Cyber securitySecurity byMultiPoint Ltd.

About MultiPoint

• MultiPoint was founded in April 2009• Managed by Arie Wolman and Ricardo Resnik• A Distributor of Security & Networking Software• Main exclusive product lines:

– GFI Software, Damballa, Accellion, SpectorSoft, Centrify, IronKey, NovaStor, GFI MAX, LiebSoft, DataMotion, Netwrix, etc.

• Certified, Qualified and Credible Technical team• Value Added for the Channel and the End-Users

alike

Main Vendors

Some of our customers

Attack Lifecycle

DAMAGE

BREACHTHREATINFECTION

MALW

ARE

EXPLOIT

TIME

IMPACT

Resource Validation

Preventative Controls

SOC / CIRT

Incident Response Analysis

Professional Services

Marketing / PR

Brand

Loss of Intellectual Property

Because prevention’s not enough!

69%of breaches

Malware was involved in 69% of all breaches, and 95% of all stolen data.

“Prevention is crucial…but detection/response represents an extremely critical line of defense. Let’s stop treating it like a backup plan and start making it a core part of THE plan."

2013 Verizon Data Breach Investigation Report

210days

The average time from breach to detection was 210 days.

Trustwave 2013 Global Security Report

New York Times, January 1, 2013

5%

82 new malware samples were put up against more than 40 antivirus products... the initial detection rate was less than 5 percent.

“Signature-based methods of detecting malware is not keeping up.”

detection rate

Endpoint Security Network Security Systems

Enterprise Assets

? ? ? ? ?? ? ?Infections Identified

AV

HIPSFirew

allFirew

allIDS/IPS

WSG/Proxy

VM/Sandbox

DNS

Alerts Alerts Alerts AlertsAlerts AlertsBlockBlacklist/Signatures

LogsUnknown Threats Logs Logs

Why do these threats go undetected?

87% of victims of data theft had evidence in their log files but failed to identify it.

2011 Data Breach ReportVerizon RISK team

All this noise, how do I identify real infections?

Automation needed to accelerate & improve Detection

66%of breaches remain

undiscovered for months or more

69%of breaches are discovered by parties external to the victim

5%detection rate of 82 new malware

samples by traditional signature-based products

Sources: Verizon, New York Times

MultiPoint empowers end users to…

Adapt Postureenable improvements to

security policies and controls

Optimize Resourcesfocus teams & tools on high-value

activities vs. noisy alerts

Manage Portfoliomeasure performance of

preventative solutions

Rapidly Respondautomate discovery, verification &

prioritization of true infections

The Kill Chain and Risk

Infection Risk

Reconnaissance Weaponization Delivery Exploitation Command & Control Data Exfiltration/Disruption/Damage

Business Risk

After Infection Takes Place, the Game Changes

Infection Risk

Reconnaissance Weaponization Delivery Exploitation Command & Control Data Exfiltration/Disruption/Damage

Infection

Looking at the Threat After It Bypasses Prevention

Initial Infection Update & Repurpose Initial C&C and 2nd Repurpose Evasion Cycle Continues…

Malware is updated/customized

Repository C&C Portals

C&C Proxies

Downloader Repository C&C Portals

C&C Proxies

Downloader

Threat Actors

…

Victim

Dropper

Pay Per Installer

Dropper unpacks on the Victim machine and

runs

Malware is updated/customized

DownloaderUpdater

Cyber Brokers

Malware Author

Prevention features you need for 2014

Patch automation

Vulnerability assessment

Integration

Powerful

»Microsoft®, Mac OS® and major Linux operating systems

»Microsoft and other popular third-party applications

»Security and non-security updates

»More than 4000 critical security applications

»Interactive dashboard

»Workstations, laptops, servers, mobile devices and a wide range of network devices such as printers, switches and routers

»Now checking for up to 50,000 vulnerabilities

Dedicated reports »For PCI DSS, HIPAA, PSN CoCo and other regulations

Improved scanand remediation

performance»Through usage of agents and relay agents

Secunia VIM Overview – Key Facts and BenefitsA proactive approach to vulnerability management

Leader in the field of Vulnerability IntelligencePioneer and industry leader in the research and disclosure of vulnerabilitiesThe market’s largest verified vulnerability database, 45,000+ products.The only vendor that guarantees coverage of your commercially available environmentAward-winning solution Straight forward and simple to set up, maintain and use regardless of the size of an organizationCustomized asset lists mean targeted information based on your exact environmentFilter information based on the asset location or critically, useful for business critical technology which receives less press coverage, e.g.. Lotus NotesDynamic, customized, historic, and automated reporting. Track and document remediation strategies Eliminated information overload sifting through other sources, emails, and bulk RSS feedsPrioritize patch management based on verified real time information

Sandbox technology helpsThreatTrack Security

"Sandbox customization is the

only way to adequately detectand stop targeted

attacks"

 

As a fully customizable platform, ThreatAnalyzer enables you to recreate your entire application stack (including virtual and native environments) in which you can detonate malicious code to see exactly how malware will behave across all your network and systems configurations. Moreover, custom malware determination rules help

Dynamic Malware AnalysisKnow Your Exposure to Cyber ThreatsThreatAnalyzer is the industry's only malware analysis solution that enables you to completely and accurately quantify the risk and exposure your organization faces from any malware threat.

you fine tune ThreatAnalyzer to be on the alert for suspicious behavior and activity that concern you most, such as anomalous access to sensitive systems, data exfiltration to foreign domains, queries made to custom applications and more.

Within minutes of detonating a malware sample, you will know exactly which system configurations on your network are vulnerable to any threat, enabling you to instantly respond by isolating systems and implementing defenses to prevent infections.

Th

reat U

pd

ate

sIn

clu

des

Inte

l, Cla

ssifi

ers

, & A

ttribu

tion

MultiPoint vendors Labs Threat Updates & Discovery Services

Enterprise Assets

ISPsEnterprise

sMultiPoint Vendors

Dom

ain

s

Th

reat

Dis

covery

File

s

Trace

Rep

ort

s

Why GFI LanGuard is so effective?

Scan

Analyze

Remediate

Install

Takes only a few minutes to be up

and running

Agent-less or agent-based

Identify assets (including mobile

devices), find vulnerabilities, missing patches, open ports, services, hardware and software, etc.

Vulnerability level assigned to each computer

Reports, results filtering, network changes history

Check external references

Deploy missing updates,uninstall applications,deploy custom scripts,open remote desktop

connections, etc.

Definitions for vulnerabilities and patches are

continuously updated from GFI® servers to report and

remediate latest threats

Deploy agents

(agent-less)

Powerful interactive dashboard

Damballa Failsafe Architecture

Hub & Spoke | 1 U Appliances | Out of Band

Our Formula – Delivering Predictive Security Analytics

Security 2.0: The New Security Stack

Alerts & Logs

SIEM(Single Pane of

Glass)

SOC

NetworkDVR

Forensics Client

NGFW

Endpoint Containmen

t

Infection Risk Business Risk

Prevention Detection Response(Forensics)

legacy

IPS & HostAV/IPS/FW

Infection Damage

NBADSandboxing

Email Gateway

Predictive Security Analytics

Attack

Advanced Threat Protection

Increasing customer value thru integrations & alliances

Enrich, Correlate viaSIEM & Forensics Block & Inform from Network to Endpoint Accelerate & Prioritize Response

Damballa discovers with certainty & delivers evidence so customers can pivot to…