SlideShare a Scribd company logo

What endpoint protection solutions are available on the market today?

Download as PPTX, PDF
David Strom
David Strom

This is a talk I gave in Nov 2020 about how the working from anywhere movement is changing how we protect our endpoints and business networks.

Technology
1 of 38
What EDR solutions are available on the market today? • David Strom • St. Louis, USA • @dstrom
http://strominator.com 2
1E - Copyrighted. All rights reserved Agenda • Trends • Phishing and Box Fatigue • Rise of zero trust • Here come the (US) Feds • What the scope of an EDR product means today • Competitive landscape of 1E Tachyon, Tanium and Carbon Black
Trends
Then Covid happened • VPNs aren’t the (total) answer, despite Jerry’s pleas • Ransomware attacks up 25% from 2019Q4 => 2020Q1 • Most everyone reported overall increase in the number of attacks • FBI cybercrime reports went from 1000/day to 4000/day • UK’s NCSC Covid on the rise • Huge rise in phishing emails …
Phishing subject lines • Password Check Required Immediately • Vacation Policy Update • Corporate Reopening Schedule • COVID-19 Awareness • Coronavirus Stimulus Checks • List of Rescheduled Meetings Due to COVID-19 • Confidential Information on COVID • COVID-19 - Now airborne, Increased community transmission • Fedex Tracking #
Verizon Data Breach Report 2020
Box fatigue c. 2017 vs. security fatigue today
• Get a password manager • Use an ad blocker • Patch and update everything you can • Check/think before you click
Do these ‘package delivery’ phishes seem familiar?
Rise of zero trust networks • Origin: 2010 John Kindervag of Forrester coined the term • Core idea: No one gets access until they prove who or what they are • Better idea: zero risk, find the critical data that is worth protecting
Another way to ask • What is the single source of truth that we can use to secure the WFA endpoint?
Here come the Feds
National Institute of Standards and Technology (NIST) Special Publication 800- 171
NIST implementation guidelines Cybersecurity Maturity Model Certification (CMMC) program Jan 2020 – first released Sept 2020 – interim guidelines Nov 2020 – start date to phase things in and get certified Nov 2025 – when it is supposed to be complete and required for everyone 1, basic cyber hygiene 2, document best practices 3, where everyone should be and have implemented plans 4, more defensive measures in place 5, advanced threat prevention
EDR/EPP/ XDR functional expectations • Ad hoc search queries • Better security policy enforcement and reporting • Automatic discovery of outliers and unmanaged endpoints • Detection of lateral network movement (for better early attack notifications) • Better remediation and deployment tactics • Better security awareness training • Better patch management (ditto) • Integration into existing protective gear such as event and service management tools
2. Network Traffic Analysis 3. Malware sandboxes 4. Cyber threat intelligence 5. Central analytics and management 6. Email protection
Let’s look at three EDR products
Tanium features Not just p2p but also across the LAN/WAN Added its own natural language explorer query tool Queries take <15s, so a bit slower than Tachyon More granular access rights and drill-down analysis features now included Scripts supported in PowerShell, Python or VBScript, >800 written
Tanium
Carbon Black features LOTS OF CB SENSORS NOW INSIDE MANY VMWARE PRODUCTS SUCH AS VSPHERE, VCENTER, NSX, HORIZON VDI AGENTS ARE MORE LIKE CONTAINERS THAT CAN LOAD VARIOUS PROTECTIVE MODULES, INCLUDING SENSORS FOCUS IS ON CAPTURING EVERYTHING ACROSS THE NETWORK AND INSIDE THE ENDPOINT OR VM INSTANCE LARGE INTEGRATION EFFORT WITH OTHER INTEL SERVICES, SIEMS, ETC.
Use cases for 1E Tachyon • Deploying patches across a mixed OS environment • Find the compromised PC for a specific malware intrusion • Why can’t I install this software on this PC? • Is my web browser slow? • My always-on business is offline. Why? • Can I automate a non-infosec event? • Can I track which users have reviewed which infosec policies?
Tanium 1E Tachyon Carbon Black • Slower responses on queries • Microsoft “insurance” vendor • P2P/LAN design outmoded • UI could use a refresh • Win, Mac, lots of Linux clients (but no phones) • Multiple sensors already embedded in Vmware products like vCenter and vSphere and NSX • File distribution not as well as competitors • Confusing array of product versions • Millisecond response time on queries • Powerful query construction process • Built-in sec awareness tool
Thank You – David Strom +1 (314) 277-7832 david@strom.com Twitter: @dstrom http://strominator.com Slides available: http://slideshare.net/davidstrom

