SlideShare una empresa de Scribd logo

How to Replace Your Legacy Antivirus Solution with CrowdStrike

Adam Barrera
Adam Barrera

The Time Has Come To Replace Your Antivirus Solution After decades of frustration and failure, the security industry is ready to replace legacy antivirus systems with more effective solutions. As breaches continue to make headlines, we are left to wonder if anything can really stop modern threats. The answer is yes, but it requires us to approach the problem in a new way. Instead of continually adding functionality and complexity to legacy security architectures, we need a complete reset. This is exactly what CrowdStrike offers with its cloud-delivered endpoint protection platform. The key to this new approach is going beyond malware to understanding and address cyber threats at every stage of the kill chain. CrowdStrike does this by combining next-gen antivirus, endpoint detection and response (EDR), and a managed threat hunting service – all cloud-delivered with a single lightweight agent. In this CrowdCast, Dan Larson, Sr. Director of Technical Marketing, will discuss: - The typical challenges with legacy antivirus implementations and how we solve them - How CrowdStrike offers a greater level of protection, especially against modern threats - How cloud-delivered endpoint protection reduces operational burden - How to migrate from legacy antivirus to CrowdStrike Falcon Link to on-demand webcast: https://www.crowdstrike.com/resources/crowdcasts/time-come-replace-antivirus-solution/

