Cyber securitySecurity byMultiPoint Ltd.
About MultiPoint
• MultiPoint was founded in April 2009• Managed by Arie Wolman and Ricardo Resnik• A Distributor of Security & Networking Software• Main exclusive product lines:
– GFI Software, Damballa, Accellion, SpectorSoft, Centrify, IronKey, NovaStor, GFI MAX, LiebSoft, DataMotion, Netwrix, etc.
• Certified, Qualified and Credible Technical team• Value Added for the Channel and the End-Users
alike
Main Vendors
Some of our customers
Attack Lifecycle
DAMAGE
BREACHTHREATINFECTION
MALW
ARE
EXPLOIT
TIME
IMPACT
Resource Validation
Preventative Controls
SOC / CIRT
Incident Response Analysis
Professional Services
Marketing / PR
Brand
Loss of Intellectual Property
Because prevention’s not enough!
69%of breaches
Malware was involved in 69% of all breaches, and 95% of all stolen data.
“Prevention is crucial…but detection/response represents an extremely critical line of defense. Let’s stop treating it like a backup plan and start making it a core part of THE plan."
2013 Verizon Data Breach Investigation Report
210days
The average time from breach to detection was 210 days.
Trustwave 2013 Global Security Report
New York Times, January 1, 2013
5%
82 new malware samples were put up against more than 40 antivirus products... the initial detection rate was less than 5 percent.
“Signature-based methods of detecting malware is not keeping up.”
detection rate
Endpoint Security Network Security Systems
Enterprise Assets
? ? ? ? ?? ? ?Infections Identified
AV
HIPSFirew
allFirew
allIDS/IPS
WSG/Proxy
VM/Sandbox
DNS
Alerts Alerts Alerts AlertsAlerts AlertsBlockBlacklist/Signatures
LogsUnknown Threats Logs Logs
Why do these threats go undetected?
87% of victims of data theft had evidence in their log files but failed to identify it.
2011 Data Breach ReportVerizon RISK team
All this noise, how do I identify real infections?
Automation needed to accelerate & improve Detection
66%of breaches remain
undiscovered for months or more
69%of breaches are discovered by parties external to the victim
5%detection rate of 82 new malware
samples by traditional signature-based products
Sources: Verizon, New York Times
MultiPoint empowers end users to…
Adapt Postureenable improvements to
security policies and controls
Optimize Resourcesfocus teams & tools on high-value
activities vs. noisy alerts
Manage Portfoliomeasure performance of
preventative solutions
Rapidly Respondautomate discovery, verification &
prioritization of true infections
The Kill Chain and Risk
Infection Risk
Reconnaissance Weaponization Delivery Exploitation Command & Control Data Exfiltration/Disruption/Damage
Business Risk
After Infection Takes Place, the Game Changes
Infection Risk
Reconnaissance Weaponization Delivery Exploitation Command & Control Data Exfiltration/Disruption/Damage
Infection
Looking at the Threat After It Bypasses Prevention
Initial Infection Update & Repurpose Initial C&C and 2nd Repurpose Evasion Cycle Continues…
Malware is updated/customized
Repository C&C Portals
C&C Proxies
Downloader Repository C&C Portals
C&C Proxies
Downloader
Threat Actors
…
Victim
Dropper
Pay Per Installer
Dropper unpacks on the Victim machine and
runs
Malware is updated/customized
DownloaderUpdater
Cyber Brokers
Malware Author
Prevention features you need for 2014
Patch automation
Vulnerability assessment
Integration
Powerful
»Microsoft®, Mac OS® and major Linux operating systems
»Microsoft and other popular third-party applications
»Security and non-security updates
»More than 4000 critical security applications
»Interactive dashboard
»Workstations, laptops, servers, mobile devices and a wide range of network devices such as printers, switches and routers
»Now checking for up to 50,000 vulnerabilities
Dedicated reports »For PCI DSS, HIPAA, PSN CoCo and other regulations
Improved scanand remediation
performance»Through usage of agents and relay agents
Secunia VIM Overview – Key Facts and BenefitsA proactive approach to vulnerability management
Leader in the field of Vulnerability IntelligencePioneer and industry leader in the research and disclosure of vulnerabilitiesThe market’s largest verified vulnerability database, 45,000+ products.The only vendor that guarantees coverage of your commercially available environmentAward-winning solution Straight forward and simple to set up, maintain and use regardless of the size of an organizationCustomized asset lists mean targeted information based on your exact environmentFilter information based on the asset location or critically, useful for business critical technology which receives less press coverage, e.g.. Lotus NotesDynamic, customized, historic, and automated reporting. Track and document remediation strategies Eliminated information overload sifting through other sources, emails, and bulk RSS feedsPrioritize patch management based on verified real time information
Sandbox technology helpsThreatTrack Security
"Sandbox customization is the
only way to adequately detectand stop targeted
attacks"
As a fully customizable platform, ThreatAnalyzer enables you to recreate your entire application stack (including virtual and native environments) in which you can detonate malicious code to see exactly how malware will behave across all your network and systems configurations. Moreover, custom malware determination rules help
Dynamic Malware AnalysisKnow Your Exposure to Cyber ThreatsThreatAnalyzer is the industry's only malware analysis solution that enables you to completely and accurately quantify the risk and exposure your organization faces from any malware threat.
you fine tune ThreatAnalyzer to be on the alert for suspicious behavior and activity that concern you most, such as anomalous access to sensitive systems, data exfiltration to foreign domains, queries made to custom applications and more.
Within minutes of detonating a malware sample, you will know exactly which system configurations on your network are vulnerable to any threat, enabling you to instantly respond by isolating systems and implementing defenses to prevent infections.
Th
reat U
pd
ate
sIn
clu
des
Inte
l, Cla
ssifi
ers
, & A
ttribu
tion
MultiPoint vendors Labs Threat Updates & Discovery Services
Enterprise Assets
ISPsEnterprise
sMultiPoint Vendors
Dom
ain
s
Th
reat
Dis
covery
File
s
Trace
Rep
ort
s
Why GFI LanGuard is so effective?
Scan
Analyze
Remediate
Install
Takes only a few minutes to be up
and running
Agent-less or agent-based
Identify assets (including mobile
devices), find vulnerabilities, missing patches, open ports, services, hardware and software, etc.
Vulnerability level assigned to each computer
Reports, results filtering, network changes history
Check external references
Deploy missing updates,uninstall applications,deploy custom scripts,open remote desktop
connections, etc.
Definitions for vulnerabilities and patches are
continuously updated from GFI® servers to report and
remediate latest threats
Deploy agents
(agent-less)
Powerful interactive dashboard
Damballa Failsafe Architecture
Hub & Spoke | 1 U Appliances | Out of Band
Our Formula – Delivering Predictive Security Analytics
Security 2.0: The New Security Stack
Alerts & Logs
SIEM(Single Pane of
Glass)
SOC
NetworkDVR
Forensics Client
NGFW
Endpoint Containmen
t
Infection Risk Business Risk
Prevention Detection Response(Forensics)
legacy
IPS & HostAV/IPS/FW
Infection Damage
NBADSandboxing
Email Gateway
Predictive Security Analytics
Attack
Advanced Threat Protection
Increasing customer value thru integrations & alliances
Enrich, Correlate viaSIEM & Forensics Block & Inform from Network to Endpoint Accelerate & Prioritize Response
Damballa discovers with certainty & delivers evidence so customers can pivot to…