SlideShare une entreprise Scribd logo

Advanced Threat Protection - Sandboxing 101

Télécharger en tant que PPTX, PDF
Blue Coat
Blue Coat

Advanced Threat Protection Solution Lifecycle Defense

Technologie
1  sur  8
ADVANCED THREAT PROTECTION SANDBOXING 101 KEVIN FLYNN PRODUCT MARKETING OCTOBER, 2013 Blue Coat Confidential – Internal Use Only Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. 1
ADVANCED THREAT PROTECTION SOLUTION LIFECYCLE DEFENSE The Blue Coat ATP solution delivers the industry’s most comprehensive protection through the following: 1) Lifecycle Defense: Protection that maps to three threat stages: Realtime blocking for known threats and malware sources (malnets); Advanced threat analysis for unknown threats; and Dwell time reduction for latent threats 2) Adaptive Malware Analysis: Dynamic APT protection that analyzes unknown threats and shares information with other systems in the security infrastructure to increase protection efficiency for unknown and latent threats 3) Network Effect: APT information sharing between 75M users in 15,000 organizations through a feedback loop into the Blue Coat Global Intelligence Network Blue Coat Confidential – Internal Use Only STAGE 3 STAGE 1 Resolve & Remediate Threats Discovered on the Network Block & Enforce All Known Threats GLOBAL INTELLIGENCE NETWORK STAGE 2 Detect & Analyze Unknown Threats Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. 2
WHY SANDBOXING? DETECTING & ANALYZING UNKNOWN THREATS  Traditional network defenses are great at dealing with known-threats, terrible at dealing with unknown-threats  Unknown threats require dynamic analysis (aka detonation) in the form of a virtual machine and/or bare-metal or emulation sandbox  Tight integration is necessary between the sandbox and your web gateway Blue Coat Confidential – Internal Use Only Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. 3
BLUECOAT SANDBOX MALWARE ANALYSIS APPLIANCE CORE TECHNOLOGY Hybrid Analysis Unmatched intelligence  SandBox emulation  IntelliVM virtualization Behavioral Patterns Expose targeted attacks  Detection patterns  Open source patterns  Custom patterns Plug-in Architecture Extend detection and processing  Interact with running malware  Click-through dialogs and installers Blue Coat Confidential – Internal Use Only SandBox IntelliVM Software x86 emulator Full Windows XP or Win 7 licensed software Hardware emulation Hardware virtualization Generates numerous low-level events – page faults, exceptions, etc. Generates high-level events – file, registry, network, process, etc. Emulated network access and services Real network access and services Hook-based event introspection KernelScout filter driver captures lowlevel events Add your own patterns Add your own patterns Supports EXEs and DLLs Wide range of file support Portable executable memory dumps Extend processing with plugins Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. 4
BEHAVIORAL DETECTION PATTERNS INTELLIVM PROFILES AND PLUGINS  Generic and malware campaign specific patterns • Trojan, spyware, worm, ransomware  Extensive pattern library • • • • Core patterns (incl. WebPulse info) Create your own patterns All matching patterns will trigger Global and user-specific patterns  Risk scoring • Set by highest matched pattern • Scores update with new patterns • Script notification triggers for further action Patterns can detect targeted and single-use malware, and do not rely on signature-based detection methodologies Blue Coat Confidential – Internal Use Only Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. 5
MALWARE APPLIANCE KEY FEATURES Malware Appliance Enterprise Scalability – Approximately 50,000 analysis tasks per day per appliance – Automated bulk sample processing and risk scoring – Parallel processing on up to 40 virtual machines per appliance Hybrid Analysis – Superior threat dual-detection methodology using SandBox and VM IntelliVMs – Replicate actual production environments including custom applications Plugins – Interact with malware, click through installers, extend custom processing Best-in-class full-featured Web-UI, Analysis Desktop, searching and data mining Open Patterns – Detection criteria is never hidden; Users can add custom patterns Powerful RESTful API – Full programmatic access for integration and automation Pub-Sub API – Secure notifications of analysis task status and task completion Remote management, security, and health status monitoring eases deployment Blue Coat Confidential – Internal Use Only Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. 6
BLOCKING, DETECTION & ANALYSIS ProxySG + CAS + Malware Analysis Appliance (Sandbox) Proxy SG Content Analysis System Malware Analysis System Blue Coat Confidential – Internal Use Only Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. 7
WWW.BLUECOAT.COM Blue Coat Confidential – Internal Use Only Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. 8