Tecnología
1 de 27
Descargar para leer sin conexión
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. THE TIME HAS COME TO REPLACE YOUR LEGACY AV DAN LARSON, TECHNICAL DIRECTOR
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. CrowdStrike Intro Legacy Anti-Virus Efficacy How CrowdStrike Stops Malware How CrowdStrike Goes Beyond Malware How to Switch to CrowdStrike for AV AV Testing and Industry Collaboration
A QUICK INTRODUCTION TO CROWDSTRIKE 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
Cloud Delivered Endpoint Protection MANAGED HUNTING ENDPOINT DETECTION AND RESPONSE NEXT-GEN ANTIVIRUS CrowdStrike is the only security technology provider to unify next-gen AV and EDR into a single agent, backed by 24/7 proactive threat hunting – all delivered in via the cloud 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
MY ANTI-VIRUS JUST DOESN’T WORK 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. This is the #1 concern raised by customers inquiring with analyst firms Gartner and Forrester about endpoint security. … They simply are not effective in stopping modern threats.
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. INEFFECTIVE AGAINST MODERN THREATS 45% § “Anti-Virus catches about 45 percent of attacks these days” - Brian Dye, former VP at Symantec (now at McAfee) Source: https://goo.gl/hNUCdm
“COMPLEXITY IS THE ENEMY OF SECURITY” Bruce Schneier, 2001 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. TRYING TO GET AHEAD OF THE ATTACKER 80s to 90s Signatures 00s Heuristics 2007 Reputation 2009 App Control 2012 Sandboxing & Isolation 2013 Machine Learning Now Managed Hunting 2011 IOC Sharing 2014 Behavioral Analytics Enterprise Endpoint Security Timeline
LEGACY VENDOR ARCHITECTURE Email Encryption HTTP/WEB GATEWAY Web Security SMTP/EMAIL GATEWAY Mail Security SHAREPOINT Sharepoint Security SERVERS App Control MAIL SERVERS Mail Scanner VDI VDI Plugin FIREWALL/ROUTER UTM GATEWAY ENDPOINT PROTECTION HOST SECURITY SERVICES • Web Security as a Service • Hosted Email Security • Reputation Cloud • Sandbox Service CENTRALIZED MANAGEMENT • Vulnerability Protection • Host Intrusion Prevention • AntiVirus • Endpoint Encryption • Application Control • Web Protection SANDBOX APPLIANCE “NEXT GEN” • Endpoint Activity Visibility Even with all of this, there were 3,141 breaches in 2015. Source: 2016 Verizon Data Breach Investigation Report
CROWDSTRIKE FALCON ARCHITECTURE CLOUD DELIVERED ENDPOINT PROTECTION
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. ANTI-MALWAWRE PREVENTION STACK CROWDSTRIKE FALCON § MACHINE LEARNING § IOA PREVENTION § EXPLOIT BLOCKING § CUSTOM HASH BLOCKING § CONTINUOUS MONITORING § KNOWN MALWARE § UNKNOWN MALWARE § BEYOND MALWARE § MACHINE LEARNING § THREAT INTELLIGENCE § MANAGED HUNTING § THREAT GRAPH PREVENT: ENDPOINT PROTECTION CLOUD PROTECTION
Machine Learning • Increases effectiveness against new, polymorphic or obfuscated malware • Works without daily updates • Works offline • Data models can be smaller than signature files (if done properly) • Performance impact less than on-demand or on-access scanning techniques • Complements • Behavioral analytics, or IOAs • Exploit mitigation
MORE THAN JUST AV REPLACEMENT 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. THE REMAINING CHALLENGES Complexity … Ever expanding infrastructure requirements and agent footprint Always Out of Date … By the time your update is deployed, it is time to start another Blind Spots … Silent failure leads to long dwell times and false sense of security
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. COMPLEXITY Eliminate operational burden with CrowdStrike § No more daily signature updates § Smaller footprint 15MB on disk 10MB in memory § No reboots § No on premise hardware § SaaS scalability
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. ALWAYS OUT OF DATE Outpace the attacker with CrowdStrike § No need to develop AV signatures § Machine learning and IOAs are more persistent protection mechanisms § CrowdStrike only requires 15MB on disk § 70MB-150MB typical for AV signatures § Some ML models balloon to 300MB § Single-sensor design eliminates dependency issues § SaaS delivery ensures real-time updates when necessary
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. EXAMPLE 3 Month Old Machine Learning Model Immediately Blocks Shamoon 2 § ML model delivered to VirusTotal on Aug 25th § Blocked Shamoon 2 on its first appearance in VT on Nov 22nd § CrowdStrike was one of only five vendors to identify it correctly Source: https://goo.gl/nK0VmO
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. BLIND SPOTS Eliminate dwell time with CrowdStrike § AV can only see what it stops § No prevention solution can be 100% effective, not even next-gen solutions § Average dwell time still near 200 days § Go beyond malware to detect and block modern attacker techniques § CrowdStrike’s EDR offers automatic detections, eliminating the need for manual search § CrowdStrike’s Overwatch delivers proactive threat hunting in your environment, 24x7x365
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. NO MORE BLIND SPOTS 100% Exploit Detection in AV-Comparatives Test 90 63 100 57 86 90 63 70 28 82 0 20 40 60 80 100 Symantec* Cylance* CrowdStrike SentinelOne Palo Alto Blocked Detected Source: AV-Comparatives and AV-Comparatives § CrowdStrike is only product with 100% detection efficacy § All other solutions suffered from silent failure § In reality, this leads to long dwell times
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. NO MORE BLIND SPOTS 100% Exploit Detection in AV-Comparatives Test 90 63 100 57 86 90 63 70 28 82 0 20 40 60 80 100 Symantec* Cylance* CrowdStrike SentinelOne Palo Alto Blocked Detected Source: AV-Comparatives and AV-Comparatives § CrowdStrike is only product with 100% detection efficacy § All other solutions suffered from silent failure § In reality, this leads to long dwell times
2015 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. Privilege Escalation from Command Line EXAMPLE
2015 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. Privilege Escalation from Command Line EXAMPLE
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. Privilege Escalation from Command Line EXAMPLE • AV signatures, IOCs and Application Control are ineffective against this kind of threat • Even machine learning can’t stop this because it is a trusted executable • Would you know how to search for this? • Even if you knew how, do you have the bandwidth to search? • CrowdStrike IOAs operate in real time and automate the detection process so that you don’t have to search
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. THINGS TO LOOK OUT FOR If you’re not 100% effective at prevention, then you need strong detection Even some next-gen players have bloated endpoint agents Unverified efficacy claims “Bake in” periods are like HIPS all over again Telemetry without intelligence is worthless Over-emphasis on malware and/or forgetting the rest of the kill chain
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. CAN YOU TRUST US TO REPLACE YOUR AV? 98.2% Malware Block Rate 100% Exploit Detection 0 False Positives Vendor Member Committed to Standards Contribute Leadership First Pure ML Engine Open to Public Scrutiny Contribute to Community SourceSource Source Also certified for PCI, HIPAA, NIST, FFIEC and more…
Largest global companies by revenue Largest global banks by revenue Top Credit card payment processors Top oil and gas companies 3 OF THE 102OF THE 45OF THE 103OF THE 10 CrowdStrike Falcon Deployed in 170 Countries BACKED BY ELITE INVESTORS:
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. START NOW info@crowdstrike.com 1.888.512.8906 (US) +44(0)118.453.0400 (UK) (+61) 1300.792.402 (Australia & New Zealand) / APAC

