Upload
invincea-inc
View
407
Download
1
Embed Size (px)
Citation preview
Endpoint Security Evasion
JASON SHUPP, SENIOR SYSTEMS
ENGINEER
INVINCEA, INC.
Meet the Presenter
Jason Shupp is a Senior Systems Engineer at Invincea, Inc. located in Fairfax, Virginia. Jason is a cyber-security expert with 14 years’ experience in the industry. His career started in the United States Marine Corps as a Tactical Network Specialist. Since that time, he has worked for various companies including Symantec, ArcSight and HP. Jason enjoys spending time with his family, sports and most outdoor activities.
Jason
Shupp
Agenda
1. Endpoint Security Evasion
2. Current Endpoint Security Challenges
3. Invincea FreeSpace™ – How it Works
4. Endpoint Security Portrayed in “Real Life”
5. Demonstration
Endpoint Security Evasion
Endpoint Security Evasion
• Hundreds of thousands of variants daily
– It only takes one…
• There is no safe – no barriers
– Failed detection = compromise
• Malware running with elevated privileges
– Stop running processes
– Stop/disable services
• Install more malware!
• Tampering protection
• It sounds all so easy
– And you’re right, it is…
Current Endpoint Security
Challenges
Antivirus Software
• Created in the late 1980’s
• Prevent, detect and remove malicious software
• Detection methodology
1. Signature – known bad file
2. Heuristic – characteristics of known bad
3. Behavioral – actions at run-time
• Protection built solely upon “known” threats
• 450K new variants per day
– (McAfee Labs Threats Report: November 2014)
• Have you read the media?
Other Solutions
• Whitelisting Solutions
– Trust Java.exe – right?
– CNN.com is not compromised today
• Network Based Endpoint Security
– HUH?
– Not at work – secure your computer and turn it off
• Continuous Monitoring Solutions
– SIEM’s have been doing this for years
– There is a needle in that haystack
• Usability, scalability, resource consumption, false positives, etc.
Invincea FreeSpace™
How it Works
Invincea FreeSpace™
Endpoint Innovation
Protect the UserEnterprise Endpoint Application & Data Collection
Application Requirements:
<90 MB RAM, 150 MB free disk
space, Intel/AMD x-86 chipset
Supported Operating Systems:
Windows XP,
Windows 7 32 and 64-bit
Windows 8.1
Invincea Management Server • Threat Data Server Module
• Optional integration to other
technologies
• Config Management Module• Track deployments
• Manage groups
• Maintain audit trail
• Schedule software updates
• Reporting
• Multiple deployment options • Virtual appliance
• Physical appliance
(1u rack-mounted)
• Cloud hosted
Invincea FreeSpace™• Endpoint application
• Priced per seat
• Subscription license
Protection options:
• Browsers (IE, Firefox,
Chrome)
• Office Suite
• PPT
• XLS
• DOC
- Leverages detection
- Automatic termination of suspect activity
Detection
- Automatically created on user login
- Isolated environment to run applications
How it Works
Containment
- No signatures
- Patented behavioral-based detection
Prevention
- Collection upon detection
- File system, process, registry, network…
Intelligence
Endpoint Security in Real Life
Real Life Security - Your Home
Real Life Security - Your Home
Real Life Security - Your Home
Real Life Security - Your Home
Recap
• Front Door = Vulnerable Applications
– Entry point to the Endpoint
• Vulnerable Applications
– Web browsers, Office applications, PDF, Media
players, ZIP
• We’re all running them!
• And the bad guys know it!
• These applications are all vulnerable
– Have been breached
– Will continue to be breached
• So how is Invincea any different?
Invincea Difference
• Traditional security applications are installed side by side
to the vulnerable applications
– They can be broken, disabled or simply not working
• Invincea forces vulnerable applications inside the
product
– Container is the first layer of security
• Breaching the vulnerable application is no longer a
breach
• There will always be vulnerabilities
• Vulnerabilities leading to compromise is thwarted
Demonstration
Demonstration
• Environment
– Virtual Machine - Windows Defender & No Invincea
– Production Laptop - Invincea only
• Demonstration
– Open 2 separate Weaponized Word documents
• Download & execute malware
• Disable Windows Defender
– Download & execute malware
Questions?
Webinar Recording : http://www.invincea.com/2015/01/endpoint-security-evasion/
Demo Request: http://www.invincea.com/get-protected/enterprise-request-form
Invincea Research Edition: www.invincea.com/research-edition
Cynomix: www.cynomix.org
Thank you!
Invincea @Invincea
Jason Shupp
@JasonShuppLearn more about Invincea’s solutions or visit our website at www.invincea.com
Contact us at 1-855-511-5967