Recommandé

CAS MAA Infographic
CAS MAA InfographicCAS MAA Infographic
CAS MAA InfographicBlue Coat
 
Advanced Threat Protection Lifecycle Infographic
Advanced Threat Protection Lifecycle InfographicAdvanced Threat Protection Lifecycle Infographic
Advanced Threat Protection Lifecycle InfographicBlue Coat
 
Revolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionRevolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionBlue Coat
 
Content Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat ProtectionContent Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat ProtectionBlue Coat
 
Advanced Threat Protection
Advanced Threat ProtectionAdvanced Threat Protection
Advanced Threat ProtectionLan & Wan Solutions
 
SonicWALL Advanced Features
SonicWALL Advanced FeaturesSonicWALL Advanced Features
SonicWALL Advanced FeaturesDavid Perkins
 
Preventing Today's Malware
Preventing Today's MalwarePreventing Today's Malware
Preventing Today's MalwareDavid Perkins
 
Make Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorMake Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorDavid Perkins
 

Recommandé

CAS MAA Infographic
CAS MAA InfographicCAS MAA Infographic
CAS MAA InfographicBlue Coat
 
Advanced Threat Protection Lifecycle Infographic
Advanced Threat Protection Lifecycle InfographicAdvanced Threat Protection Lifecycle Infographic
Advanced Threat Protection Lifecycle InfographicBlue Coat
 
Revolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionRevolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionBlue Coat
 
Content Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat ProtectionContent Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat ProtectionBlue Coat
 
Advanced Threat Protection
Advanced Threat ProtectionAdvanced Threat Protection
Advanced Threat ProtectionLan & Wan Solutions
 
SonicWALL Advanced Features
SonicWALL Advanced FeaturesSonicWALL Advanced Features
SonicWALL Advanced FeaturesDavid Perkins
 
Preventing Today's Malware
Preventing Today's MalwarePreventing Today's Malware
Preventing Today's MalwareDavid Perkins
 
Make Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorMake Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorDavid Perkins
 
Thinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and PreventionThinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and PreventionDavid Perkins
 
Cerdant Security State of the Union
Cerdant Security State of the UnionCerdant Security State of the Union
Cerdant Security State of the UnionDavid Perkins
 
Advanced Threat Defense Intel Security
Advanced Threat Defense Intel SecurityAdvanced Threat Defense Intel Security
Advanced Threat Defense Intel Securityxband
 
Advanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníAdvanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníMarketingArrowECS_CZ
 
Cyber Kill Chain vs. Cyber Criminals
Cyber Kill Chain vs. Cyber CriminalsCyber Kill Chain vs. Cyber Criminals
Cyber Kill Chain vs. Cyber CriminalsDavid Sweigert
 
Taking the battle to Ransomware with Sophos Intercept X
Taking the battle to Ransomware with Sophos Intercept XTaking the battle to Ransomware with Sophos Intercept X
Taking the battle to Ransomware with Sophos Intercept XSophos Benelux
 
Security Implications of the Cloud - CSS Dallas Azure
Security Implications of the Cloud - CSS Dallas AzureSecurity Implications of the Cloud - CSS Dallas Azure
Security Implications of the Cloud - CSS Dallas AzureAlert Logic
 
Humla workshop on Android Security Testing - null Singapore
Humla workshop on Android Security Testing - null SingaporeHumla workshop on Android Security Testing - null Singapore
Humla workshop on Android Security Testing - null Singaporen|u - The Open Security Community
 
Two for Attack: Web and Email Content Protection
Two for Attack: Web and Email Content ProtectionTwo for Attack: Web and Email Content Protection
Two for Attack: Web and Email Content ProtectionCisco Canada
 
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension Inc.
 
Managing third party libraries
Managing third party librariesManaging third party libraries
Managing third party librariesn|u - The Open Security Community
 
This is Next-Gen IT Security - Introducing Intercept X
This is Next-Gen IT Security - Introducing Intercept XThis is Next-Gen IT Security - Introducing Intercept X
This is Next-Gen IT Security - Introducing Intercept XSophos Benelux
 
Cisco amp for endpoints
Cisco amp for endpointsCisco amp for endpoints
Cisco amp for endpointsCisco Canada
 
ATP
ATPATP
ATPLan & Wan Solutions
 
Cisco amp everywhere
Cisco amp everywhereCisco amp everywhere
Cisco amp everywhereCisco Canada
 
Talos threat-intelligence
Talos threat-intelligenceTalos threat-intelligence
Talos threat-intelligencexband
 