Recomendados

You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And Detection
CrowdStrike
 
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike
 
Crowdstrike .pptx
Crowdstrike .pptxCrowdstrike .pptx
Crowdstrike .pptx
uthayakumar174828
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrike
CrowdStrike
 
State of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers MindsetState of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers Mindset
CrowdStrike
 
Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint Security
CrowdStrike
 
Evolving Cybersecurity Threats
Evolving Cybersecurity Threats Evolving Cybersecurity Threats
Evolving Cybersecurity Threats
Nevada County Tech Connection
 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR Roundtable
Splunk
 

Recomendados

You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And Detection
CrowdStrike
 
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike
 
Crowdstrike .pptx
Crowdstrike .pptxCrowdstrike .pptx
Crowdstrike .pptx
uthayakumar174828
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrike
CrowdStrike
 
State of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers MindsetState of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers Mindset
CrowdStrike
 
Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint Security
CrowdStrike
 
Evolving Cybersecurity Threats
Evolving Cybersecurity Threats Evolving Cybersecurity Threats
Evolving Cybersecurity Threats
Nevada County Tech Connection
 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR Roundtable
Splunk
 
Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...
YouAttestSlideshare
 
Projects to Impact- Operationalizing Work from the Center
Projects to Impact- Operationalizing Work from the CenterProjects to Impact- Operationalizing Work from the Center
Projects to Impact- Operationalizing Work from the Center
MITRE ATT&CK
 
ATT&CK Updates- Defensive ATT&CK
ATT&CK Updates- Defensive ATT&CKATT&CK Updates- Defensive ATT&CK
ATT&CK Updates- Defensive ATT&CK
MITRE ATT&CK
 
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
MITRE ATT&CK
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust Model
Yash
 
Zero trust in a hybrid architecture
Zero trust in a hybrid architectureZero trust in a hybrid architecture
Zero trust in a hybrid architecture
Hybrid IT Europe
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
CrowdStrike
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
 
ATT&CK Updates- ATT&CK for mac/Linux
ATT&CK Updates- ATT&CK for mac/LinuxATT&CK Updates- ATT&CK for mac/Linux
ATT&CK Updates- ATT&CK for mac/Linux
MITRE ATT&CK
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
Prime Infoserv
 
State of the ATTACK
State of the ATTACKState of the ATTACK
State of the ATTACK
MITRE - ATT&CKcon
 
The Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixThe Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence Matrix
Frode Hommedal
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
Marlabs
 
ATT&CK Updates- ATT&CK's Open Source
ATT&CK Updates- ATT&CK's Open SourceATT&CK Updates- ATT&CK's Open Source
ATT&CK Updates- ATT&CK's Open Source
MITRE ATT&CK
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
mohamed nasri
 
Endpoint Protection
Endpoint ProtectionEndpoint Protection
Endpoint Protection
Sophos
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
David J Rosenthal
 
Dell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbookDell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbook
Margarete McGrath
 
When Insiders ATT&CK!
When Insiders ATT&CK!When Insiders ATT&CK!
When Insiders ATT&CK!
MITRE ATT&CK
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk
M sharifi
 
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMDEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
CrowdStrike
 
Straight Talk on Machine Learning -- What the Marketing Department Doesn’t Wa...
Straight Talk on Machine Learning -- What the Marketing Department Doesn’t Wa...Straight Talk on Machine Learning -- What the Marketing Department Doesn’t Wa...
Straight Talk on Machine Learning -- What the Marketing Department Doesn’t Wa...
Sven Krasser
 

Más contenido relacionado

La actualidad más candente

Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
MITRE ATT&CK
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
CrowdStrike
 
The Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixThe Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence Matrix
Frode Hommedal
 
Endpoint Protection
Endpoint ProtectionEndpoint Protection
Endpoint Protection
Sophos
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
David J Rosenthal
 
When Insiders ATT&CK!
When Insiders ATT&CK!When Insiders ATT&CK!
When Insiders ATT&CK!
MITRE ATT&CK
 

La actualidad más candente (20)

Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...
 
