP Exploits
• Memory
• Scrapping
• Ddos
• Ransomeware
• APT’s
• Spear Phising
• Trageted Attacks
• Drive-by Downloads
• Watering Hole Attacks
Many, Highly Sophisticated,
Significant Impact
Few, Moderately
Sophisticated, Medium Impact
Few, unsophisticated, Low
Impact
• Self Replicating Code
• Password Guessing
• Password Cracking
• Disabling Audits
• Hijacking Sessions
• Exploit Known Vulnerabilites
• Packet Forging & Spoofing
• SPAM
• Back Doors
• Sweeper & Sniffers
3 © 2016 Jack Henry & Associates, Inc.
• Increase cost of data
breaches to $2.1 trillion
globally by 2019
• Increasing to almost four
times the estimated cost of
breaches in 2015
• Rapid digitization of
consumers’ lives and
enterprise records
Cybercrime will Cost Businesses $2 Trillion
Source: JuniperThe Future of Cybercrime & Security: Financial and Corporate Threats & Mitigation
4 © 2016 Jack Henry & Associates, Inc.
• More than 430 million new pieces of malware
in 2015
– 36% increase from 2014
• Attacks targeting businesses with fewer than
250 employees are increasing each year
– 43% of all attacks in 2015 were targeted at
small businesses
More Malware & More Attacks
Symantec Internet Security Threat Report
6 © 2016 Jack Henry & Associates, Inc.
1. Server Host IPS
2. Endpoint Security Protection
3. Security Event Log Analysis
4. System and Application Patching
5. Email Protection
6. UTM (Fortinet, SonicWall, Cisco)
7. AMP (Advanced Malware Protection)
8. Incident Alert Sandbox
9. Enterprise Vulnerability Scanning
10. Enterprise Mobility Management
11. JHA Core System & NetTeller Monitoring ESM
12. eSAT – End-user Security Awareness Training
CoreDEFENSE (Managed end to end Security)
1
25
4
5
9
2
4
10
116
8
6
8
10
2
3
4
3
4
3 4
5
5
10
5
12
7
7 © 2016 Jack Henry & Associates, Inc.
• Automated tools have made it simple to author
new, effective malware variants
–5.5 million new variants of malware monthly
–Obfuscation makes it easy to get around pesky
signature based solutions
Why Most Malware Protections Fail
The “Arms Race” is in their favor
35 © 2016 Jack Henry & Associates, Inc.
8 © 2016 Jack Henry & Associates, Inc.
• Signature Based “Safety Net”
AV is Failing, and IPS is not far Behind
Zero Day and
APT attacks – the
Sacrificial Lambs
9 © 2016 Jack Henry & Associates, Inc.
• Solutions must focus on
behavior and threat intelligence
How do we Gain an Edge?
150,000 Malware Variants a Day
Nearly Infinite Exploit Methods
End Users Opening Holes
Attack Sources Expected Behavior Malware Hosting
AV and IPS
focus here
Gladiator® advanced
solutions AMP & IA
focus here
10 © 2016 Jack Henry & Associates, Inc.
• 24/7 Managed Security Services: Integrated with Gladiator® Expert SIEM
Architecture to identify malware and prevent cybersecurity incidents.
• Superior Detection: Detects unknown threats (APTs, ATAs, zero-days, etc.)
specifically designed to evade first-generation APT sandbox appliances.
• Advanced Threat Intelligence: Contains active command and control (C&C)
servers, objects with zero-day exploits, toxic web sites, and malware distribution
points identified as having breach intent.
Gladiator® Incident Alert
11 © 2016 Jack Henry & Associates, Inc.
Incident Alert
Unified Threat Management Security Appliance• FW
• DS/IPS
• AV
• WCF
• VPN
LastLine Sandbox Deep Content Inspection
Security Appliance• Memory
• CPU
• Operating Systems
• Applications
Users
Gladiator® SOCExpert Threat Intelligence SIEM
12 © 2016 Jack Henry & Associates, Inc.
The Deep Content Inspection Difference
Deep Content Inspection Engine
Memory
Dormant code analysis enables LastLine
To identify dormant behavior, enabling
Identification of even the most targeted
malware
Able to inspect memory contents of
malware including encrypted strings
CPU
LastLine emulates computing hardware
enabling visibility into CPU instructions,
system memory and device interaction
Operation Systems
Dynamic analysis of artifacts enable
LastLine to interact with malware
During Hidden execution paths to
identify Evasive behavior
True Kernel Visibility enables
identification and manipulation of stalling
loops, delay tactic and other evasions
used to avoid detection
Applications
Scripts hidden in documents can
Compromise users and server as a
Launch pad for further compromises
Application vulnerabilities exploited by
malware are highly version dependent
13 © 2016 Jack Henry & Associates, Inc.
• In the history of
NSS Labs
evaluations,
Lastline is the
first and only
vendor ever to
score 100%
Security
Effectiveness
with zero false
positives
LastLine | NSS Labs – 100%
17 © 2016 Jack Henry & Associates, Inc.
• Perimeter Protection
• Malware Protection
• Data Exfiltration
• User Education
• Detailed Reporting
CoreDEFENSE Multi-layered
Web based training w/ quiz & reporting
Content updated regularly
Separate module for Board members
Monthly Security Timely Tips email newsletter
eSAT – Employee Security AwarenessTraining
Incident Alert & Advanced Malware Protection
Gladiator® - SIEM
Sandbox-enabled deep content inspection
Hosted DNS Anomaly Detection Service blocks
connectivity to sites hosting malware
Server SecurityMonitoring
Gladiator® - SIEM
Event log monitoring
Vulnerability scanning
Server IPS
Intrusion Prevention
Gladiator® - SIEM
Monitor all incoming and outgoing traffic
Looking for virus and hacker signatures
Provided by Fortinet, Cisco, SonicWall
Firewall Monitoring & Management
Gladiator® - SIEM
First layer of defense
Protect ports of entry to the financial institution
Raw traffic analysis
Cloud Services DDOS Mitigation