Intercept X - Sophos Endpoint
Intercept X - Sophos EndpointIntercept X - Sophos Endpoint
Intercept X - Sophos EndpointDeServ - Tecnologia e Servços
 
Cisco amp for networks
Cisco amp for networksCisco amp for networks
Cisco amp for networksCisco Canada
 
Security Implications of the Cloud - CSS ATX 2017
Security Implications of the Cloud - CSS ATX 2017Security Implications of the Cloud - CSS ATX 2017
Security Implications of the Cloud - CSS ATX 2017Alert Logic
 
Cisco NGFW AMP
Cisco NGFW AMPCisco NGFW AMP
Cisco NGFW AMPCisco Canada
 
Wccp introduction final2
Wccp introduction final2Wccp introduction final2
Wccp introduction final2bui thequan
 
Cloud Sandboxing Solution for Cyber Ranges
Cloud Sandboxing Solution for Cyber RangesCloud Sandboxing Solution for Cyber Ranges
Cloud Sandboxing Solution for Cyber RangesQualiQuali
 

Contenu connexe

Tendances

Thinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and PreventionThinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and PreventionDavid Perkins
 
Cerdant Security State of the Union
Cerdant Security State of the UnionCerdant Security State of the Union
Cerdant Security State of the UnionDavid Perkins
 
Advanced Threat Defense Intel Security
Advanced Threat Defense Intel SecurityAdvanced Threat Defense Intel Security
Advanced Threat Defense Intel Securityxband
 
Advanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníAdvanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníMarketingArrowECS_CZ
 
Cyber Kill Chain vs. Cyber Criminals
Cyber Kill Chain vs. Cyber CriminalsCyber Kill Chain vs. Cyber Criminals
Cyber Kill Chain vs. Cyber CriminalsDavid Sweigert
 
Taking the battle to Ransomware with Sophos Intercept X
Taking the battle to Ransomware with Sophos Intercept XTaking the battle to Ransomware with Sophos Intercept X
Taking the battle to Ransomware with Sophos Intercept XSophos Benelux
 
Security Implications of the Cloud - CSS Dallas Azure
Security Implications of the Cloud - CSS Dallas AzureSecurity Implications of the Cloud - CSS Dallas Azure
Security Implications of the Cloud - CSS Dallas AzureAlert Logic
 
Two for Attack: Web and Email Content Protection
Two for Attack: Web and Email Content ProtectionTwo for Attack: Web and Email Content Protection
Two for Attack: Web and Email Content ProtectionCisco Canada
 
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension Inc.
 
This is Next-Gen IT Security - Introducing Intercept X
This is Next-Gen IT Security - Introducing Intercept XThis is Next-Gen IT Security - Introducing Intercept X
This is Next-Gen IT Security - Introducing Intercept XSophos Benelux
 
Cisco amp for endpoints
Cisco amp for endpointsCisco amp for endpoints
Cisco amp for endpointsCisco Canada
 
Cisco amp everywhere
Cisco amp everywhereCisco amp everywhere
Cisco amp everywhereCisco Canada
 
Talos threat-intelligence
Talos threat-intelligenceTalos threat-intelligence
Talos threat-intelligencexband
 
Cisco amp for networks
Cisco amp for networksCisco amp for networks
Cisco amp for networksCisco Canada
 
Security Implications of the Cloud - CSS ATX 2017
Security Implications of the Cloud - CSS ATX 2017Security Implications of the Cloud - CSS ATX 2017
Security Implications of the Cloud - CSS ATX 2017Alert Logic
 

Tendances (20)

Thinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and PreventionThinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and Prevention
 
Cerdant Security State of the Union
Cerdant Security State of the UnionCerdant Security State of the Union
Cerdant Security State of the Union
 
Advanced Threat Defense Intel Security
Advanced Threat Defense Intel SecurityAdvanced Threat Defense Intel Security
Advanced Threat Defense Intel Security
 
Advanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníAdvanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešení
 
Cyber Kill Chain vs. Cyber Criminals
Cyber Kill Chain vs. Cyber CriminalsCyber Kill Chain vs. Cyber Criminals
Cyber Kill Chain vs. Cyber Criminals
 
Taking the battle to Ransomware with Sophos Intercept X
Taking the battle to Ransomware with Sophos Intercept XTaking the battle to Ransomware with Sophos Intercept X
Taking the battle to Ransomware with Sophos Intercept X
 