Recommended

Chapter 1, Transformasi antivirus
Chapter 1, Transformasi antivirusChapter 1, Transformasi antivirus
Chapter 1, Transformasi antivirusAdi Saputra
 
ESET on cybersecurity.
ESET on cybersecurity.ESET on cybersecurity.
ESET on cybersecurity.SOCIALware Benelux
 
Pegasus Spyware - What You Need to Know
Pegasus Spyware - What You Need to KnowPegasus Spyware - What You Need to Know
Pegasus Spyware - What You Need to KnowSkycure
 
Basics of Network Security
Basics of Network SecurityBasics of Network Security
Basics of Network SecurityDushyant Singh
 
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?Faith Zeller
 
Network security
Network securityNetwork security
Network securityAkhilesh Jain
 
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension Inc.
 

Recommended

Chapter 1, Transformasi antivirus
Chapter 1, Transformasi antivirusChapter 1, Transformasi antivirus
Chapter 1, Transformasi antivirusAdi Saputra
 
ESET on cybersecurity.
ESET on cybersecurity.ESET on cybersecurity.
ESET on cybersecurity.SOCIALware Benelux
 
Pegasus Spyware - What You Need to Know
Pegasus Spyware - What You Need to KnowPegasus Spyware - What You Need to Know
Pegasus Spyware - What You Need to KnowSkycure
 
Basics of Network Security
Basics of Network SecurityBasics of Network Security
Basics of Network SecurityDushyant Singh
 
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?Faith Zeller
 
Network security
Network securityNetwork security
Network securityAkhilesh Jain
 
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension Inc.
 
UTM - The Complete Security Box
UTM - The Complete Security BoxUTM - The Complete Security Box
UTM - The Complete Security BoxSophos
 
Computer and network security
Computer and network securityComputer and network security
Computer and network securityKarwan Mustafa Kareem
 
The Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDRThe Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDRNetpluz Asia Pte Ltd
 
Internet threats and issues in korea 120325 eng_slideshare
Internet threats and issues in korea 120325 eng_slideshareInternet threats and issues in korea 120325 eng_slideshare
Internet threats and issues in korea 120325 eng_slideshareYoungjun Chang
 
Cyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughCyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughSavvius, Inc
 
Evolution of ransomware
Evolution of ransomwareEvolution of ransomware
Evolution of ransomwareCharles Steve
 
F5 Networks- Why Legacy Security Systems are Failing
F5 Networks- Why Legacy Security Systems are FailingF5 Networks- Why Legacy Security Systems are Failing
F5 Networks- Why Legacy Security Systems are FailingGlobal Business Events
 
Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101Blue Coat
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceTom K
 
Sophos Next-Generation Enduser Protection
Sophos Next-Generation Enduser ProtectionSophos Next-Generation Enduser Protection
Sophos Next-Generation Enduser ProtectionGiovanni Giovannelli
 
LiPari_Assignment8
LiPari_Assignment8LiPari_Assignment8
LiPari_Assignment8Phillip LiPari
 
The Next Generation Security
The Next Generation SecurityThe Next Generation Security
The Next Generation SecurityCybera Inc.
 
Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...
Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...
Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...Jacob Tranter
 
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...EC-Council
 
What's cooking at Sophos - an introduction to Synchronized Security
What's cooking at Sophos - an introduction to Synchronized SecurityWhat's cooking at Sophos - an introduction to Synchronized Security
What's cooking at Sophos - an introduction to Synchronized SecuritySophos Benelux
 
Spyware powerpoint
Spyware powerpointSpyware powerpoint
Spyware powerpointgalaxy201
 
5 Network Security Threats Facing Businesses Today
5 Network Security Threats Facing Businesses Today5 Network Security Threats Facing Businesses Today
5 Network Security Threats Facing Businesses TodayVelocity Network Solutions
 
Advanced Threat Protection
Advanced Threat ProtectionAdvanced Threat Protection
Advanced Threat ProtectionLan & Wan Solutions
 
Network Security
Network SecurityNetwork Security
Network Securityforpalmigho
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityUmairFirdous
 
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItToday's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItResilient Systems
 
Insurance Cyber Risks Presentation
Insurance Cyber Risks PresentationInsurance Cyber Risks Presentation
Insurance Cyber Risks PresentationNeville Cartwright
 

More Related Content

What's hot

UTM - The Complete Security Box
UTM - The Complete Security BoxUTM - The Complete Security Box
UTM - The Complete Security BoxSophos
 
The Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDRThe Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDRNetpluz Asia Pte Ltd
 
Internet threats and issues in korea 120325 eng_slideshare
Internet threats and issues in korea 120325 eng_slideshareInternet threats and issues in korea 120325 eng_slideshare
Internet threats and issues in korea 120325 eng_slideshareYoungjun Chang
 
Cyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughCyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughSavvius, Inc
 
Evolution of ransomware
Evolution of ransomwareEvolution of ransomware
Evolution of ransomwareCharles Steve
 
F5 Networks- Why Legacy Security Systems are Failing
F5 Networks- Why Legacy Security Systems are FailingF5 Networks- Why Legacy Security Systems are Failing
F5 Networks- Why Legacy Security Systems are FailingGlobal Business Events
 
Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101Blue Coat
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceTom K
 
Sophos Next-Generation Enduser Protection
Sophos Next-Generation Enduser ProtectionSophos Next-Generation Enduser Protection
Sophos Next-Generation Enduser ProtectionGiovanni Giovannelli
 
The Next Generation Security
The Next Generation SecurityThe Next Generation Security
The Next Generation SecurityCybera Inc.
 
Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...
Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...
Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...Jacob Tranter
 
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...EC-Council
 
What's cooking at Sophos - an introduction to Synchronized Security
What's cooking at Sophos - an introduction to Synchronized SecurityWhat's cooking at Sophos - an introduction to Synchronized Security
What's cooking at Sophos - an introduction to Synchronized SecuritySophos Benelux
 
Spyware powerpoint
Spyware powerpointSpyware powerpoint
Spyware powerpointgalaxy201
 
5 Network Security Threats Facing Businesses Today
5 Network Security Threats Facing Businesses Today5 Network Security Threats Facing Businesses Today
5 Network Security Threats Facing Businesses TodayVelocity Network Solutions
 
Network Security
Network SecurityNetwork Security
Network Securityforpalmigho
 

What's hot (20)

UTM - The Complete Security Box
UTM - The Complete Security BoxUTM - The Complete Security Box
UTM - The Complete Security Box
 
Computer and network security
Computer and network securityComputer and network security
Computer and network security
 
The Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDRThe Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDR
 
Internet threats and issues in korea 120325 eng_slideshare
Internet threats and issues in korea 120325 eng_slideshareInternet threats and issues in korea 120325 eng_slideshare
Internet threats and issues in korea 120325 eng_slideshare
 
Cyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughCyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enough
 
Evolution of ransomware
Evolution of ransomwareEvolution of ransomware
Evolution of ransomware
 
F5 Networks- Why Legacy Security Systems are Failing
F5 Networks- Why Legacy Security Systems are FailingF5 Networks- Why Legacy Security Systems are Failing
F5 Networks- Why Legacy Security Systems are Failing
 
Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General Audience
 
Sophos Next-Generation Enduser Protection
Sophos Next-Generation Enduser ProtectionSophos Next-Generation Enduser Protection
Sophos Next-Generation Enduser Protection
 
LiPari_Assignment8
LiPari_Assignment8LiPari_Assignment8
LiPari_Assignment8
 
The Next Generation Security
The Next Generation SecurityThe Next Generation Security
The Next Generation Security
 
Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...
Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...
Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...
 
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
 
What's cooking at Sophos - an introduction to Synchronized Security
What's cooking at Sophos - an introduction to Synchronized SecurityWhat's cooking at Sophos - an introduction to Synchronized Security
What's cooking at Sophos - an introduction to Synchronized Security
 
Spyware powerpoint
Spyware powerpointSpyware powerpoint
Spyware powerpoint
 
5 Network Security Threats Facing Businesses Today
5 Network Security Threats Facing Businesses Today5 Network Security Threats Facing Businesses Today
5 Network Security Threats Facing Businesses Today
 
Advanced Threat Protection
Advanced Threat ProtectionAdvanced Threat Protection
Advanced Threat Protection
 
Network Security
Network SecurityNetwork Security
Network Security
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 

Similar to What endpoint protection solutions are available on the market today?

Today's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItToday's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItResilient Systems
 
Insurance Cyber Risks Presentation
Insurance Cyber Risks PresentationInsurance Cyber Risks Presentation
Insurance Cyber Risks PresentationNeville Cartwright
 
CNIT 50: 1. Network Security Monitoring Rationale
CNIT 50: 1. Network Security Monitoring RationaleCNIT 50: 1. Network Security Monitoring Rationale
CNIT 50: 1. Network Security Monitoring RationaleSam Bowne
 
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataLaw Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataAccellis Technology Group
 
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...ClearDATACloud
 
Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022PECB
 
Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Anpumathews
 
Protecting Your Business - All Covered Security Services
Protecting Your Business - All Covered Security ServicesProtecting Your Business - All Covered Security Services
Protecting Your Business - All Covered Security ServicesAll Covered
 
Endpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian RainsburghEndpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian RainsburghNapier University
 
Cybersecurity.pptx
Cybersecurity.pptxCybersecurity.pptx
Cybersecurity.pptxJohn Donahue
 
Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Andris Soroka
 
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...CODE BLUE
 
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...James Anderson
 
Demo how to detect ransomware with alien vault usm_gg
Demo how to detect ransomware with alien vault usm_ggDemo how to detect ransomware with alien vault usm_gg
Demo how to detect ransomware with alien vault usm_ggAlienVault
 
Using Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber SecurityUsing Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber SecurityStephen Cobb
 
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedThreat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedFalgun Rathod
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective amarukanda
 
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Michele Chubirka
 
The Year Ahead in Cyber Security: 2014 edition
The Year Ahead in Cyber Security: 2014 editionThe Year Ahead in Cyber Security: 2014 edition
The Year Ahead in Cyber Security: 2014 editionStephen Cobb
 

Similar to What endpoint protection solutions are available on the market today? (20)

Today's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItToday's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About It
 
Insurance Cyber Risks Presentation
Insurance Cyber Risks PresentationInsurance Cyber Risks Presentation
Insurance Cyber Risks Presentation
 
CNIT 50: 1. Network Security Monitoring Rationale
CNIT 50: 1. Network Security Monitoring RationaleCNIT 50: 1. Network Security Monitoring Rationale
CNIT 50: 1. Network Security Monitoring Rationale
 
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataLaw Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
 
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...
 
Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022
 
Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1
 
Protecting Your Business - All Covered Security Services
Protecting Your Business - All Covered Security ServicesProtecting Your Business - All Covered Security Services
Protecting Your Business - All Covered Security Services
 
Cybersecurity.pptx
Cybersecurity.pptxCybersecurity.pptx
Cybersecurity.pptx
 
Endpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian RainsburghEndpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian Rainsburgh
 
Cybersecurity.pptx
Cybersecurity.pptxCybersecurity.pptx
Cybersecurity.pptx
 
Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012
 
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
 
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
 
Demo how to detect ransomware with alien vault usm_gg
Demo how to detect ransomware with alien vault usm_ggDemo how to detect ransomware with alien vault usm_gg
Demo how to detect ransomware with alien vault usm_gg
 
Using Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber SecurityUsing Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber Security
 
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedThreat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective a
 
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
 
The Year Ahead in Cyber Security: 2014 edition
The Year Ahead in Cyber Security: 2014 editionThe Year Ahead in Cyber Security: 2014 edition
The Year Ahead in Cyber Security: 2014 edition
 

More from David Strom

Spark Twitter fails Mar2023
Spark Twitter fails Mar2023Spark Twitter fails Mar2023
Spark Twitter fails Mar2023David Strom
 
Getting Your First Cybersecurity Job
Getting Your First Cybersecurity JobGetting Your First Cybersecurity Job
Getting Your First Cybersecurity JobDavid Strom
 
Understanding passwordless technologies
Understanding passwordless technologiesUnderstanding passwordless technologies
Understanding passwordless technologiesDavid Strom
 
Fears and fulfillment with IT security
Fears and fulfillment with IT securityFears and fulfillment with IT security
Fears and fulfillment with IT securityDavid Strom
 
Protecting your digital and online privacy
Protecting your digital and online privacyProtecting your digital and online privacy
Protecting your digital and online privacyDavid Strom
 
AI and cyber security: new directions, old fears
AI and cyber security: new directions, old fearsAI and cyber security: new directions, old fears
AI and cyber security: new directions, old fearsDavid Strom
 
The legalities of hacking back
The legalities of hacking backThe legalities of hacking back
The legalities of hacking backDavid Strom
 
How to market your book in today's social media world
How to market your book in today's social media worldHow to market your book in today's social media world
How to market your book in today's social media worldDavid Strom
 
​Understanding the Internet of Things
​Understanding the Internet of Things​Understanding the Internet of Things
​Understanding the Internet of ThingsDavid Strom
 
How to make your mobile phone safe from hackers
How to make your mobile phone safe from hackersHow to make your mobile phone safe from hackers
How to make your mobile phone safe from hackersDavid Strom
 
Implications and response to large security breaches
Implications and response to large security breaches Implications and response to large security breaches
Implications and response to large security breaches David Strom
 
Using social networks to find your next job (2017)
Using social networks to find your next job (2017)Using social networks to find your next job (2017)
Using social networks to find your next job (2017)David Strom
 
Security v. Privacy: the great debate
Security v. Privacy: the great debateSecurity v. Privacy: the great debate
Security v. Privacy: the great debateDavid Strom
 
