Evolving with the threats - ATEA€¦ · $2.3B 2007 $800M 2014 Locky Ransomware $1.1B 2016...
Transcript of Evolving with the threats - ATEA€¦ · $2.3B 2007 $800M 2014 Locky Ransomware $1.1B 2016...
![Page 1: Evolving with the threats - ATEA€¦ · $2.3B 2007 $800M 2014 Locky Ransomware $1.1B 2016 FinFischer Spyware 2003 $780M Exploit as a Service $500M 2015 TRADITIONAL MALWARE ADVANCED](https://reader033.fdocuments.us/reader033/viewer/2022042606/5f6a5797378eb350cc2d6a6d/html5/thumbnails/1.jpg)
Evolving with the threats
Alexander HägglundSales Engineer – Nordics & Baltics
![Page 2: Evolving with the threats - ATEA€¦ · $2.3B 2007 $800M 2014 Locky Ransomware $1.1B 2016 FinFischer Spyware 2003 $780M Exploit as a Service $500M 2015 TRADITIONAL MALWARE ADVANCED](https://reader033.fdocuments.us/reader033/viewer/2022042606/5f6a5797378eb350cc2d6a6d/html5/thumbnails/2.jpg)
Evolution of IoT
![Page 3: Evolving with the threats - ATEA€¦ · $2.3B 2007 $800M 2014 Locky Ransomware $1.1B 2016 FinFischer Spyware 2003 $780M Exploit as a Service $500M 2015 TRADITIONAL MALWARE ADVANCED](https://reader033.fdocuments.us/reader033/viewer/2022042606/5f6a5797378eb350cc2d6a6d/html5/thumbnails/3.jpg)
3
Melissa Virus
1998
$1.2B
Love LetterWorm
$15B
1999
$2.3B
2007
$800M
2014
LockyRansomware
$1.1B
2016
FinFischerSpyware
2003
$780M
Exploit as aService
$500M
2015
TRADITIONAL MALWARE ADVANCED THREATS
The Evolution of Endpoint ThreatsFrom Malware to Exploits
2009 - INTRODUCTION OF POLYPACK
“CRIMEWARE AS A SERVICE”
![Page 4: Evolving with the threats - ATEA€¦ · $2.3B 2007 $800M 2014 Locky Ransomware $1.1B 2016 FinFischer Spyware 2003 $780M Exploit as a Service $500M 2015 TRADITIONAL MALWARE ADVANCED](https://reader033.fdocuments.us/reader033/viewer/2022042606/5f6a5797378eb350cc2d6a6d/html5/thumbnails/4.jpg)
Traditional Malware Advanced Threats
The Evolution of Endpoint SecurityFrom Anti-Malware to Anti-Exploit to Next-Generation
Exposure Prevention
URL BlockingWeb Scripts
Download Rep
Pre-Exec Analytics
Generic MatchingHeuristicsCore Rules
Signatures
Known MalwareMalware Bits
Run-Time
SignaturelessBehavior AnalyticsRuntime Behavior
Exploit Detection
Technique Identification
![Page 5: Evolving with the threats - ATEA€¦ · $2.3B 2007 $800M 2014 Locky Ransomware $1.1B 2016 FinFischer Spyware 2003 $780M Exploit as a Service $500M 2015 TRADITIONAL MALWARE ADVANCED](https://reader033.fdocuments.us/reader033/viewer/2022042606/5f6a5797378eb350cc2d6a6d/html5/thumbnails/5.jpg)
Exponential growth in new malware27% of all malware variants in history were created in the last 12 months
0
100000
200000
300000
400000
500000
600000
700000
800000
2007 2008 2009 2010 2011 2012 2013 2014 2015 2016
Total Malware (AV-Test)
![Page 6: Evolving with the threats - ATEA€¦ · $2.3B 2007 $800M 2014 Locky Ransomware $1.1B 2016 FinFischer Spyware 2003 $780M Exploit as a Service $500M 2015 TRADITIONAL MALWARE ADVANCED](https://reader033.fdocuments.us/reader033/viewer/2022042606/5f6a5797378eb350cc2d6a6d/html5/thumbnails/6.jpg)
Machine learning – Is it the answer?