Security Implications of the Cloud - CSS Dallas Azure
Security Implications of the Cloud - CSS Dallas AzureSecurity Implications of the Cloud - CSS Dallas Azure
Security Implications of the Cloud - CSS Dallas Azure
 
Humla workshop on Android Security Testing - null Singapore
Humla workshop on Android Security Testing - null SingaporeHumla workshop on Android Security Testing - null Singapore
Humla workshop on Android Security Testing - null Singapore
 
Two for Attack: Web and Email Content Protection
Two for Attack: Web and Email Content ProtectionTwo for Attack: Web and Email Content Protection
Two for Attack: Web and Email Content Protection
 
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA Compliance
 
Managing third party libraries
Managing third party librariesManaging third party libraries
Managing third party libraries
 
This is Next-Gen IT Security - Introducing Intercept X
This is Next-Gen IT Security - Introducing Intercept XThis is Next-Gen IT Security - Introducing Intercept X
This is Next-Gen IT Security - Introducing Intercept X
 
Cisco amp for endpoints
Cisco amp for endpointsCisco amp for endpoints
Cisco amp for endpoints
 
ATP
ATPATP
ATP
 
Cisco amp everywhere
Cisco amp everywhereCisco amp everywhere
Cisco amp everywhere
 
Talos threat-intelligence
Talos threat-intelligenceTalos threat-intelligence
Talos threat-intelligence
 
Intercept X - Sophos Endpoint
Intercept X - Sophos EndpointIntercept X - Sophos Endpoint
Intercept X - Sophos Endpoint
 
Cisco amp for networks
Cisco amp for networksCisco amp for networks
Cisco amp for networks
 
Security Implications of the Cloud - CSS ATX 2017
Security Implications of the Cloud - CSS ATX 2017Security Implications of the Cloud - CSS ATX 2017
Security Implications of the Cloud - CSS ATX 2017
 
Cisco NGFW AMP
Cisco NGFW AMPCisco NGFW AMP
Cisco NGFW AMP
 

En vedette

Wccp introduction final2
Wccp introduction final2Wccp introduction final2
Wccp introduction final2bui thequan
 
Cloud Sandboxing Solution for Cyber Ranges
Cloud Sandboxing Solution for Cyber RangesCloud Sandboxing Solution for Cyber Ranges
Cloud Sandboxing Solution for Cyber RangesQualiQuali
 
Zabezpečení mobilních zařízení ve firemním prostředí
Zabezpečení mobilních zařízení ve firemním prostředíZabezpečení mobilních zařízení ve firemním prostředí
Zabezpečení mobilních zařízení ve firemním prostředíMarketingArrowECS_CZ
 
Enhancing Authentication to Secure the Open Enterprise
Enhancing Authentication to Secure the Open EnterpriseEnhancing Authentication to Secure the Open Enterprise
Enhancing Authentication to Secure the Open EnterpriseSymantec
 
Mimecast Case Study - Targeted Threat Protection - Berrymans Lace Mawer
Mimecast Case Study - Targeted Threat Protection - Berrymans Lace MawerMimecast Case Study - Targeted Threat Protection - Berrymans Lace Mawer
Mimecast Case Study - Targeted Threat Protection - Berrymans Lace MawerEliza Hedegaard
 
DLP Executive Overview
DLP Executive OverviewDLP Executive Overview
DLP Executive OverviewKim Jensen
 
Hack In Paris 2011 - Practical Sandboxing
Hack In Paris 2011 - Practical SandboxingHack In Paris 2011 - Practical Sandboxing
Hack In Paris 2011 - Practical SandboxingTom Keetch
 
Secure and Simple Sandboxing in SELinux
Secure and Simple Sandboxing in SELinuxSecure and Simple Sandboxing in SELinux
Secure and Simple Sandboxing in SELinuxJames Morris
 
2010-11 The Anatomy of a Web Attack
2010-11 The Anatomy of a Web Attack 2010-11 The Anatomy of a Web Attack
2010-11 The Anatomy of a Web Attack Raleigh ISSA
 
Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)itforum-roundtable
 
Infoblox Cloud Solutions - Cisco Mid-Atlantic User Group
Infoblox Cloud Solutions - Cisco Mid-Atlantic User GroupInfoblox Cloud Solutions - Cisco Mid-Atlantic User Group
Infoblox Cloud Solutions - Cisco Mid-Atlantic User GroupNetCraftsmen
 
Stopping zero day threats
Stopping zero day threatsStopping zero day threats
Stopping zero day threatsZscaler
 