Using OpenStack to Control VM Chaos
Using OpenStack to Control VM ChaosUsing OpenStack to Control VM Chaos
Using OpenStack to Control VM ChaosDavid Strom
 
Notable Twitter fails
Notable Twitter failsNotable Twitter fails
Notable Twitter failsDavid Strom
 
How to make the move towards hybrid cloud computing
How to make the move towards hybrid cloud computingHow to make the move towards hybrid cloud computing
How to make the move towards hybrid cloud computingDavid Strom
 
Listen to Your Customers: How IT Can Provide Better Support
Listen to Your Customers: How IT Can Provide Better SupportListen to Your Customers: How IT Can Provide Better Support
Listen to Your Customers: How IT Can Provide Better SupportDavid Strom
 
Network security practice: then and now
Network security practice: then and nowNetwork security practice: then and now
Network security practice: then and nowDavid Strom
 
Biggest startup mistakes
Biggest startup mistakesBiggest startup mistakes
Biggest startup mistakesDavid Strom
 
Picking the right Single Sign On Tool to protect your network
Picking the right Single Sign On Tool to protect your networkPicking the right Single Sign On Tool to protect your network
Picking the right Single Sign On Tool to protect your networkDavid Strom
 

More from David Strom (20)

Spark Twitter fails Mar2023
Spark Twitter fails Mar2023Spark Twitter fails Mar2023
Spark Twitter fails Mar2023
 
Getting Your First Cybersecurity Job
Getting Your First Cybersecurity JobGetting Your First Cybersecurity Job
Getting Your First Cybersecurity Job
 
Understanding passwordless technologies
Understanding passwordless technologiesUnderstanding passwordless technologies
Understanding passwordless technologies
 
Fears and fulfillment with IT security
Fears and fulfillment with IT securityFears and fulfillment with IT security
Fears and fulfillment with IT security
 
Protecting your digital and online privacy
Protecting your digital and online privacyProtecting your digital and online privacy
Protecting your digital and online privacy
 
AI and cyber security: new directions, old fears
AI and cyber security: new directions, old fearsAI and cyber security: new directions, old fears
AI and cyber security: new directions, old fears
 
The legalities of hacking back
The legalities of hacking backThe legalities of hacking back
The legalities of hacking back
 
How to market your book in today's social media world
How to market your book in today's social media worldHow to market your book in today's social media world
How to market your book in today's social media world
 
​Understanding the Internet of Things
​Understanding the Internet of Things​Understanding the Internet of Things
​Understanding the Internet of Things
 
How to make your mobile phone safe from hackers
How to make your mobile phone safe from hackersHow to make your mobile phone safe from hackers
How to make your mobile phone safe from hackers
 
Implications and response to large security breaches
Implications and response to large security breaches Implications and response to large security breaches
Implications and response to large security breaches
 
Using social networks to find your next job (2017)
Using social networks to find your next job (2017)Using social networks to find your next job (2017)
Using social networks to find your next job (2017)
 
Security v. Privacy: the great debate
Security v. Privacy: the great debateSecurity v. Privacy: the great debate
Security v. Privacy: the great debate
 
Using OpenStack to Control VM Chaos
Using OpenStack to Control VM ChaosUsing OpenStack to Control VM Chaos
Using OpenStack to Control VM Chaos
 
Notable Twitter fails
Notable Twitter failsNotable Twitter fails
Notable Twitter fails
 
How to make the move towards hybrid cloud computing
How to make the move towards hybrid cloud computingHow to make the move towards hybrid cloud computing
How to make the move towards hybrid cloud computing
 
Listen to Your Customers: How IT Can Provide Better Support
Listen to Your Customers: How IT Can Provide Better SupportListen to Your Customers: How IT Can Provide Better Support
Listen to Your Customers: How IT Can Provide Better Support
 
Network security practice: then and now
Network security practice: then and nowNetwork security practice: then and now
Network security practice: then and now
 
Biggest startup mistakes
Biggest startup mistakesBiggest startup mistakes
Biggest startup mistakes
 
Picking the right Single Sign On Tool to protect your network
Picking the right Single Sign On Tool to protect your networkPicking the right Single Sign On Tool to protect your network
Picking the right Single Sign On Tool to protect your network
 

Recently uploaded

WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 

What endpoint protection solutions are available on the market today?

