Laying a Minefield for Attackers - blackberry.com€¦ · Safe Harbor The information in this...

16
Rob Collins Director of Sales Engineering - APAC Laying a Minefield for Attackers

Transcript of Laying a Minefield for Attackers - blackberry.com€¦ · Safe Harbor The information in this...

Page 1: Laying a Minefield for Attackers - blackberry.com€¦ · Safe Harbor The information in this presentation is confidential and proprietary to Cylance® and may not be disclosed without

Rob Collins

Director of Sales Engineering - APAC

Laying a Minefield for Attackers

Page 2: Laying a Minefield for Attackers - blackberry.com€¦ · Safe Harbor The information in this presentation is confidential and proprietary to Cylance® and may not be disclosed without

Agenda

• Attack lifecycle and MITRE ATT&CK Framework

• CylancePROTECT strategies

• CylanceOPTICS strategies

• Bringing it all together to lay the minefield – live demo

• Q&A

Notes:

• This will be recorded

• The slides will be made available

• The webinar is eligible for 1 CPE credit in the (ISC)2 Program

Page 3: Laying a Minefield for Attackers - blackberry.com€¦ · Safe Harbor The information in this presentation is confidential and proprietary to Cylance® and may not be disclosed without

SafeHarbor

The information in this presentation is confidential and proprietary to Cylance® and may not

be disclosed without the permission of Cylance. This presentation is not subject to your license agreement or

any other service or subscription agreement with Cylance. Cylance has no obligation to pursue any course of

business outlined in this document or any related presentation, or to develop or release any functionality

mentioned therein.

This document, or any related presentation and Cylance's strategy and possible future development, product,

and/or platform direction and functionality are all subject to change

and may be changed by Cylance at any time for any reason without notice. The information

on this document is not a commitment, promise, or legal obligation to deliver any material, code, or

functionality. This document is for informational purposes and may not be incorporated into a contract.

Cylance assumes no responsibility for errors or omissions in this document.

SafeHarbor

Page 4: Laying a Minefield for Attackers - blackberry.com€¦ · Safe Harbor The information in this presentation is confidential and proprietary to Cylance® and may not be disclosed without

“Perfect is the enemy of good”

-Voltaire

Page 5: Laying a Minefield for Attackers - blackberry.com€¦ · Safe Harbor The information in this presentation is confidential and proprietary to Cylance® and may not be disclosed without

Move laterally

Attack Lifecycle

• Spear phishing

email with custom

malware

• 3rd party app exploit

• Web vulnerabilities

exploit

• Custom malware

• C2

• Password cracking

• Pass-the-hash

• Application

exploitation

• Critical system

recon

• System, Active

Directory, and user

enumeration

• Staging servers

• Data consolidation

• Data theft

• Backdoor variants

• VPN subversion

• Sleeper malware

• Net use commands

• Reverse shell access

Initial compromise Establish foothold Escalate privileges Internal recon Complete mission

Maintain

persistence

Page 6: Laying a Minefield for Attackers - blackberry.com€¦ · Safe Harbor The information in this presentation is confidential and proprietary to Cylance® and may not be disclosed without
Page 7: Laying a Minefield for Attackers - blackberry.com€¦ · Safe Harbor The information in this presentation is confidential and proprietary to Cylance® and may not be disclosed without
Page 8: Laying a Minefield for Attackers - blackberry.com€¦ · Safe Harbor The information in this presentation is confidential and proprietary to Cylance® and may not be disclosed without

Attack 101

Code

Identity

Denial of Service

Malware

Exploits

Scripts

Admin tools

Page 9: Laying a Minefield for Attackers - blackberry.com€¦ · Safe Harbor The information in this presentation is confidential and proprietary to Cylance® and may not be disclosed without

CylancePROTECT

Malware: Auto Quarantine

Page 10: Laying a Minefield for Attackers - blackberry.com€¦ · Safe Harbor The information in this presentation is confidential and proprietary to Cylance® and may not be disclosed without

CylancePROTECT

Exploits:

Memory Protection

Page 11: Laying a Minefield for Attackers - blackberry.com€¦ · Safe Harbor The information in this presentation is confidential and proprietary to Cylance® and may not be disclosed without

CylancePROTECT

Scripts: Script Control

Block for

Desktops, Alert

for Servers

Block for

Servers, Alert

for Desktops

Page 12: Laying a Minefield for Attackers - blackberry.com€¦ · Safe Harbor The information in this presentation is confidential and proprietary to Cylance® and may not be disclosed without

CylanceOPTICS

Scripts: Script Intent

Page 13: Laying a Minefield for Attackers - blackberry.com€¦ · Safe Harbor The information in this presentation is confidential and proprietary to Cylance® and may not be disclosed without

CylanceOPTICS

Identity: Obtain

Credentials

Page 14: Laying a Minefield for Attackers - blackberry.com€¦ · Safe Harbor The information in this presentation is confidential and proprietary to Cylance® and may not be disclosed without