Bluecoat Services
Bluecoat ServicesBluecoat Services
Bluecoat ServicesChessBall
 
Top 5 Reasons To Consider SolarWinds IPAM Over Infoblox
Top 5 Reasons To Consider SolarWinds IPAM Over InfobloxTop 5 Reasons To Consider SolarWinds IPAM Over Infoblox
Top 5 Reasons To Consider SolarWinds IPAM Over InfobloxSolarWinds
 
Redefining Endpoint Security
Redefining Endpoint SecurityRedefining Endpoint Security
Redefining Endpoint SecurityBurak DAYIOGLU
 

En vedette (16)

Wccp introduction final2
Wccp introduction final2Wccp introduction final2
Wccp introduction final2
 
Cloud Sandboxing Solution for Cyber Ranges
Cloud Sandboxing Solution for Cyber RangesCloud Sandboxing Solution for Cyber Ranges
Cloud Sandboxing Solution for Cyber Ranges
 
Zabezpečení mobilních zařízení ve firemním prostředí
Zabezpečení mobilních zařízení ve firemním prostředíZabezpečení mobilních zařízení ve firemním prostředí
Zabezpečení mobilních zařízení ve firemním prostředí
 
Enhancing Authentication to Secure the Open Enterprise
Enhancing Authentication to Secure the Open EnterpriseEnhancing Authentication to Secure the Open Enterprise
Enhancing Authentication to Secure the Open Enterprise
 
Mimecast Case Study - Targeted Threat Protection - Berrymans Lace Mawer
Mimecast Case Study - Targeted Threat Protection - Berrymans Lace MawerMimecast Case Study - Targeted Threat Protection - Berrymans Lace Mawer
Mimecast Case Study - Targeted Threat Protection - Berrymans Lace Mawer
 
DLP Executive Overview
DLP Executive OverviewDLP Executive Overview
DLP Executive Overview
 
Sandboxing in .NET CLR
Sandboxing in .NET CLRSandboxing in .NET CLR
Sandboxing in .NET CLR
 
Hack In Paris 2011 - Practical Sandboxing
Hack In Paris 2011 - Practical SandboxingHack In Paris 2011 - Practical Sandboxing
Hack In Paris 2011 - Practical Sandboxing
 
Secure and Simple Sandboxing in SELinux
Secure and Simple Sandboxing in SELinuxSecure and Simple Sandboxing in SELinux
Secure and Simple Sandboxing in SELinux
 
2010-11 The Anatomy of a Web Attack
2010-11 The Anatomy of a Web Attack 2010-11 The Anatomy of a Web Attack
2010-11 The Anatomy of a Web Attack
 
Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)
 
Infoblox Cloud Solutions - Cisco Mid-Atlantic User Group
Infoblox Cloud Solutions - Cisco Mid-Atlantic User GroupInfoblox Cloud Solutions - Cisco Mid-Atlantic User Group
Infoblox Cloud Solutions - Cisco Mid-Atlantic User Group
 
Stopping zero day threats
Stopping zero day threatsStopping zero day threats
Stopping zero day threats
 
Bluecoat Services
Bluecoat ServicesBluecoat Services
Bluecoat Services
 
Top 5 Reasons To Consider SolarWinds IPAM Over Infoblox
Top 5 Reasons To Consider SolarWinds IPAM Over InfobloxTop 5 Reasons To Consider SolarWinds IPAM Over Infoblox
Top 5 Reasons To Consider SolarWinds IPAM Over Infoblox
 
Redefining Endpoint Security
Redefining Endpoint SecurityRedefining Endpoint Security
Redefining Endpoint Security
 

Similaire à Advanced Threat Protection - Sandboxing 101

Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Scalar Decisions
 
Custom defense - Blake final
Custom defense - Blake finalCustom defense - Blake final
Custom defense - Blake finalMinh Le
 
Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.Ricardo Resnik
 
Advanced Endpoint Protection
Advanced Endpoint ProtectionAdvanced Endpoint Protection
Advanced Endpoint ProtectionMustafa YÜKSEL
 
Security O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionSecurity O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionBitglass
 
Trend Micro Keynote: Nightingale Floors: Mitigating Cyber Attacks in 2015
Trend Micro Keynote: Nightingale Floors: Mitigating Cyber Attacks in 2015Trend Micro Keynote: Nightingale Floors: Mitigating Cyber Attacks in 2015
Trend Micro Keynote: Nightingale Floors: Mitigating Cyber Attacks in 2015Ingram Micro Cloud
 