Projects to Impact- Operationalizing Work from the Center
Projects to Impact- Operationalizing Work from the CenterProjects to Impact- Operationalizing Work from the Center
Projects to Impact- Operationalizing Work from the Center
 
ATT&CK Updates- Defensive ATT&CK
ATT&CK Updates- Defensive ATT&CKATT&CK Updates- Defensive ATT&CK
ATT&CK Updates- Defensive ATT&CK
 
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust Model
 
Zero trust in a hybrid architecture
Zero trust in a hybrid architectureZero trust in a hybrid architecture
Zero trust in a hybrid architecture
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
 
ATT&CK Updates- ATT&CK for mac/Linux
ATT&CK Updates- ATT&CK for mac/LinuxATT&CK Updates- ATT&CK for mac/Linux
ATT&CK Updates- ATT&CK for mac/Linux
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
 
State of the ATTACK
State of the ATTACKState of the ATTACK
State of the ATTACK
 
The Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixThe Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence Matrix
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
ATT&CK Updates- ATT&CK's Open Source
ATT&CK Updates- ATT&CK's Open SourceATT&CK Updates- ATT&CK's Open Source
ATT&CK Updates- ATT&CK's Open Source
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Endpoint Protection
Endpoint ProtectionEndpoint Protection
Endpoint Protection
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
 
Dell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbookDell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbook
 
When Insiders ATT&CK!
When Insiders ATT&CK!When Insiders ATT&CK!
When Insiders ATT&CK!
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk
 

Similar a How to Replace Your Legacy Antivirus Solution with CrowdStrike

DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMDEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
CrowdStrike
 
Security O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionSecurity O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat Protection
Bitglass
 
An Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware OutbreakAn Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware Outbreak
CrowdStrike
 
Continuous security
Continuous securityContinuous security
Continuous security
Kim van Wilgen
 

Similar a How to Replace Your Legacy Antivirus Solution with CrowdStrike (20)

DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMDEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
 
Straight Talk on Machine Learning -- What the Marketing Department Doesn’t Wa...
Straight Talk on Machine Learning -- What the Marketing Department Doesn’t Wa...Straight Talk on Machine Learning -- What the Marketing Department Doesn’t Wa...
Straight Talk on Machine Learning -- What the Marketing Department Doesn’t Wa...
 
AppTrana SECaaS (Security as a Service)
AppTrana SECaaS (Security as a Service)AppTrana SECaaS (Security as a Service)
AppTrana SECaaS (Security as a Service)
 
Security O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionSecurity O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat Protection
 
Global Ransomware Client Alert
Global Ransomware Client AlertGlobal Ransomware Client Alert
Global Ransomware Client Alert
 
Global ransomware attacks_2017_final msw_g2_sg
Global ransomware attacks_2017_final msw_g2_sgGlobal ransomware attacks_2017_final msw_g2_sg
Global ransomware attacks_2017_final msw_g2_sg
 
Advanced Endpoint Protection
Advanced Endpoint ProtectionAdvanced Endpoint Protection
Advanced Endpoint Protection
 
An Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware OutbreakAn Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware Outbreak
 
Continuous security
Continuous securityContinuous security
Continuous security
 
Analytical Driven Security - Chip Copper
Analytical Driven Security - Chip CopperAnalytical Driven Security - Chip Copper
Analytical Driven Security - Chip Copper
 
APT Monitoring and Compliance
APT Monitoring and ComplianceAPT Monitoring and Compliance
APT Monitoring and Compliance
 
Is Antivirus (AV) Dead or Just Missing in Action
Is Antivirus (AV) Dead or Just Missing in Action Is Antivirus (AV) Dead or Just Missing in Action
Is Antivirus (AV) Dead or Just Missing in Action
 
Web app penetration testing best methods tools used
Web app penetration testing best methods tools usedWeb app penetration testing best methods tools used
Web app penetration testing best methods tools used
 
IMPAKT: Verdediging aangaan t.o.v. (on)bekende ransomware:
IMPAKT: Verdediging aangaan t.o.v. (on)bekende ransomware:IMPAKT: Verdediging aangaan t.o.v. (on)bekende ransomware:
IMPAKT: Verdediging aangaan t.o.v. (on)bekende ransomware:
 
Shadow IT
Shadow ITShadow IT
Shadow IT
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
 