  • 1. What EDR solutions are available on the market today? • David Strom • St. Louis, USA • @dstrom
  • 3. 1E - Copyrighted. All rights reserved Agenda • Trends • Phishing and Box Fatigue • Rise of zero trust • Here come the (US) Feds • What the scope of an EDR product means today • Competitive landscape of 1E Tachyon, Tanium and Carbon Black
  • 5.
  • 6. Then Covid happened • VPNs aren’t the (total) answer, despite Jerry’s pleas • Ransomware attacks up 25% from 2019Q4 => 2020Q1 • Most everyone reported overall increase in the number of attacks • FBI cybercrime reports went from 1000/day to 4000/day • UK’s NCSC Covid on the rise • Huge rise in phishing emails …
  • 7. Phishing subject lines • Password Check Required Immediately • Vacation Policy Update • Corporate Reopening Schedule • COVID-19 Awareness • Coronavirus Stimulus Checks • List of Rescheduled Meetings Due to COVID-19 • Confidential Information on COVID • COVID-19 - Now airborne, Increased community transmission • Fedex Tracking #
  • 8.
  • 9. Verizon Data Breach Report 2020
  • 10. Box fatigue c. 2017 vs. security fatigue today
  • 11. • Get a password manager • Use an ad blocker • Patch and update everything you can • Check/think before you click
  • 12. Do these ‘package delivery’ phishes seem familiar?
  • 13. Rise of zero trust networks • Origin: 2010 John Kindervag of Forrester coined the term • Core idea: No one gets access until they prove who or what they are • Better idea: zero risk, find the critical data that is worth protecting
  • 14. Another way to ask • What is the single source of truth that we can use to secure the WFA endpoint?
  • 17. NIST implementation guidelines Cybersecurity Maturity Model Certification (CMMC) program Jan 2020 – first released Sept 2020 – interim guidelines Nov 2020 – start date to phase things in and get certified Nov 2025 – when it is supposed to be complete and required for everyone 1, basic cyber hygiene 2, document best practices 3, where everyone should be and have implemented plans 4, more defensive measures in place 5, advanced threat prevention
  • 18. EDR/EPP/ XDR functional expectations • Ad hoc search queries • Better security policy enforcement and reporting • Automatic discovery of outliers and unmanaged endpoints • Detection of lateral network movement (for better early attack notifications) • Better remediation and deployment tactics • Better security awareness training • Better patch management (ditto) • Integration into existing protective gear such as event and service management tools
  • 19. 2. Network Traffic Analysis 3. Malware sandboxes 4. Cyber threat intelligence 5. Central analytics and management 6. Email protection
  • 20. Let’s look at three EDR products
  • 21. Tanium features Not just p2p but also across the LAN/WAN Added its own natural language explorer query tool Queries take <15s, so a bit slower than Tachyon More granular access rights and drill-down analysis features now included Scripts supported in PowerShell, Python or VBScript, >800 written
  • 23.
  • 24.
  • 25. Carbon Black features LOTS OF CB SENSORS NOW INSIDE MANY VMWARE PRODUCTS SUCH AS VSPHERE, VCENTER, NSX, HORIZON VDI AGENTS ARE MORE LIKE CONTAINERS THAT CAN LOAD VARIOUS PROTECTIVE MODULES, INCLUDING SENSORS FOCUS IS ON CAPTURING EVERYTHING ACROSS THE NETWORK AND INSIDE THE ENDPOINT OR VM INSTANCE LARGE INTEGRATION EFFORT WITH OTHER INTEL SERVICES, SIEMS, ETC.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34. Use cases for 1E Tachyon • Deploying patches across a mixed OS environment • Find the compromised PC for a specific malware intrusion • Why can’t I install this software on this PC? • Is my web browser slow? • My always-on business is offline. Why? • Can I automate a non-infosec event? • Can I track which users have reviewed which infosec policies?
  • 35.
  • 36.
  • 37. Tanium 1E Tachyon Carbon Black • Slower responses on queries • Microsoft “insurance” vendor • P2P/LAN design outmoded • UI could use a refresh • Win, Mac, lots of Linux clients (but no phones) • Multiple sensors already embedded in Vmware products like vCenter and vSphere and NSX • File distribution not as well as competitors • Confusing array of product versions • Millisecond response time on queries • Powerful query construction process • Built-in sec awareness tool
  • 38. Thank You – David Strom +1 (314) 277-7832 david@strom.com Twitter: @dstrom http://strominator.com Slides available: http://slideshare.net/davidstrom