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsMeltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsAlienVault
 
Unveiling the Shadows: A Comprehensive Guide to Malware Analysis for Ensuring...
Unveiling the Shadows: A Comprehensive Guide to Malware Analysis for Ensuring...Unveiling the Shadows: A Comprehensive Guide to Malware Analysis for Ensuring...
Unveiling the Shadows: A Comprehensive Guide to Malware Analysis for Ensuring...cyberprosocial
 
Endpoint Security Pres.pptx
Endpoint Security Pres.pptxEndpoint Security Pres.pptx
Endpoint Security Pres.pptxNBBNOC
 
Cyber Incident Response Proposed Strategies
Cyber Incident Response Proposed StrategiesCyber Incident Response Proposed Strategies
Cyber Incident Response Proposed StrategiesDam Frank
 
WithSecure Deepguard WhitePaper
WithSecure Deepguard WhitePaperWithSecure Deepguard WhitePaper
WithSecure Deepguard WhitePaperlincktello
 
Key Strategies to Address Rising Application Risk in Your Enterprise
Key Strategies to Address Rising Application Risk in Your EnterpriseKey Strategies to Address Rising Application Risk in Your Enterprise
Key Strategies to Address Rising Application Risk in Your EnterpriseLumension
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protectionxband
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineLastline, Inc.
 
Marlabs cyber threat management
Marlabs cyber threat managementMarlabs cyber threat management
Marlabs cyber threat managementRajendra Menon
 
How to Detect a Cryptolocker Infection with AlienVault USM
How to Detect a Cryptolocker Infection with AlienVault USMHow to Detect a Cryptolocker Infection with AlienVault USM
How to Detect a Cryptolocker Infection with AlienVault USMAlienVault
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network SecurityHarish Chaudhary
 
Types-of-Cyber-Attacks-E-book.pdf
Types-of-Cyber-Attacks-E-book.pdfTypes-of-Cyber-Attacks-E-book.pdf
Types-of-Cyber-Attacks-E-book.pdfANUSREEASHOK5
 
Tech Throwdown: Secure Containerization vs Whitelisting
Tech Throwdown: Secure Containerization vs WhitelistingTech Throwdown: Secure Containerization vs Whitelisting
Tech Throwdown: Secure Containerization vs WhitelistingInvincea, Inc.
 

Similaire à Advanced Threat Protection - Sandboxing 101 (20)

Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
 
Custom defense - Blake final
Custom defense - Blake finalCustom defense - Blake final
Custom defense - Blake final
 
Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.
 
Advanced Endpoint Protection
Advanced Endpoint ProtectionAdvanced Endpoint Protection
Advanced Endpoint Protection
 
Symantec Endpoint Suite
Symantec Endpoint SuiteSymantec Endpoint Suite
Symantec Endpoint Suite
 
Security O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionSecurity O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat Protection
 
Trend Micro Keynote: Nightingale Floors: Mitigating Cyber Attacks in 2015
Trend Micro Keynote: Nightingale Floors: Mitigating Cyber Attacks in 2015Trend Micro Keynote: Nightingale Floors: Mitigating Cyber Attacks in 2015
Trend Micro Keynote: Nightingale Floors: Mitigating Cyber Attacks in 2015
 
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsMeltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
 
Unveiling the Shadows: A Comprehensive Guide to Malware Analysis for Ensuring...
Unveiling the Shadows: A Comprehensive Guide to Malware Analysis for Ensuring...Unveiling the Shadows: A Comprehensive Guide to Malware Analysis for Ensuring...
Unveiling the Shadows: A Comprehensive Guide to Malware Analysis for Ensuring...
 
Endpoint Security Pres.pptx
Endpoint Security Pres.pptxEndpoint Security Pres.pptx
Endpoint Security Pres.pptx
 
Cyber Incident Response Proposed Strategies
Cyber Incident Response Proposed StrategiesCyber Incident Response Proposed Strategies
Cyber Incident Response Proposed Strategies
 
WithSecure Deepguard WhitePaper
WithSecure Deepguard WhitePaperWithSecure Deepguard WhitePaper
WithSecure Deepguard WhitePaper
 
Key Strategies to Address Rising Application Risk in Your Enterprise
Key Strategies to Address Rising Application Risk in Your EnterpriseKey Strategies to Address Rising Application Risk in Your Enterprise
Key Strategies to Address Rising Application Risk in Your Enterprise
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protection
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
 
