1 / 17

Detecting Attackers Bypassing Prevention Solutions

RocketCyber is a cyber security platform enabling managed service providers to generate billable security services to small-medium businesses. The company develops endpoint detection and response apps, exposing malicious and suspicious attack activity before a breach occurs.

rocketcyber
Download Presentation

Detecting Attackers Bypassing Prevention Solutions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Detecting Breaches Evading SMB Cyber Defenses ASCII IT SUMMIT

  2. Who We Are RocketCyber, a Cyber Security Platform empowering MSPs to deliver billable security services to SMBs. Billy Austin President Carl Banzhof CEO Founders of iScan Online, now SolarWinds Founder / CTO of Citadel Security, now McAfee 6 US Patents | 40+ years of security

  3. Epidemic or Opportunity 30.2 Million US SMBs 61% experienced a cyber attack Most SMBs: 2 layers of defense; Firewalls & Anti-virus SMB reporting a breach in 2018, averaged a 6 month dwell time sources: SBA.gov, Verion, UPS Capital, Ponemon

  4. Dwell Time The period of time describing “the moment an adversary gains a foothold and the actual detection of their existence.” 206 day average dwell time Attacker Initial Access Detection of Existence

  5. Indicator Detections “If it were possible, blocking and detecting Tactics, Techniques, Procedures (TTPs) would bring the most pain to the adversary and severely increase their costs.” ~ Bianco Types of Indicators to Detect Adversaries

  6. Attack Tactics 11 tactical categories describe what can occur during an intrusion. ~goal of the attacker Each tactic contains a list of techniques (221 +) that an attacker uses to accomplish the goal.

  7. Example TTPs Tactic - Goal Technique - how the operation is carried out to accomplish the goal.

  8. Game On MSP Objective: Who can detect the attacker tactic before the Exfiltration of Data Lateral Movement Evasion Persistence Initial Access Data Privilege Elevation Discovery Collection Attacker needs to accomplish numerous objective for the Win MSPs need to detect 1 tactic to stop the attacker for the Win.

  9. Demonstraion Detect the unknown Post-exploitation “What happens after the initial access” Live Threat Map for your MSP as an early warning Attack timeline - reduce the dwell time from months to minutes

  10. How It Works Cloud Console Cloud Agent RocketApps

  11. ROCKETAPPS Endpoint detection and response apps discovering malicious & suspicious activity. Flip the switch to begin “What you want to Detect”. Breach Detection Terrorist Monitor Event Log Monitor Threat Hunting View all RocketApps: rocketcyber.com/rocketapps

  12. ALERTS Member Sign In When a RocketApp detects a malicious finding, RocketCyber delivers an alert to the MSP via Email and/or a ticket to your PSA [Carl], please review your alert for [CUSTOMER] Breach Tactic: [Execution] Breach Technique: [PowerShell] [A remote PowerShell session from China was detected executing code.] View Details

  13. Managed Services You Can Sell • Managed EDR • Managed Threat Hunting • Managed Breach Detection • Managed Windows Log Monitoring

  14. Project Service You Can Sell CYBER SECURITY COMPROMISE ASSESSMENT SUMMARY 3 1 2 Compromised Hosts Connections to Terrorist Nations Prepared for: <SMB Customer Name> Assessment date: Jan 1 - Jan 8, 2019 Cryptomining Instances 12 Attack TTPs Discovered Read More

  15. How We License To detect attackers circumventing Firewalls & Anti-virus Software-as-a-Service Managed / Project Service

  16. Business Questions in a language SMB owners can all understand. • What systems are breached? • How did it happen? • Who attacked us? • When did it occur?

  17. “It’s not a matter of if, but when… With RocketCyber, find out if when is now.” THANK YOU www.rocketcyber.com

More Related