![Page 7: Evolving with the threats - ATEA€¦ · $2.3B 2007 $800M 2014 Locky Ransomware $1.1B 2016 FinFischer Spyware 2003 $780M Exploit as a Service $500M 2015 TRADITIONAL MALWARE ADVANCED](https://reader033.fdocuments.us/reader033/viewer/2022042606/5f6a5797378eb350cc2d6a6d/html5/thumbnails/7.jpg)
Machine Learning: Image Recognition
![Page 8: Evolving with the threats - ATEA€¦ · $2.3B 2007 $800M 2014 Locky Ransomware $1.1B 2016 FinFischer Spyware 2003 $780M Exploit as a Service $500M 2015 TRADITIONAL MALWARE ADVANCED](https://reader033.fdocuments.us/reader033/viewer/2022042606/5f6a5797378eb350cc2d6a6d/html5/thumbnails/8.jpg)
Machine Learning Framework – Image Recognition
8
= “cat”
= “tomato”
= “apple”
![Page 9: Evolving with the threats - ATEA€¦ · $2.3B 2007 $800M 2014 Locky Ransomware $1.1B 2016 FinFischer Spyware 2003 $780M Exploit as a Service $500M 2015 TRADITIONAL MALWARE ADVANCED](https://reader033.fdocuments.us/reader033/viewer/2022042606/5f6a5797378eb350cc2d6a6d/html5/thumbnails/9.jpg)
Machine Learning for Malware Detection
9
= “bad program” aka malware
= “good program” aka benignware
![Page 10: Evolving with the threats - ATEA€¦ · $2.3B 2007 $800M 2014 Locky Ransomware $1.1B 2016 FinFischer Spyware 2003 $780M Exploit as a Service $500M 2015 TRADITIONAL MALWARE ADVANCED](https://reader033.fdocuments.us/reader033/viewer/2022042606/5f6a5797378eb350cc2d6a6d/html5/thumbnails/10.jpg)
Why Deep Learning?
10
![Page 11: Evolving with the threats - ATEA€¦ · $2.3B 2007 $800M 2014 Locky Ransomware $1.1B 2016 FinFischer Spyware 2003 $780M Exploit as a Service $500M 2015 TRADITIONAL MALWARE ADVANCED](https://reader033.fdocuments.us/reader033/viewer/2022042606/5f6a5797378eb350cc2d6a6d/html5/thumbnails/11.jpg)
Machine Learning Vs. Deep Learning
11
DEE
P L
EAR
NIN
G
Interconnected Layers of Neurons, Each Identifying More Complex Features
INPUT OUTPUT
OUTPUT
MA
CH
INE
LEA
RN
ING
Decision Tree
INPUT
Random Forest
OUTPUTINPUT
Sophos Confidential
![Page 12: Evolving with the threats - ATEA€¦ · $2.3B 2007 $800M 2014 Locky Ransomware $1.1B 2016 FinFischer Spyware 2003 $780M Exploit as a Service $500M 2015 TRADITIONAL MALWARE ADVANCED](https://reader033.fdocuments.us/reader033/viewer/2022042606/5f6a5797378eb350cc2d6a6d/html5/thumbnails/12.jpg)
We’re secure now, right?
![Page 13: Evolving with the threats - ATEA€¦ · $2.3B 2007 $800M 2014 Locky Ransomware $1.1B 2016 FinFischer Spyware 2003 $780M Exploit as a Service $500M 2015 TRADITIONAL MALWARE ADVANCED](https://reader033.fdocuments.us/reader033/viewer/2022042606/5f6a5797378eb350cc2d6a6d/html5/thumbnails/13.jpg)
![Page 14: Evolving with the threats - ATEA€¦ · $2.3B 2007 $800M 2014 Locky Ransomware $1.1B 2016 FinFischer Spyware 2003 $780M Exploit as a Service $500M 2015 TRADITIONAL MALWARE ADVANCED](https://reader033.fdocuments.us/reader033/viewer/2022042606/5f6a5797378eb350cc2d6a6d/html5/thumbnails/14.jpg)
Haha! All your files are encrypted!
Give me money!
Let‘s see what we can find here..
Information is more valuable
![Page 15: Evolving with the threats - ATEA€¦ · $2.3B 2007 $800M 2014 Locky Ransomware $1.1B 2016 FinFischer Spyware 2003 $780M Exploit as a Service $500M 2015 TRADITIONAL MALWARE ADVANCED](https://reader033.fdocuments.us/reader033/viewer/2022042606/5f6a5797378eb350cc2d6a6d/html5/thumbnails/15.jpg)
![Page 16: Evolving with the threats - ATEA€¦ · $2.3B 2007 $800M 2014 Locky Ransomware $1.1B 2016 FinFischer Spyware 2003 $780M Exploit as a Service $500M 2015 TRADITIONAL MALWARE ADVANCED](https://reader033.fdocuments.us/reader033/viewer/2022042606/5f6a5797378eb350cc2d6a6d/html5/thumbnails/16.jpg)
Social Engineering – One of the biggest threats
Social Engineering bypasses all technologies, including firewalls.
– Kevin Mitnick
![Page 17: Evolving with the threats - ATEA€¦ · $2.3B 2007 $800M 2014 Locky Ransomware $1.1B 2016 FinFischer Spyware 2003 $780M Exploit as a Service $500M 2015 TRADITIONAL MALWARE ADVANCED](https://reader033.fdocuments.us/reader033/viewer/2022042606/5f6a5797378eb350cc2d6a6d/html5/thumbnails/17.jpg)
![Page 18: Evolving with the threats - ATEA€¦ · $2.3B 2007 $800M 2014 Locky Ransomware $1.1B 2016 FinFischer Spyware 2003 $780M Exploit as a Service $500M 2015 TRADITIONAL MALWARE ADVANCED](https://reader033.fdocuments.us/reader033/viewer/2022042606/5f6a5797378eb350cc2d6a6d/html5/thumbnails/18.jpg)
Educate your users!