CylanceOPTICS

Admin Tools

Page 15: Laying a Minefield for Attackers - blackberry.com€¦ · Safe Harbor The information in this presentation is confidential and proprietary to Cylance® and may not be disclosed without

Demo

Page 16: Laying a Minefield for Attackers - blackberry.com€¦ · Safe Harbor The information in this presentation is confidential and proprietary to Cylance® and may not be disclosed without

Questions

Answers


Navigating the Social Media Minefield

Navigating the Social Media Minefield

Howard lake it's a digital minefield

Howard lake it's a digital minefield

Negotiating the Endodontic Minefield

Negotiating the Endodontic Minefield

cylance® channel program - CRNi.crn.com/custom/CYLANCE_Partner_Program_Brochure_Final.pdf · We also strive to be the easiest vendor for channel partners to do ... Through the Cylance®

cylance® channel program - CRNi.crn.com/custom/CYLANCE_Partner_Program_Brochure_Final.pdf · We also strive to be the easiest vendor for channel partners to do ... Through the Cylance®

Navigating the minefield arlis presentation

Navigating the minefield arlis presentation

CylancePROTECT Feature Focus - Cylance, Inc. Feature Focus Agent 1410 GA Featre oc eportin 2 +1-844-CYLANCE sales@ 18201 Von Karman Avenue, Suite 700, Irvine, CA 92612 ©2017 Cylance

CylancePROTECT Feature Focus - Cylance, Inc. Feature Focus Agent 1410 GA Featre oc eportin 2 +1-844-CYLANCE sales@ 18201 Von Karman Avenue, Suite 700, Irvine, CA 92612 ©2017 Cylance

CylanceOPTICS Smart Threat Hunting and InstaQuery (IQ) · +1-844-CYLANCE sales@cylance.com 18201 Von Karman Avenue, Suite 700, Irvine, CA 92612 ©2017 Cylance Inc. Cylance® and CylancePROTECT®

CylanceOPTICS Smart Threat Hunting and InstaQuery (IQ) · +1-844-CYLANCE [email protected] 18201 Von Karman Avenue, Suite 700, Irvine, CA 92612 ©2017 Cylance Inc. Cylance® and CylancePROTECT®

Ransomware Prevention Is Possible - Cylance Inc.€¦ · WannaCry, Goldeneye, and Satan — Cylance’ s award-winning artificial intelligence and machine learning based product,

Ransomware Prevention Is Possible - Cylance Inc.€¦ · WannaCry, Goldeneye, and Satan — Cylance’ s award-winning artificial intelligence and machine learning based product,

BRAND GUIDELINES - Cylance · PDF file6 CYLANCE BRAND GIDELINES Cylance communications are made up of the multiple elements. The logo is the focal point - an instantly recognizable

BRAND GUIDELINES - Cylance · PDF file6 CYLANCE BRAND GIDELINES Cylance communications are made up of the multiple elements. The logo is the focal point - an instantly recognizable

Are sgo's a minefield worth crossing 2.1

Are sgo's a minefield worth crossing 2.1

A GIS Model for Minefield Area Prediction€¦ · ii GIS MODEL FOR MINEFIELD AREA PREDICTION: The Minefield Likelihood Procedure by CPT Edward P. Chamberlayne (ABSTRACT) Existing

A GIS Model for Minefield Area Prediction€¦ · ii GIS MODEL FOR MINEFIELD AREA PREDICTION: The Minefield Likelihood Procedure by CPT Edward P. Chamberlayne (ABSTRACT) Existing

The minefield of_accreditation

The minefield of_accreditation

FW DL Negotiating the Minefield v5 - pssc.org.nz€¦ · Negotiating the Minefield Parenting teenagers programme Negotiating the Minefield is a free educational group programme that

FW DL Negotiating the Minefield v5 - pssc.org.nz€¦ · Negotiating the Minefield Parenting teenagers programme Negotiating the Minefield is a free educational group programme that

California’s Wage and Hour Minefield

California’s Wage and Hour Minefield

BlackBerry to Acquire Cylance

BlackBerry to Acquire Cylance

Ensuring NYDFS Compliance with EPP, EDR, and Cybersecurity … › is › content › cylance › prod › cylance... · 2019-12-30 · On March 1, 2017, the NYDFS Cybersecurity Requirements

Ensuring NYDFS Compliance with EPP, EDR, and Cybersecurity … › is › content › cylance › prod › cylance... · 2019-12-30 · On March 1, 2017, the NYDFS Cybersecurity Requirements

Assignee Liability - Through the Minefield

Assignee Liability - Through the Minefield

Lawley Seminar | Navigating the Retirement Minefield

Lawley Seminar | Navigating the Retirement Minefield

Talking Straight in a Corporate Minefield

Talking Straight in a Corporate Minefield

Legislative Minefield HBCU 2012

Legislative Minefield HBCU 2012