Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

How to Replace Your Legacy Antivirus Solution with CrowdStrike

1.267 visualizaciones

Publicado el

THE TIME HAS COME TO REPLACE YOUR ANTIVIRUS SOLUTION

Legacy AV products are failing to stop modern threats. That’s why AV replacement is a hot topic in the industry and why enterprises in every sector are looking for answers. As breaches continue to dominate the headlines, you need to know that there is a new approach that can close the wide security gap left by yesterday’s AV solutions. Defending against today’s sophisticated polymorphic threats requires new weapons and that’s just what the CrowdStrike Falcon Platform delivers.

The key to this new approach is going beyond malware to addressing the most complex and persistent cyber threats at every stage of the kill chain. CrowdStrike does this by combining next-gen antivirus, endpoint detection and response (EDR), and a managed threat hunting service – all cloud-delivered with a single lightweight agent.

In this CrowdCast, Dan Larson, VP, Product Marketing will discuss:

--The typical challenges with legacy antivirus, from efficacy to complexity & bulky architecture
--How CrowdStrike stands above competitive offerings by providing robust threat prevention leveraging artificial intelligence and machine learning
--How Falcon’s lightweight sensor and cloud architecture dramatically reduces operational burden
--How you can seamlessly migrate from legacy antivirus to CrowdStrike Falcon
--Why CrowdStrike was positioned as a “Visionary” in the 2017 Gartner Magic Quadrant for Endpoint Protection Solutions and what it says about our standing as an effective AV replacement

