TekMonksLoginCat Security Software

1

2

Introduction

Today’s Security Challenges

Issues with current solutions

How we secure existing enterprise applications

How we secure ourselves

Summary

Agenda

• Total employee strength – about 100 worldwide.• Revenues exceeding $10 million on an annual basis.• Very strong growth – Operations across 6 countries. • Cash positive, profitable, every year since inception.• Working with the largest Fortune 100 firms and governments

worldwide• We are self funded and stable. Not reliant on external funding.

TekMonks – A bit about us

3

• In 2016, 89% of breaches had a financial or espionage motive.• 85% of hacks are external actors, and 15% are internal• Majority of attacks use phishing and known vulnerabilities in

the security appliances to steal the initial passwords.• 82% of all Cyberattacks started with stealing passwords.• $280 Billion - Total loss to businesses from Cyber-attacks in 2016*2

• $2.1 Trillion - Estimated Cyber Losses in 2019*2

• $74.54 Billion – Google’s 2015 Revenue

Hacking industry is a business that is 3.75 times bigger than Google! Hackers today are a well funded multi-Billion dollar illegal corporations with significant computing and research power, all dedicated to hacking you for profits. from 2016 Data Breach Investigations Report

Cybersecurity – Some startling facts…*

4*2 Forbes: http://www.forbes.com/sites/stevemorgan/2016/01/17/cyber-crime-costs-projected-to-reach-2-trillion-by-2019/#2e21dd3f3bb0

• It takes days for an attacker to “exfiltrate” data – i.e. steal valuable data post attack. It is not the initial breach per-se which causes damage, it is this step of stealing valuable company data – where the attacker is then compromising internal systems and stealing data from them. This step takes days to succeed. It is not instantaneous, but it doesn’t take 3 or 6 months either.

Cybersecurity – time is not on our side…

5

Anatomy of a typical cyberattack – 2016 Data

6

7

A short analysis of the hacker landscape

Just why are things getting worse?Why do hackers succeed more easily lately?

Or – what’s the cause, and thus, the solution to stop these hacks.

• The continued, high frequency of successful cyberattacks against today’s enterprises has made it abundantly clear that traditional, perimeter-centric security strategies e.g. Firewalls, VPNs, while necessary, are no longer sufficient.

• When a hacker is inside the corporate network it is much easier to hide and hack the internal core business applications and assets.

• Internal applications, which run core business today, were designed 10 years ago, or 5 years ago, even 3 years ago – we are in a different world today.

• Rewriting core business applications is not a solution – plus it is a cat and mouse game, by the time they are rewritten, security threats and standards would have evolved.

Network layer security: Necessary but not sufficient

8

• Crackers today are really efficient at breaking passwords.• Deep Blue Supercomputer - around 1999 - beat Garry Kasparov - 11.38 GFLOPS.• Samsung Galaxy S7 with SnapDragon 820 packs 498.5 GFLOPS. The Samsung

Smartphone is approximately 44 times faster than the Deep Blue.• GPU Radeon R9 Fury X2 = 17,204 GLOPS. 1,511 times faster than Deep Blue. • Hackers routinely build rigs with up to 25 of these GPUs, which is 430

TeraFLOPS. https://goo.gl/1nVst6. This is same power as Blue Gene Supercomputer at Livermore Nuclear Laboratory used to simulate nuclear reactions.

• If one thinks passwords are secure because decrypting them will take a lot of computing power – one is not living in the reality of 2016.

9

Just how easy are passwords to hack?

10

Password Cracking Rigs

• Biometric and Thumb? Every thing you touch will now contain your password. This is one of the easiest "security measures" to break. There are at least 7 different currently known ways to defeat this. For example, simple inkjets can be used to defeat fingerprint based authentication.

• Iris Scanning? Megapixel cameras can steal your Iris patterns.

• Facial Identification? Face masks take care of defeating this security measure.• Token / RSA? No longer secure. Quantum computers can hack it very easily.

US Government has already abandoned it. MIT has already developed a Quantum Computer capable of easily hacking RSA.

What about other technologies? Biometrics?

11

12

LoginCatPart 1: How do we secure existing internal and cloud applications?

• How do we secure existing applications, which were written in a different security landscape, use insecure logins and algorithms SHA1, SHA5 or even MD5? We thought we could hide them behind a firewall but clearly that doesn’t work when the hacker is inside!

• We don’t want to modify our critical business applications and add risk – can we secure existing applications as is?

Core Issues

13

• What do we do today to deal with this? Policy to change passwords every 3 months. • But … it takes a hacker days – not months to crack passwords and steal internal data.

3 months is too long!

• Why not change them every day? Or every hour? With really complex computer generated passwords which are very hard to crack.

• A Cybersecurity solution is required to fight such password attacks pro-actively. This solution should be zero trust, and work at the application layer, and it should secures existing applications, without requiring modifications.

This is what LoginCat does.

14

Zero Trust and Application Layer Level Cybersecurity

LoginCat Protection

15

How can people do their work, if passwords change every hour?LoginCat comes with a built in SSO solution which works across all major Cloud and in-house applications. Users no longer need to be aware of their constantly changing passwords, since LoginCat will log them into the end systems.

And … we win even when we loseWhen an application is hacked, LoginCat will either lock out the attackers automatically by changing the credentials – or detect the hack (if the hacker has locked the account) – either way preventing damages.

Secure by design

16

• LoginCat scripting based authentication adapters will work with all your existing applications – Web based, terminal or cloud.

• For the first time have a unified security policy across internal applications and the cloud.

• No changes needed to existing applications. Do they use MD5? SHA1? We still secure them without having to recode them.

• We manage the passwords, change them on a frequent basis, making your existing application un-hackable, and quickly detect any hack attempts.

• Appliance or Cloud Based – bring us on premise with an appliance, or run LoginCat via from our hosted cloud.

17

Easily integrate to your existing applications – Cloud or Appliance

18

LoginCatPart 2: How do we secure ourselves

now?

• First we eliminates passwords. • Pass phrase based authentication – Mathematically proven to be extremely hard to hack,

even with today’s computing power.• Human brains can’t remember good passwords e.g. $@)Nq;F*(.JRwd#$ , but even babies

learn to put together two or three words quickly and make short sentences

• Second we eliminates User IDs as well. We provide no hack targets, zero exposure, zero trust.

Securing LoginCat

19

As the processing speed has increased, passwords are notoriously easy to hack. 8 character passwords take 15 hours to crack.

Secure by design – End of Passwords

20

LoginCat exclusively uses pass phrases instead of passwords. Pass phrases are next to impossible to crack, even with the fastest computers today and tomorrow!

• Edge of network security features.

• Deep security algorithms – beyond IP firewalls LoginCat will analyze incoming login attempts and ban hackers using habit and heuristic analysis.

• Some examples• Pattern analysis of incoming request headers to ban distributed attacks, for example same

request headers from multiple IPs, will trigger off the DDoS attack prevention monitor.• Login from unknown locations, or locations that don’t match mobile devices., • Login at times which don’t match habits, etc.

Secure by design – Algorithm based hack detection

21

• User ID provisioning and instant locking from all internal applications, if needed.

• Constantly updated – TekMonks will provide firmware updates to include latest security and AI algorithms to protect against emerging threats.

• Both mobile (iOS and Android) and web based.

• Readily auditable – provides entire audit history of who logged in, when did someone access an internal application, how long they were active, their IP, mobile or web based access and even their location!

22

Other Benefits

23

Demo

THANK YOU

24