Advanced Attackers Hiding Inside Encrypted Traffic at the Endpoint

[Music]

[Music] so the first thing we have to really look at is how the palace continues to shift downwards for us you guys and upwards for bad guys so company the three main criteria we main elements that play against us our first evolution of these tools these that they buy the deconstruction of the perimeters and [Applause] then that ain't old problem Dennis never go away is a very general sense right the ones in here chances are you put security solutions in place that has for the most part mitigated these these sets of threats the ones in red are a little bit more concern most of the bugs that are purpose-built to 5x all those security solutions your investment right

we spent so much time money

[Music]

other things like taking someone's attitude financial straits and I have your credentials when I go into your system no security solution Socrates at this time so we will be some of the staff solution this is a small set based even from bias or maple so over above one day period 1.7 million you look at that all the way even numbers way too high to look at the second part of that step seven million were actually

meaning more than one certified of their chance our that means that their baby is be cyclic code that means X is small changes otherwise you know look at just one point three million bragging pieces of code that's the stuff just updating their wandering all this stuff I assure you this brings up a seven seconds for me that's even more interesting this is the finalists attacks so this one shows the last meters I promise you if you short of the two prior to this the steps would be even warmer 2016 only 20% of the attacks that we saw were completely phytosanitary this year so far of the attacks receive 30% jump 2015 after that that you know something like 81%

involves destinations so I love it most earn interest within the system and infirmity by attacking and I

heard someone say anyone want to guess what the most views piece of malware was

one croc one I was the most useless another 75,000 in attack so something that pairing up so this is not my way it's very simple money rules the world right that is one of the most simple ways into your pocketbook is the whole system so soccer we're seeing this system delete files in crypto [Music]

for [Music]

the next few pieces really tipping the scales is this waffle like it used to be so I read a whole ocean network equals let's see fools you know like the wall it will turn this is fine when you define your

so we've seen there's you know I see managers you should spend most of their money building that building that wall they know you know D invested in that part of their life they're not investing more than the other Patience's giving their users more tools that's their focus and I see this is a simple city I see millions of the way patterns 43% I'd say that never loses in a walk like a decision anything ever all the pieces once all this is one time when you step beyond that Cardinal [Applause]

[Applause]

so this

[Applause]

[Music]

and the worst part is you know all really open up my respondus I understand something is deleting only world center but question becomes do you have enough time so is that do exist today that enough resources time center to do research is the deadline for them to understand and I'll say

[Applause]

[Applause] [Music]

[Music]

the

[Music] [Applause] [Music]

[Applause]

[Music]

[Music]

[Music]

yes

[Applause]

[Music]

for more information would like to buy some big email sales at such-and-such one through five her career please email something unique response to get that gives you an employment see if I [Music] that's two second social engineering

[Music] [Applause]

I also can speak to how simple this attack page will look so this is yet shameless plug our software on here so detected but I was amazing them to shut off the actual protection so it's been a letter grinder what you should start to see a couple seconds here is my policy my picture file is getting printed you've already seen some klaus-peter here on the left those are calling the adapter executables or system managers and as you can see couple more seconds it's going to start to make me believe that it's kicking me right out of the system in community black screen a little bit more nose we'll see how this all works it's not actually a black screen it's

just a gift so there you go with one click I thought it was something from

[Music]

[Applause]

yes he knows [Music]

essentially what we be able to do is I'm actually going to be able to one reverse engineer to two [Music]

so they see what I was here is detective attack file scan I won't be in on Network because well it was a different type of engine that Detective tell by the allure to look at it he did say I explored excellent so basically what that bubble call attack did as soon as I connected to the website sympathy with the first thing they did is what's the browser that's next what's the standard realizes Explorer it looks for all the possible exploits and vulnerabilities inches

so yes so unless you magically opportunity nutrition before your fireball that's not gonna see this because there are good SUSE matters so he couldn't see those matters and a little hazy will see a boxer so when I'm looking up that hat I was able to correlate the data and block connections to many of us and more so connections to of orogenic mechanism information was exchanged

[Music]

[Music] so first we have to get sentences the second effect is anything once couldn't see [Applause] [Music] oh this is where the magic this will be cold again apologize send that commands to inflame and probably with a little bit of gold watch what happens so what which should happen is because we monitor attract all that attack our agent now knows what processes to reverse so once they know that I promise any feedbacks it seems there's more Bitcoin world every some for emergencies I think to see was in Las Vegas that advertised on the outside of there Willie how willing they were to use Bitcoin as currency so this is something you have to avoid but although it's not become something

that's treated over the market is still the currency and we need to cool things like this remediated tax understand the attacker trying to hide using those encrypted in predicta issues yes sense to hide some of that too

[Music]

[Music]

[Applause] [Music]

[Music]

it's in them it's what is your ability to lead once thank you what am i monitor for that

[Music]

[Music]

[Applause]

policies I need to provide people with information you want to walk me this one persistence is the most popular fad inside if you something once all that doesn't like one of the things we did there and to show you is you swap the hacker thought agency he thought he'd deleted my backups he thought [Music] by showing that I have another snapshot and what a way to perfect my agents of the network each other and one of the biggest challenges I see is if you're gonna provide things with the security they belong there here is the very shitless market blood slide what's the one that goes earlier suppose our ancient what you saw after there the

exact scene rolled out with a automatically engage protect them and hold actually now eight god this is big thing and something stupid at the first and employee single one second you fully we've generated partnerships with other students so that we can share an example if there's some cheap bottle members some peace in them we didn't drink so all of that information I saw is in city I have seen matters I didn't know share all of those URLs with the firewall allow it to eat residents and he share that I feed list of our universities and send all of these things up to the sim to correlate information and of course you know that this ability is right but when the

solutions I better have some information

[Music]

[Applause]

and just like most people who don't know how to use the advanced tools most people that want to protect they might have the skill set the time so it's never too late to phone a friend right we provide services helping monitor those security asleep with something I talked about the API information like creating not just including engineering information but being able to set certain triggers [Applause]

open questions

so detached so that's where this difference between behavior step detection agents so reputation Michael turn indicators of compliance those things mostly considered static detection so that's attention yeah that's where you hope to capture in this case when I ended up the technical is the end result right in result glass Explorer got exploited and the Machine lockdown so in that case I was able to use my remediation techniques to pull out so the answers have a radiation plan do you want to get any customer this

[Applause] [Music]

[Music]

completely and that was one of my points I've seen a lot of investment tools even if I talk about art I've seen a lot of investment tools and you're a member cetera it all starts with understanding before he even hits the security point is understanding your assets your users needs for productivity and doing a business and then understanding if I'm going to through these tools access to this data now I need to put a framework or a policy or strategy around that those assets to properly protect by solutions is one party when you're a hundred percent right that strategy and unfortunately or fortunately the people that will implement that strategy and management strategy with

[Music]

so this one the cloud and they're on world console so it's not a little oh it's not information like this is the user log in this is the name of this computer this is its eat this is intercede for more information

[Applause]

[Applause]