Editor's Notes

  1. We are experiencing a changing nature of cyberattacks, especially as the world has moved towards more working from home. These attacks have evolved with the changing nature of our enterprise networks. Back when everyone was working from well-defined offices, we could definitely state that there was a difference between what was considered “outside” and “inside” the corporate network. But then the Internet happened, and we all became connected. Even before the pandemic, there was little difference. With the advent of the cloud, and definitely since the pandemic began, we are now all considered out. We are all working from home, using devices that aren’t necessarily ones that IT has purchased and sharing them with other family members. In my talk talk, I want to identify some trends that have changed the endpoint detection and response marketplace, and examine a few of the EDR products and show how they have evolved as well to meet these new collection of threats.
  2. Firewalls are now all about the software Ubiquitous Internet means no difference between in and outside Your Internet pipe is probably too small and has too much latency to support 100% WFH BYOD is the norm, not the exception, There is this CIO.com piece from 2014!! BTOD was never a great idea to begin with. Now everyone is BYOD. And VPNs—at least as most companies use them today—are not a long-term solution for the distributed workplace. Having everyone have to connect to the physical office network to get work done requires a whole new level of networking infrastructure.  We have tools such as remote desktops that weren’t designed to be used in such abundance, by the general user population. We have VPNs that circumvent all kinds of network protection, not to mention all the various vulnerabilities they have experienced recently. https://arstechnica.com/features/2020/11/future-of-collaboration-03/ https://arstechnica.com/gadgets/2020/10/future-of-collaboration-01/
  3. The UK’s NCSC reported that so far this year they have had 200 Covid-related attacks, a third of all of those they have dealt with that have affected 1200 victims, mainly with the National Health Service and other public agencies that they protect. https://cisomag.eccouncil.org/the-digital-normal/ https://www.ncsc.gov.uk/files/Annual-Review-2020.pdf
  4. This is from a report by the phishing awareness vendor Know Be 4 compiled from 2020Q2 emails. The company then uses this research to produce a series of simulations to see if users are paying attention. They found that the scams are becoming more aggressive and more targeted as we continue under lockdown. https://www.knowbe4.com/press/q2-2020-knowbe4-finds-coronavirus-related-phishing-email-attacks-spike
  5. the pandemic is making it easier for cybercriminals to target mid-level managers, with various lures such as Covid-related ones to more traditional business impersonations. In one case, the FBI investigated a COVID-19-related case of CEO fraud in which the hacker, posing as a CEO, requested a money transfer date to be move up due to precautions surrounding COVID-19 and the quarantine process. In the end, the hoax cost one financial institution a million dollars. Other phishing lures claim to come from the CDC or local public health offices to trick users into divulging private data or to open attachments. https://www.inky.com/blog/covid-19-mid-level-managers-are-easy-targets-for-phishing-scams-during-the-pandemic
  6. This the Verizon breach report that was released earlier this year. Once again it highlights the role that phishing plays, moving to the #1 spot in the 2019 report and in the top two of threat types across all incidents. Google blocks 1M phishing emails daily across its infastructure The pandemic has made phishing attacks more dangerous, as we can see in the next slide with the typical email subject lines.
  7. MalwareBytes used this term back in 2017. The problem is that we ask too much from our endusers: they have to watch out for phishing emails. Make sure they have complex enough passwords and are using MFA properly. “People are told they need to be constantly on alert, constantly ‘doing something,’ but they are not even sure what that something is or what might happen if they do or do not do it.” The volume of messaging, combined with an unclear understanding of how to move forward, is what leads to security fatigue.” All these cybersecurity warnings result in desensitization by the users. https://blog.malwarebytes.com/101/2017/04/how-to-fight-security-fatigue/
  8. This is from 1970 comic strip artist Walt Kelly. You’ll see why in a moment. That article that mentioned box fatigue recommends these four simple actions to take.
  9. Note the date: April 7th. I got this notification in September! I guess the US postal mail really takes that long to deliver a package? Needless to say, I didn’t click on the link.
  10. IT shouldn’t be the interstate highway system but part and parcel to today’s business decisions Certainly, Covid changed things, and accelerated the adoption of zero trust to protect wFH STAFFERS But zero trust needs to be systematically, making network segments based on risk and auditing their access rights -- When was the last time you audited your AD users? Do you have an out-boarding policy in place to remove users who no longer work for the company? How quickly are they taken off the roles and their authentications removed from all your systems?
  11. Once upon a time a US bicycle manufacturer would hold a status meeting for their product staff in a conference room, updating a shared spreadsheet on the status of their products in the pipeline. Granted, this was a long time ago, but still you can’t use outdated technology as your single source of truth. This is the Stone Age, we must bring things into the modern era.
  12. Back when we could attend conferences, the popular DefCon show in Vegas every summer would have this activity called spot the fed, meaning the conference attendee who was from the intelligence and law enforcement community. The attendees were warned that “If you see some shady Men in Black earphone penny loafer sunglass wearing Clint Eastwood to live and die in LA type lurking about, you might win one of these t-shirts and the fed would get an equivalent “I am the fed” shirt. Today I want to talk about two efforts by my government to try to bring some order to your endpoints.