Marlabs cyber threat management
Marlabs cyber threat managementMarlabs cyber threat management
Marlabs cyber threat management
 
How to Detect a Cryptolocker Infection with AlienVault USM
How to Detect a Cryptolocker Infection with AlienVault USMHow to Detect a Cryptolocker Infection with AlienVault USM
How to Detect a Cryptolocker Infection with AlienVault USM
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
 
Types-of-Cyber-Attacks-E-book.pdf
Types-of-Cyber-Attacks-E-book.pdfTypes-of-Cyber-Attacks-E-book.pdf
Types-of-Cyber-Attacks-E-book.pdf
 
Tech Throwdown: Secure Containerization vs Whitelisting
Tech Throwdown: Secure Containerization vs WhitelistingTech Throwdown: Secure Containerization vs Whitelisting
Tech Throwdown: Secure Containerization vs Whitelisting
 

Plus de Blue Coat

Education is the Key to Fighting Cyber Crime
Education is the Key to Fighting Cyber CrimeEducation is the Key to Fighting Cyber Crime
Education is the Key to Fighting Cyber CrimeBlue Coat
 
What is Heartbleed?
What is Heartbleed?What is Heartbleed?
What is Heartbleed?Blue Coat
 
Infographic: Stop Attacks Hiding Under the Cover of SSL Encryption
Infographic: Stop Attacks Hiding Under the Cover of SSL EncryptionInfographic: Stop Attacks Hiding Under the Cover of SSL Encryption
Infographic: Stop Attacks Hiding Under the Cover of SSL EncryptionBlue Coat
 
Empowering the Campus Network
Empowering the Campus NetworkEmpowering the Campus Network
Empowering the Campus NetworkBlue Coat
 
Why Your Mobile Device Isn’t As Secure As You Think
Why Your Mobile Device Isn’t As Secure As You ThinkWhy Your Mobile Device Isn’t As Secure As You Think
Why Your Mobile Device Isn’t As Secure As You ThinkBlue Coat
 
How Safe Is YOUR Social Network?
How Safe Is YOUR Social Network?How Safe Is YOUR Social Network?
How Safe Is YOUR Social Network?Blue Coat
 
Big Data Security Intelligence and Analytics for Advanced Threat Protection
Big Data Security Intelligence and Analytics for Advanced Threat ProtectionBig Data Security Intelligence and Analytics for Advanced Threat Protection
Big Data Security Intelligence and Analytics for Advanced Threat ProtectionBlue Coat
 
Are You a Hacker's Target?
Are You a Hacker's Target?Are You a Hacker's Target?
Are You a Hacker's Target?Blue Coat
 
How To Catch A Hidden Spammer
How To Catch A Hidden SpammerHow To Catch A Hidden Spammer
How To Catch A Hidden SpammerBlue Coat
 

Plus de Blue Coat (9)

Education is the Key to Fighting Cyber Crime
Education is the Key to Fighting Cyber CrimeEducation is the Key to Fighting Cyber Crime
Education is the Key to Fighting Cyber Crime
 
What is Heartbleed?
What is Heartbleed?What is Heartbleed?
What is Heartbleed?
 
Infographic: Stop Attacks Hiding Under the Cover of SSL Encryption
Infographic: Stop Attacks Hiding Under the Cover of SSL EncryptionInfographic: Stop Attacks Hiding Under the Cover of SSL Encryption
Infographic: Stop Attacks Hiding Under the Cover of SSL Encryption
 
Empowering the Campus Network
Empowering the Campus NetworkEmpowering the Campus Network
Empowering the Campus Network
 
Why Your Mobile Device Isn’t As Secure As You Think
Why Your Mobile Device Isn’t As Secure As You ThinkWhy Your Mobile Device Isn’t As Secure As You Think
Why Your Mobile Device Isn’t As Secure As You Think
 
How Safe Is YOUR Social Network?
How Safe Is YOUR Social Network?How Safe Is YOUR Social Network?
How Safe Is YOUR Social Network?
 
Big Data Security Intelligence and Analytics for Advanced Threat Protection
Big Data Security Intelligence and Analytics for Advanced Threat ProtectionBig Data Security Intelligence and Analytics for Advanced Threat Protection
Big Data Security Intelligence and Analytics for Advanced Threat Protection
 
Are You a Hacker's Target?
Are You a Hacker's Target?Are You a Hacker's Target?
Are You a Hacker's Target?
 
