2. Typical Firewall
And VPNs
Phishing
and
Passwor
d hacks
Session
Hijacks
SSL
Attacks
DDoS,
Port
Scans,
Network
attacks
LoginCat
AppSecur
e
LoginCat
Smart
Firewall
Application Data
And Information
Hackers LoginCat
Hackers work across all layers, so should your Cybersecurity Solution
3. • A full service, fast growing, and high skilled technology firm.
• US founded and headquartered
• Zero debt company with a de-risked operating model, maintaining two
years of operating cash reserves.
TekMonks – Global, Skilled and Successful
3
Vision Statement
To be a reputable Global
Corporation providing
quality solutions for
business issues using
technology and
highly skilled people.
• 98% rate of repeat business, history of success and
satisfied clients.
• ISO 9001:2015 QMS certified
4. TekMonks Operates from 6 Countries, 7 Major Cities
4
CANADA - TORONTO
1 Development Center
1 Office
USA - CHICAGO
1 Development Center
1 Office
JAPAN - TOKYO
1 Development Center
1 Office
INDIA – NEW DELHI,
BANGALORE
3 Development Centers
2 Offices
Europe – U.K - LONDON
1 Development Center
1 Office
SINGAPORE
1 Development Center
1 Office
AUSTRALIA (3Q 2016)
1 Development Center
1 Office
6. In 2016, 82% of all Cyberattacks were financially motivated.
*All data from 2016 Verizon Data Breach Investigations Report
Cybersecurity – Some startling facts…*
6
7. $280 Billion
Total loss to businesses from Cyber-attacks in 2016*2
$2.1 Trillion
Estimated Cyber Losses in 2019*2
$74.54 Billion – Google’s 2015 Revenue
Hacking industry is a business that is 3.75 times bigger than Google! Hackers today
are a well funded multi-Billion dollar illegal corporations with significant computing
and research power, all dedicated to hacking you for profits.
Cybersecurity – Yes it is a serious situation
7*2 Forbes: http://www.forbes.com/sites/stevemorgan/2016/01/17/cyber-crime-costs-projected-to-reach-2-trillion-by-2019/#2e21dd3f3bb0
8. • It takes days for an attacker to “exfiltrate” data – i.e. steal valuable data post attack. This is
because it takes few days to crack passwords for internal applications once the hacker is inside. It
is not instantaneous, but it doesn’t take 3 or 6 months either.
Cybersecurity – time is not on our side…
8
10. • The continued, high frequency of successful cyberattacks makes it clear that traditional,
Firewalls, VPNs, while necessary, are no longer sufficient.
• Why?
• Because Phishing attacks can’t be stopped by traditional firewalls and
VPNs.
• And 82% of times hackers have the correct ID and passwords. Again no internal firewall can
stop someone with right credentials.
• Assuming every laptop, every phone, every desktop will always be secure and never
have an exploitable zero day hack, that’s a fantasy.
Network layer security: Necessary but not sufficient
10
11. 11
Just why are things getting worse?
Why do hackers succeed more easily
lately?
12. 1. When a hacker install malware or exploits a zero day exploit on an employee’s
laptop, he can easily get connected to secure internal network when
employee logs on.
2. Once connected to internal network, traditional firewalls fail, as while the
employee works, the hacker uses background scripts to scan and find
vulnerable corporate systems and hack them.
3. The hackers can easily crack passwords for internal applications, after stage 2,
working over days, and then log into them and steal data without being
detected or challenged
12
Why is the issue?
13. • Current firewalls don’t know who the user is and why is he accessing the
application he is accessing – they allow traffic based on network ports.
• Regular Firewall’s only decision – is the traffic going to the right port? If yes,
allow, if not disallow.
• This is quite dumb … it doesn’t differentiate anything beyond allowed ports.
Hackers simply piggyback on the allowed ports.
• Encrypted network traffic simply can’t be analyzed even by packet inspection
or AI driven firewalls. Most of the traffic today is encrypted, including hacker’s
traffic! Increasing security actually backfires in this case.
13
What is wrong with traditional firewalls?
14. • Crackers today are really efficient at breaking passwords.
• Deep Blue Supercomputer - around 1999 - beat Garry Kasparov - 11.38 GFLOPS.
• Samsung Galaxy S7 with SnapDragon 820 packs 498.5 GFLOPS. Approximately
44 times faster than the Deep Blue Supercomputer.
• On Desktop Radeon R9 Fury X2 = 17,204 GLOPS. 1,511 times faster than Deep
Blue.
• Hackers routinely build rigs with up to 25 of these GPUs, which is 430 TeraFLOPS.
https://goo.gl/1nVst6. This is same power as Blue Gene Supercomputer at
Livermore Nuclear Laboratory to simulate nuclear reactions.
• If one thinks passwords are secure because decrypting them will take a lot of
computing power – one is not living in the reality of 2017.
14
Why are passwords so easy to hack now?
16. • Passwords are easy to crack – but what do we do today to deal with this? Policy to change passwords
every 3 months.
• But … it takes a hacker days – not months to crack passwords and steal internal data.
3 months is too long!
• Why not change them every day? Or every hour? With really complex computer generated passwords
which are very hard to crack.