OSB340: Disrupting an Advanced Attack
OSB340: Disrupting an Advanced AttackOSB340: Disrupting an Advanced Attack
OSB340: Disrupting an Advanced Attack
 
OSB340R: Disrupting an Advanced Attack
OSB340R: Disrupting an Advanced AttackOSB340R: Disrupting an Advanced Attack
OSB340R: Disrupting an Advanced Attack
 
Why Two-Factor Isn't Enough
Why Two-Factor Isn't EnoughWhy Two-Factor Isn't Enough
Why Two-Factor Isn't Enough
 
Cisco Security Architecture
Cisco Security ArchitectureCisco Security Architecture
Cisco Security Architecture
 

Último

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Último (20)

AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 

How to Replace Your Legacy Antivirus Solution with CrowdStrike

  • 1. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. THE TIME HAS COME TO REPLACE YOUR LEGACY AV DAN LARSON, TECHNICAL DIRECTOR
  • 2. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. CrowdStrike Intro Legacy Anti-Virus Efficacy How CrowdStrike Stops Malware How CrowdStrike Goes Beyond Malware How to Switch to CrowdStrike for AV AV Testing and Industry Collaboration
  • 3. A QUICK INTRODUCTION TO CROWDSTRIKE 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 4. Cloud Delivered Endpoint Protection MANAGED HUNTING ENDPOINT DETECTION AND RESPONSE NEXT-GEN ANTIVIRUS CrowdStrike is the only security technology provider to unify next-gen AV and EDR into a single agent, backed by 24/7 proactive threat hunting – all delivered in via the cloud 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 5. MY ANTI-VIRUS JUST DOESN’T WORK 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. This is the #1 concern raised by customers inquiring with analyst firms Gartner and Forrester about endpoint security. … They simply are not effective in stopping modern threats.
  • 6. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. INEFFECTIVE AGAINST MODERN THREATS 45% § “Anti-Virus catches about 45 percent of attacks these days” - Brian Dye, former VP at Symantec (now at McAfee) Source: https://goo.gl/hNUCdm
  • 7. “COMPLEXITY IS THE ENEMY OF SECURITY” Bruce Schneier, 2001 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 8. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. TRYING TO GET AHEAD OF THE ATTACKER 80s to 90s Signatures 00s Heuristics 2007 Reputation 2009 App Control 2012 Sandboxing & Isolation 2013 Machine Learning Now Managed Hunting 2011 IOC Sharing 2014 Behavioral Analytics Enterprise Endpoint Security Timeline
  • 9. LEGACY VENDOR ARCHITECTURE Email Encryption HTTP/WEB GATEWAY Web Security SMTP/EMAIL GATEWAY Mail Security SHAREPOINT Sharepoint Security SERVERS App Control MAIL SERVERS Mail Scanner VDI VDI Plugin FIREWALL/ROUTER UTM GATEWAY ENDPOINT PROTECTION HOST SECURITY SERVICES • Web Security as a Service • Hosted Email Security • Reputation Cloud • Sandbox Service CENTRALIZED MANAGEMENT • Vulnerability Protection • Host Intrusion Prevention • AntiVirus • Endpoint Encryption • Application Control • Web Protection SANDBOX APPLIANCE “NEXT GEN” • Endpoint Activity Visibility Even with all of this, there were 3,141 breaches in 2015. Source: 2016 Verizon Data Breach Investigation Report
  • 10. CROWDSTRIKE FALCON ARCHITECTURE CLOUD DELIVERED ENDPOINT PROTECTION
  • 11. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. ANTI-MALWAWRE PREVENTION STACK CROWDSTRIKE FALCON § MACHINE LEARNING § IOA PREVENTION § EXPLOIT BLOCKING § CUSTOM HASH BLOCKING § CONTINUOUS MONITORING § KNOWN MALWARE § UNKNOWN MALWARE § BEYOND MALWARE § MACHINE LEARNING § THREAT INTELLIGENCE § MANAGED HUNTING § THREAT GRAPH PREVENT: ENDPOINT PROTECTION CLOUD PROTECTION
  • 12. Machine Learning • Increases effectiveness against new, polymorphic or obfuscated malware • Works without daily updates • Works offline • Data models can be smaller than signature files (if done properly) • Performance impact less than on-demand or on-access scanning techniques • Complements • Behavioral analytics, or IOAs • Exploit mitigation
  • 13. MORE THAN JUST AV REPLACEMENT 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 14. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. THE REMAINING CHALLENGES Complexity … Ever expanding infrastructure requirements and agent footprint Always Out of Date … By the time your update is deployed, it is time to start another Blind Spots … Silent failure leads to long dwell times and false sense of security