  13. The first is this NIST document which establishes cybersecurity standards for federal contractors and is being used as a playbook by many endpoint protection vendors and customers. It has a long list of action items to try to improve security. 1e has put this together in the follow slide.
  14. The CMMC requires 3rd party assessments by DoD contractors with various levels of compliance. The goal is to move these contractors – which number > 300,000 companies – up thru the levels and improve their cyber hygiene
  15. These efforts by NIST and the DoD have resulted in a consolidation of various endpoint protection functions, in some cases making EDR products with a wider scope. We are asking an awful lot from our EDR vendors, and some of them, such as 1e, have risen to that challenge, to provide a more integrated and powerful product. Some vendors have called this EPP or XDR to show this wider context. Qualys calls their product vuln management, detection and response or VMDR, so they win on the acronym pile-on
  16. This is an article from CSO in Mat 2019 The integration will happen by consolidating analytics, using integrated platforms like Tachyon, and integrating APIs I would add to this list email protection – while it isn’t an endpoint technology per se, phishing attacks are making it more important. https://www.csoonline.com/article/3391562/5-threat-detection-and-response-technologies-are-coming-together.html
  17. The question of scale is important. A lot of EDR products can’t handle hundreds of thousands of endpoints and be able to find items such as an executable process by a specific hash value or examine a particular set of IP address pairs or a DNS lookup that points to a malware site. Or they can’t deploy or remediate many concurrent systems. Tachyon: 190k endpoints with 100k concurrent machines Tanium: 900k endpoints in one DoD service branch Carbon Black: Equally large -- with a collective daily analysis of 1T events
  18. Tanium has a lot slower query response time, whereas Tachyon’s responses take just a few milliseconds, and seem almost instantaneous.
  19. Tanium separates its EDR product into a series of modules each with a specific single function, such as patching or threat response.
  20. Tanium now has the same explorer query tool that Tachyon has had for years but it much more bare bones
  21. Here is the threat response dashboard, with links to learning resources at the top and some simple charts below that summarize the alerts.
  22. We are not about finding bombs but about finding a van that you are going to drive into a crowd
  23. At the core of Carbon Black is its Watchlist -- this is where you set up your detection policies and it also maps the treats to the MITRE ATT&CK framework to learn more about mitigation measures.
  24. Here is its malware process tree discovery tool where you can examine each piece of code and see its resources and how a piece of malware spread throughout your infrastructure and endpoints.
  25. Vmware is trying to do its best to integrate Carbon Black into its existing security tools, and more focused on managing large scale virtual infrastructure. It has a confusing array of different product versions, starting with cloud vs. on premises versions. Some of its existing tools, such as NSX and vSphere, include Carbon Black agents.
  26. Finally, we come to Tachyon. Here is its main portal, and like Tanium you can see separate modules for the various protective features such as patching and inventory management. It is easier to define What Tachyon is not -- a MDM, not just a SIEM, endpt management and threat intel -- somewhat
  27. If we go back to the NIST framework, you can see how 1E’s Tachyon maps these five basic categories of protection in their framework.
  28. It is like what Google was in the mid 1990s – back then no one knew what a search engine was, and this open-ended dialog box was odd. This simply query interface has been adopted by other EDR vendors in the past several years. This is an example of a very complex query string to check for which KB patches have been applied across your endpoints.
  29. Here is a tool that can be used as a way to test your existing end user knowledge of their security posture. There are vendors that focus on security awareness training, but this can be a useful way to begin to assemble your own training efforts on a more granular level, such as this report that shows if users understand their access control policies.
  30.  Guaranteed State ensures you have up-to-the-minute data on the current configuration state and compliance of all your endpoints – even for remote workers. The idea is to supply real time visibility and continuous remediation, so your equipment doesn’t fall behind your intentions to maintain a secure profile.
  31. Tachyon can deliver real-time automated endpoint remediation and management, especially if you need a tool that emphasizes improved automated and almost real-time operations. Tachyon isn’t searching for a needle in a haystack filled with log files and other data but figuring out that first you need to look for something that doesn’t appear to be a piece of hay. Think of it as the search tool for finding out the health of your network.
  32. Google’s Chronicle has this product which is ingesting so much network traffic and log data that they have built ML tools to figure out when someone was first attacked, even many years ago, from their technologies. Original staff has left
  33. Microsoft suggests using Tanium as a very costly insurance policy and now bundled with an enterprise e5 license Like Google’s product, it hoovers up all your data from one month to 6 months. MS’ Defender implementation requires a complex collection of O365 tools and add-ons including the agent formerly known as Defender ATP now called Defender for Endpoint
  34. Summary slide of 3 products