Malware Labs : Unknown Malware Advanced Detection · Next generation anti-virus, malware tracking,...
Transcript of Malware Labs : Unknown Malware Advanced Detection · Next generation anti-virus, malware tracking,...
Malware Labs :
Unknown Malware Advanced Detection
Who is
AIUK E N C Y B E R S E C UR ITY ? Aiuken C ybers ecurity is an international
IT S ecurity company, focus ed oncommunications and IT technologies ,s pecialis ed in S ecurity and C loudS ervices s olutions with high addedvalue. Aiuken C ybers ecurity operates in7 countries .
Leading E uropan C ybers ecurity C ompany
1
5 Facts about Aiuken Cybersecurity
❖ Europe Gartner TOP 10 MSSP 2019
❖ Top 400 Financial Times Europe FT1000 Fastest Growing Companies
❖ Over 150 qualified engenieers with over 10 years of experience.
❖ Presence in Europe , Latin America, Africa y Middle East .
❖ +400 Global Enterprise customers.
❖ 40% Annual Growth
2
Global SOC Operations Network
Andora
UAE
Spain
PortugalMarocco
USA
Dominicana
Mexico
Chile
3
120Security EngineersExperienced and Certified
10.000Security DevicesManaged
25.000Security IncidentsProcessed Daily 97.527
Malware SamplesDaily
81.080Phishing URLsDaily
450.000MPSCorrelated
Global Security Operation Centers Power
5
Today’s Malware World
Malware Growing 2018
Total Malware created since 1994
In the last 3 years the total number of new malware grow by 2000 %
A Comprehensive Challenge
Today’s malware is more sophisticated than ever, and traditionalsignature based antivirus is notoriously bad at stopping newer threats,but it’s a cornerstone in most enterprise multi-layer end-point cybersecurity strategies.
Next generation anti-virus, malware tracking, threat hunting, behavioralanalysis, endpoint detection, sandboxing, machine learning, artificialintelligence, reverse engineering. There are several solutions tosupport the inflexible battle against the malware, however, noneincludes all these competences in an Integral Solution.
Aiuken’s Malware Labs Solution® is a threat intelligence platformconstantly updated from multiple sources, designed to help find andrespond effectively in all environments to some malware typeregardless its conduct, morphology, origin or method of propagation.
7
Today’s Unknown Malware World.
Who can you trust?
What is Aiuken’s Malware Labs?
6
Automatic Orchestrationfor
Advanced Malware Analysis“AOAMA”
What is Aiuken’s Malware Labs?
7
“Aiuken Advanced Malware Analysis Platform allows orchestration of machine-based execution of malware investigation actions across a
complex analysis infrastructure”
11
HIGH DETECTION RATE
The malware sample database onthe Aiuken cloud contains morethan 1 billion samples. It quicklydetects whether any uploaded filematches with the malwaresamples.
Aiuken’s Sandboxing can simulaterunning environments and triggerfile activities as creating processes,modifying registry and requestingback chain.
INSTANT DEPLOYMENT
Hillstone Cloud Sandbox isseamlessly integrated with all oursolution portfolio, also integrates aninterface for third-party solutions.Aiuken Malware Labs can bedeployed immediately and seamlesslywithout network disruption.
ANTI-SANDBOX TECHNOLOGY
Support identification and detectionof anti-sandbox malwares. Byhiding the sandbox processinginformation such as kernel modeland registry information, our CloudSandbox can simulate realenvironments running.
To prevent malware frompreventing detection, the platformsimulates manual and interactiveoperations capture the API to
In a few words Malware Labs
What is Aiuken’s Malware Labs?
6
Malware Labs Video
13
Workflow process Malware Labs
APT & CustomReports
Threat Data Feeds
Managed Protection
Threat Intelligence Portal Forensic Training
Incident ResponseService
ForensicData
Discover
Qualify Investigate
Neutralize
Recover
Anti Targeted Attack
Detection and Response
What is Aiuken’s Malware Labs?
8
Specific trojan families + targeted malware
URLsTrojans
Unknown BinariesDocuments
Integration with IT security devicesAutomatic IOCs mitigation
Invisible BitsTrendMicroFortinetAll top vendors
15
Workflow process Malware Labs
The IOCs rules engine integrated in the solution helps provide security informationabout our environments:
o Is this file malicious?o How do we get infected?
o What has this IP done in the past?
o We are engaged?
How is Aiuken’s Malware Labs?
10
MALWARE SOURCESQuality 0day samplesTrojan & countries customer-chosen
ORCHESTRATORCoordination between platform elements
SANDBOXIsolated malware executionIOCs & behaviour extraction
VMs EnvironmentDifferent O.S. (Wos, Xos, Linux, …)Platform for malware execution
NETWORK ISOLATIONElectronic communications forfully emulated corporate target machines
PROFESSIONAL SERVICESFrom setup to delivery consultancyFull support & maintenance services
How is Aiuken’s Malware Labs?
11
Foggy Proxy Network
MongoDB
ORCHESTRATOR
Sandbox Pool
MySQL Elastic
Crystal Reports
SIEM & IPS/IDS Feeds
Dedicated Connection Delfos’ SamplesInternet
18
User portalMalware Labs
How is Aiuken’s Malware Labs?
15
High Quality Malware ~2.000 daily classified malware samples.~60.000 monthly quality malware samples
Fully Classified
Malware types are classified by behaviour:Ransomware trojansFinancial malwareDownloadersRemote Access Trojans
Brand -new, Unknown & 0 -dayMalware
0DAY MALWAREMost of the pieces are unknown to AntiVirusVendors (Oday malware)
Targeted Malware~100 daily malware samples detected in Saudi ArabiaOther countries & specific domains can be included
How is Aiuken’s Malware Labs?
Malware Samples Services
MALWARE SOURCES
15
Use Case: USB real time security test
USB IoT & SCADAUpdate Malware Labs in a box
Malware Detected Malware Clean
Aiuken’s Malware Labs
7
“Aiuken Advanced Malware Analysis Platform is the ONLY platform in the World that combines all Sandboxes vendors with unique
orchestration & automatization, in order to detect ALL kind of KNOWN and UNKNOWN malware, virus and trojans
Is the future for Malware detection and analysis. Today.
Thank You