  • 15. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. COMPLEXITY Eliminate operational burden with CrowdStrike § No more daily signature updates § Smaller footprint 15MB on disk 10MB in memory § No reboots § No on premise hardware § SaaS scalability
  • 16. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. ALWAYS OUT OF DATE Outpace the attacker with CrowdStrike § No need to develop AV signatures § Machine learning and IOAs are more persistent protection mechanisms § CrowdStrike only requires 15MB on disk § 70MB-150MB typical for AV signatures § Some ML models balloon to 300MB § Single-sensor design eliminates dependency issues § SaaS delivery ensures real-time updates when necessary
  • 17. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. EXAMPLE 3 Month Old Machine Learning Model Immediately Blocks Shamoon 2 § ML model delivered to VirusTotal on Aug 25th § Blocked Shamoon 2 on its first appearance in VT on Nov 22nd § CrowdStrike was one of only five vendors to identify it correctly Source: https://goo.gl/nK0VmO
  • 18. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. BLIND SPOTS Eliminate dwell time with CrowdStrike § AV can only see what it stops § No prevention solution can be 100% effective, not even next-gen solutions § Average dwell time still near 200 days § Go beyond malware to detect and block modern attacker techniques § CrowdStrike’s EDR offers automatic detections, eliminating the need for manual search § CrowdStrike’s Overwatch delivers proactive threat hunting in your environment, 24x7x365
  • 19. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. NO MORE BLIND SPOTS 100% Exploit Detection in AV-Comparatives Test 90 63 100 57 86 90 63 70 28 82 0 20 40 60 80 100 Symantec* Cylance* CrowdStrike SentinelOne Palo Alto Blocked Detected Source: AV-Comparatives and AV-Comparatives § CrowdStrike is only product with 100% detection efficacy § All other solutions suffered from silent failure § In reality, this leads to long dwell times
  • 20. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. NO MORE BLIND SPOTS 100% Exploit Detection in AV-Comparatives Test 90 63 100 57 86 90 63 70 28 82 0 20 40 60 80 100 Symantec* Cylance* CrowdStrike SentinelOne Palo Alto Blocked Detected Source: AV-Comparatives and AV-Comparatives § CrowdStrike is only product with 100% detection efficacy § All other solutions suffered from silent failure § In reality, this leads to long dwell times
  • 21. 2015 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. Privilege Escalation from Command Line EXAMPLE
  • 22. 2015 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. Privilege Escalation from Command Line EXAMPLE
  • 23. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. Privilege Escalation from Command Line EXAMPLE • AV signatures, IOCs and Application Control are ineffective against this kind of threat • Even machine learning can’t stop this because it is a trusted executable • Would you know how to search for this? • Even if you knew how, do you have the bandwidth to search? • CrowdStrike IOAs operate in real time and automate the detection process so that you don’t have to search
  • 24. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. THINGS TO LOOK OUT FOR If you’re not 100% effective at prevention, then you need strong detection Even some next-gen players have bloated endpoint agents Unverified efficacy claims “Bake in” periods are like HIPS all over again Telemetry without intelligence is worthless Over-emphasis on malware and/or forgetting the rest of the kill chain
  • 25. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. CAN YOU TRUST US TO REPLACE YOUR AV? 98.2% Malware Block Rate 100% Exploit Detection 0 False Positives Vendor Member Committed to Standards Contribute Leadership First Pure ML Engine Open to Public Scrutiny Contribute to Community SourceSource Source Also certified for PCI, HIPAA, NIST, FFIEC and more…
  • 26. Largest global companies by revenue Largest global banks by revenue Top Credit card payment processors Top oil and gas companies 3 OF THE 102OF THE 45OF THE 103OF THE 10 CrowdStrike Falcon Deployed in 170 Countries BACKED BY ELITE INVESTORS:
  • 27. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. START NOW info@crowdstrike.com 1.888.512.8906 (US) +44(0)118.453.0400 (UK) (+61) 1300.792.402 (Australia & New Zealand) / APAC