How To Catch A Hidden Spammer
How To Catch A Hidden SpammerHow To Catch A Hidden Spammer
How To Catch A Hidden Spammer
 

Dernier

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 

Dernier (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 

Advanced Threat Protection - Sandboxing 101

  • 1. ADVANCED THREAT PROTECTION SANDBOXING 101 KEVIN FLYNN PRODUCT MARKETING OCTOBER, 2013 Blue Coat Confidential – Internal Use Only Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. 1
  • 2. ADVANCED THREAT PROTECTION SOLUTION LIFECYCLE DEFENSE The Blue Coat ATP solution delivers the industry’s most comprehensive protection through the following: 1) Lifecycle Defense: Protection that maps to three threat stages: Realtime blocking for known threats and malware sources (malnets); Advanced threat analysis for unknown threats; and Dwell time reduction for latent threats 2) Adaptive Malware Analysis: Dynamic APT protection that analyzes unknown threats and shares information with other systems in the security infrastructure to increase protection efficiency for unknown and latent threats 3) Network Effect: APT information sharing between 75M users in 15,000 organizations through a feedback loop into the Blue Coat Global Intelligence Network Blue Coat Confidential – Internal Use Only STAGE 3 STAGE 1 Resolve & Remediate Threats Discovered on the Network Block & Enforce All Known Threats GLOBAL INTELLIGENCE NETWORK STAGE 2 Detect & Analyze Unknown Threats Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. 2
  • 3. WHY SANDBOXING? DETECTING & ANALYZING UNKNOWN THREATS  Traditional network defenses are great at dealing with known-threats, terrible at dealing with unknown-threats  Unknown threats require dynamic analysis (aka detonation) in the form of a virtual machine and/or bare-metal or emulation sandbox  Tight integration is necessary between the sandbox and your web gateway Blue Coat Confidential – Internal Use Only Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. 3
  • 4. BLUECOAT SANDBOX MALWARE ANALYSIS APPLIANCE CORE TECHNOLOGY Hybrid Analysis Unmatched intelligence  SandBox emulation  IntelliVM virtualization Behavioral Patterns Expose targeted attacks  Detection patterns  Open source patterns  Custom patterns Plug-in Architecture Extend detection and processing  Interact with running malware  Click-through dialogs and installers Blue Coat Confidential – Internal Use Only SandBox IntelliVM Software x86 emulator Full Windows XP or Win 7 licensed software Hardware emulation Hardware virtualization Generates numerous low-level events – page faults, exceptions, etc. Generates high-level events – file, registry, network, process, etc. Emulated network access and services Real network access and services Hook-based event introspection KernelScout filter driver captures lowlevel events Add your own patterns Add your own patterns Supports EXEs and DLLs Wide range of file support Portable executable memory dumps Extend processing with plugins Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. 4
  • 5. BEHAVIORAL DETECTION PATTERNS INTELLIVM PROFILES AND PLUGINS  Generic and malware campaign specific patterns • Trojan, spyware, worm, ransomware  Extensive pattern library • • • • Core patterns (incl. WebPulse info) Create your own patterns All matching patterns will trigger Global and user-specific patterns  Risk scoring • Set by highest matched pattern • Scores update with new patterns • Script notification triggers for further action Patterns can detect targeted and single-use malware, and do not rely on signature-based detection methodologies Blue Coat Confidential – Internal Use Only Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. 5
  • 6. MALWARE APPLIANCE KEY FEATURES Malware Appliance Enterprise Scalability – Approximately 50,000 analysis tasks per day per appliance – Automated bulk sample processing and risk scoring – Parallel processing on up to 40 virtual machines per appliance Hybrid Analysis – Superior threat dual-detection methodology using SandBox and VM IntelliVMs – Replicate actual production environments including custom applications Plugins – Interact with malware, click through installers, extend custom processing Best-in-class full-featured Web-UI, Analysis Desktop, searching and data mining Open Patterns – Detection criteria is never hidden; Users can add custom patterns Powerful RESTful API – Full programmatic access for integration and automation Pub-Sub API – Secure notifications of analysis task status and task completion Remote management, security, and health status monitoring eases deployment Blue Coat Confidential – Internal Use Only Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. 6
  • 7. BLOCKING, DETECTION & ANALYSIS ProxySG + CAS + Malware Analysis Appliance (Sandbox) Proxy SG Content Analysis System Malware Analysis System Blue Coat Confidential – Internal Use Only Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. 7
  • 8. WWW.BLUECOAT.COM Blue Coat Confidential – Internal Use Only Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. 8