Publicado en: Tecnología
  • Sé el primero en comentar

  • Sé el primero en recomendar esto

How to Replace Your Legacy Antivirus Solution with CrowdStrike

  1. 1. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. THE TIME HAS COME TO REPLACE YOUR LEGACY AV DAN LARSON, VP OF PRODUCT MARKETING
  2. 2. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. CrowdStrike Intro Legacy Anti-Virus Efficacy How CrowdStrike Stops Malware How CrowdStrike Goes Beyond Malware How to Switch to CrowdStrike for AV AV Testing and Industry Collaboration
  3. 3. A QUICK INTRODUCTION TO CROWDSTRIKE 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  4. 4. FALCON PLATFORM THE POWER OF ONE LIGHTWEIGHT AGENT API NEXT-GEN ANTIVIRUS IT HYGIENE ENDPOINT DETECTION AND RESPONSE THREAT INTEL MANAGED HUNTING
  5. 5. MY ANTI-VIRUS JUST DOESN’T WORK 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. This is the #1 concern raised by customers inquiring with analyst firms Gartner and Forrester about endpoint security. … They simply are not effective in stopping modern threats.
  6. 6. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. INEFFECTIVE AGAINST MODERN THREATS 45% § “Anti-Virus catches about 45 percent of attacks these days” - Brian Dye, former VP at Symantec (now at McAfee) Source: https://goo.gl/hNUCdm
  7. 7. “COMPLEXITY IS THE ENEMY OF SECURITY” Bruce Schneier, 2001 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  8. 8. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. TRYING TO GET AHEAD OF THE ATTACKER 80s to 90s Signatures 00s Heuristics 2007 Reputation 2009 App Control 2012 Sandboxing & Isolation 2013 Machine Learning Now Managed Hunting 2011 IOC Sharing 2014 Behavioral Analytics Enterprise Endpoint Security Timeline
  9. 9. LEGACY VENDOR ARCHITECTURE Email Encryption HTTP/WEB GATEWAY Web Security SMTP/EMAIL GATEWAY Mail Security SHAREPOINT Sharepoint Security SERVERS App Control MAIL SERVERS Mail Scanner VDI VDI Plugin FIREWALL/ROUTER UTM GATEWAY ENDPOINT PROTECTION HOST SECURITY SERVICES • Web Security as a Service • Hosted Email Security • Reputation Cloud • Sandbox Service CENTRALIZED MANAGEMENT • Vulnerability Protection • Host Intrusion Prevention • AntiVirus • Endpoint Encryption • Application Control • Web Protection SANDBOX APPLIANCE “NEXT GEN” • Endpoint Activity Visibility Source: 2016 Verizon Data Breach Investigation Report
  10. 10. CROWDSTRIKE FALCON ARCHITECTURE CLOUD DELIVERED ENDPOINT PROTECTION
  11. 11. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. ANTI-MALWARE PREVENTION STACK CROWDSTRIKE FALCON § MACHINE LEARNING § IOA PREVENTION § EXPLOIT BLOCKING § CUSTOM HASH BLOCKING § CONTINUOUS MONITORING § KNOWN MALWARE § UNKNOWN MALWARE § BEYOND MALWARE § MACHINE LEARNING § THREAT INTELLIGENCE § MANAGED HUNTING § THREAT GRAPH PREVENT: ENDPOINT PROTECTION CLOUD PROTECTION
  12. 12. Machine Learning • Trained on over 30 billion events per day in the CrowdStrike ThreatGraph™ • Increases effectiveness against new, polymorphic or obfuscated malware • Works offline, works without daily updates • Data models can be smaller than signature files (if done properly) • Performance impact less than on-demand or on-access scanning techniques • Complements • Behavioral analytics, or IOAs • Exploit mitigation
  13. 13. MORE THAN JUST AV REPLACEMENT 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  14. 14. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. THE REMAINING CHALLENGES Complexity … Ever expanding infrastructure requirements and agent footprint Always Out of Date … By the time your update is deployed, it is time to start another Blind Spots … Silent failure leads to long dwell times and false sense of security
  15. 15. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. COMPLEXITY Eliminate operational burden with CrowdStrike § Just one agent – really! § No more daily signature updates § Smaller footprint 15MB on disk 10MB in memory § No reboots § No on premise hardware § SaaS scalability
  16. 16. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. ALWAYS OUT OF DATE Outpace the attacker with CrowdStrike § No need to develop AV signatures § Machine learning and IOAs are more persistent protection mechanisms § CrowdStrike only requires 15MB on disk § 70MB-150MB typical for AV signatures § Some ML models balloon to 300MB § Single-sensor design eliminates dependency issues § SaaS delivery ensures real-time updates when necessary
  17. 17. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. EXAMPLE 3 Month Old Machine Learning Model Immediately Blocks Shamoon 2 § ML model delivered to VirusTotal on Aug 25th § Blocked Shamoon 2 on its first appearance in VT on Nov 22nd § Same ML technology is now built into every Falcon sensor Source: https://goo.gl/nK0VmO
  18. 18. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. BLIND SPOTS Eliminate dwell time with CrowdStrike § AV can only see what it stops § No prevention solution can be 100% effective, not even next-gen solutions § Average dwell time still near 200 days § Go beyond malware to detect and block modern attacker techniques § CrowdStrike’s EDR offers automatic detections, eliminating the need for manual search § CrowdStrike’s Overwatch delivers proactive threat hunting in your environment, 24x7x365
  19. 19. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. NO MORE BLIND SPOTS 100% Exploit Detection in AV-Comparatives Test 90 63 100 57 86 90 63 70 28 82 0 20 40 60 80 100 Symantec* Cylance* CrowdStrike SentinelOne Palo Alto Blocked Detected Source: AV-Comparatives § CrowdStrike is only product with 100% detection efficacy § All other solutions suffered from silent failure § In reality, this leads to long dwell times
  20. 20. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. NO MORE BLIND SPOTS 100% Exploit Detection in AV-Comparatives Test 90 63 100 57 86 90 63 70 28 82 0 20 40 60 80 100 Symantec* Cylance* CrowdStrike SentinelOne Palo Alto Blocked Detected Source: AV-Comparatives § CrowdStrike is only product with 100% detection efficacy § All other solutions suffered from silent failure § In reality, this leads to long dwell times
  21. 21. 2015 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. Privilege Escalation from Command Line EXAMPLE
  22. 22. 2015 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. Privilege Escalation from Command Line EXAMPLE
  23. 23. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. Privilege Escalation from Command Line EXAMPLE • AV signatures, IOCs and Application Control are ineffective against this kind of threat • Even machine learning can’t stop this because it is a trusted executable • Would you know how to search for this? • Even if you knew how, do you have the bandwidth to search? • CrowdStrike IOAs operate in real time and automate the detection process so that you don’t have to search
  24. 24. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. THINGS TO LOOK OUT FOR If you’re not 100% effective at prevention, then you need strong detection Even some next-gen players have bloated endpoint agents Unverified efficacy claims “Bake in” periods are like HIPS all over again Telemetry without intelligence is worthless Over-emphasis on malware and/or forgetting the rest of the kill chain
  25. 25. Vendor Member Committed to Standards Contribute Leadership 98.2% Malware Block Rate 100% Exploit Detection 0 False Positives First Pure ML Engine Open to Public Scrutiny Contribute to Community COMPLIANCE
  26. 26. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. INDUSTRY VALIDATION
  27. 27. Largest global companies by revenue Largest global banks by revenue Top Credit card payment processors Top oil and gas companies 3 OF THE 102OF THE 45OF THE 103OF THE 10 CrowdStrike Falcon Deployed in 170 Countries BACKED BY ELITE INVESTORS:
  28. 28. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. Questions? Please submit all questions in the Q&A chat right below the presentation slides Contact Us Additional Information Request 1:1 Demo crowdstrike.com/request-a-demo Upcoming CrowdCast Topic Ransomware Website: crowdstrike.com Email: info@crowdstrike.com Number: 1.888.512.8902 (US)

×