• A Cybersecurity solution is required to fight such password attacks pro-actively, by brute forcing the
hackers back
This is what LoginCat’s AppSecure module does - without requiring modifications to existing applications.
16
Application Layer Level Cybersecurity
17. Now since we control the users’ login passwords, at the application layer, if the users have to keep
working, we must log them in as well.
This leads to implementation of a smart firewall at the network layer.
LoginCat Smart Firewall
• Since LoginCat authenticates users, we know the IP address of the verified user.
• We also know which application the user wants to use when.
• We only allow IPs we have authenticated, and only to applications which they were allowed access to.
• No wild cards – only fully verified users are allowed in, and even then only to end applications which
they were granted access to. They can’t access anything else.
• Self configuring – no need to specify applications, ports, users, policies etc. – SMART!
17
Smart Firewall
20. • First we eliminates passwords.
• Pass phrase based authentication – Mathematically proven to be extremely hard to hack,
even with today’s computing power.
• Human brains can’t remember good passwords e.g. $@)Nq;F*(.JRwd#$ , but even babies
learn to put together two or three words quickly and make short sentences
• Then we eliminates User IDs as well. No hack targets, zero exposure, zero trust.
• Third – OTP, Second Factor Questions or Touch ID
• Fourth – AI based authentication using user’s habit analysis.
• Finally, use of virtual keyboards and Protocol Based logins avoids issues with infected laptops
that have Keyloggers or infected web browsers.
Securing LoginCat – Three factor authentication
20
21. • LoginCat assumes the corporate network is already compromised
• We assume the employee laptops and mobiles are compromised as well
• We assume the hackers are very smart, can break through any encryption
• We even assume our own device and database can be compromised
• We don’t underestimate the enemy – we assume they are smarter than us
LoginCat is unique in this respect, our product is designed to operate in hacked
environments, assume hackers are active, and still continue to provide security.
Only Cybersecurity solution designed assuming worst case scenarios
21
Versus
22. • LoginCat scripting based authentication adapters will work with all your existing
applications – Web based, terminal or cloud without requiring any changes to them.
• For the first time have a unified security policy across internal applications and the
cloud.
• No changes needed to existing applications. Do they use MD5? SHA1? We still secure
them without having to recode them.
Appliance or Cloud Based – bring us on premise with an appliance, or run LoginCat via
from our hosted cloud.
22
Zero risk and cost to secure existing applications – Cloud
or Appliance
23. • BYOD – LoginCat mobile apps include a secure browser allowing employees
to securely use their mobiles for business, without compromising safety.
• User ID provisioning and instant locking from all internal applications, if
needed.
• Privilege account management, automated scripts for service account
password management.
• Constantly updated – TekMonks will provide firmware updates to include
latest security and AI algorithms to protect against emerging threats.
23
Other Benefits
24. • PCI Compliance
• Audit standards
• Access Control Standards
• Japan Cybersecurity Management Guidelines
• Maintaining Continuity Regulations,
• Initial Reaction Guidelines for Cyberattacks,
• Secure external partner guidelines
• New York DFS Cybersecurity Regulations for Financial Institutions
• Multifactor Authentication Requirement
• Continuous Cybersecurity Monitoring Requirement
• 2 Hour RTO to detect and recover from Cyberattacks
• Maintain ongoing monitoring and situation awareness of Cyberattacks
24
LoginCat Helps meet Regulatory Compliance Standards
25. LoginCat Next Gen Firewalls Other solutions
Application to Network
layer integrated solution
Only Network layer Again either app layer
only or network only.
No need for deep packet
inspection, we already
have the perfect
information.
Needs deep packet
inspection, slow and also
can’t adapt to encrypted
traffic
If network layer either
defeated by encryption
or need deep packet
encryption as well.
SmartFirewall auto
configures, continuously.
Needs policies and
integration and
configuration.
Needs Policies as well.
From authentication, to
passwords, to network –
we integrate and
manage all.
Can’t deal with
application layer attacks
like password stealing –
remember these were
82% of all attacks in
2016!
Can’t deal with entire
layer of attacks.
25
30. Complicated 8 character passwords
take 15 hours at most to hack in 2017
Secure by design – End of Passwords
30
Passphrases are impossible to crack, even if
hackers use a billion times faster computer.
31. • LoginCat secures the User’s ID and passwords across all internal applications, without having to modify
them.
• LoginCat will automatically, and frequently change the associated login credentials (passwords) for
example every 1hour.
• Further LoginCat will automatically generate the toughest passwords possible. This makes it harder to
hack the accounts, while creating a constantly moving target for the hackers.
• LoginCat comes with a built in SSO solution which works across all major Cloud and in-house
applications. Users no longer need to be aware of their constantly changing passwords, since LoginCat
will log them into the end systems.
We win even when we lose
• When an application is hacked, LoginCat will either lock out the attackers automatically by changing the
credentials – or detect the hack (if the hacker has locked the account) – either way preventing damages.
Secure by design – Credential Management
31
32. • AI based security algorithms – beyond IP
firewalls LoginCat will analyze incoming login
attempts and ban hackers using habit and
heuristic analysis.
• We know who you are, hackers don’t know
who they are hacking.
• Right time to be using this application?
• Right city?
• Right time?
• Right ISP?
Secure by design – Third Factor AI based hack detection
32