As malware and malware variants proliferate across the globe, it is increasingly difficult to defend against these advanced threats. Business-critical transactions, access requests and information must be protected in a manner that does not rely on traditional, out-of-date security solutions. Secure mobile devices enable organizations to move business-critical processes out-of-band and off infected computing platforms, namely traditional desktops and laptops. With powerful native functions, mobile provides an excellent solution to thwart advanced threats — all while improving user experience and security, and offering organizations a flexible platform for security.Read more >
Automation is key when it comes to production. The same is true for malware. Malware production has moved on from the traditional manual method to a more efficient automated assembly line. In this talk, I will take the audience on an over-the-shoulder look at how attackers automate malware production. Discussion will focus on the tools and methodologies the attackers use to produce thousands of malware on a daily basis. The talk will then conclude with a live demonstration of how malware is produced in an automated fashion.Read more >
Antimalware Updates from the Experts: From your perspective, what are the biggest differentiators between individual antimalware products?Read more >
Malware analysts spend a lot of time analyzing code and looking for indicators of compromise from advanced persistent threats and even for the most seasoned analysts the volume of analysis can be prohibitive. In today's environment malware analysts need to leverage automated tools to power through large volumes of sample code and quickly receive valuable threat summaries.
Letting the computers do the work allows the analyst to quickly identify files of greatest concern, and focus on remediating especially pernicious attacks. Malicious behavior can now be viewed right down to the kernel level, giving a complete picture of how your network was targeted by a specific cyber threat.
Join Thomas Quinlan as he explores integrating automated threat assessment processes and defining indicators that identify specific threats to your system.
Today’s advanced persistent threats evade traditional security controls with techniques such as SSL encryption and require an integrated, simple and automated approach that can detect and defend at every stage of an attack.
During this EMEA Breach Prevention Week, Ronald den Braven, EMEA Consulting Engineer Malware/APT will cover how your organization can simplify it’s response to the most dangerous threats, automatically detecting unknown malware and quickly preventing threats before an enterprise is compromised.
- RSA 2016 -
BrightTALK caught up with Menlo Security CTO Kowsik Guruswamy to get his thoughts on eliminating malware, the websites with the highest risk and vulnerability, plus how to protect the connected home.
BitTorrent is a very well-known protocol for large files distribution over the internet and it’s used by every industry from Linux distributions to copyrighted software and also for more questionable uses. Loved and hated by many, it is today unquestionably part of the internet landscape.
With over 300 million users swapping files via BitTorrent every month, according to startup Tru Optik, with little or no supervision or control, it has also became an important target for malware distribution, explored by criminals worldwide, making both users as well as organizations victims.
In this session we will present a research done by AnubisNetworks Labs team that shows how Bittorrent is an infection vector used by malware creators to compromise machines at a global scale, with minimum effort.
We will provide a historic view concerning the P2P Networks evolution from the early players such as E-Mule, Napster, Kazaa; highligh the Bittorrent protocol and how it works. The methodology used in this research unveiled which applications and operating systems are more vulnerable but more importantly which botnets are more common shipped with torrents and what type of risk they pose to users and organizations.
· Why P2P file sharing is a security risk to both users and organizations
· How malware is disseminated using different type of applications
· Most common types of malware shipped with torrents
The biggest security vulnerability within any organization is their employees, and they are more often targeted through email than any other threat vector. VIPRE Email Security for Exchange makes life easy for IT admins while delivering comprehensive email security. Protect your enterprise with a solution that can manage all your messaging security needs with unparalleled flexibility and reliability, and at the same time consolidate anti-spam, anti-phishing, antivirus, attachment filtering, malware protection and disclaimers all in one solution.
Attend the webinar to learn about this easy to manage, all-in-one integrated and 100% policy based email security product.
While many are familiar with the more mainstream security conferences, such as RSA, BlackHat and Virus Bulletin, AVAR is an international conference put on by the Association of Anti-Virus Asia Researchers, meeting for the 18th year, which focuses on the specific topic of malware research and analysis.
This presentation will review the content delivered at this conference and highlight the challenges and successes researchers have faced over the past year when analyzing malware to secure our online future.
How do you protect against unseen security risks like zero-day and advanced persistent threats? Use existing anti-virus protection or an anti-malware solution that needs specialist security analysts to operate it? Either way, you’d be putting your business at risk, slowing down time-to-remediation and experiencing excessive TCO. Join us for this webinar to learn about a powerful solution capable of helping you win in the battle against ever sophisticated and targeted threats.Read more >
2015 has been a huge year for malware. Learn about highlights and revelations from Black Hat 2015, specifically how the windows software update services can be hacked, the future of biometrics, and the progress of scams and other victim-initiated payments like ransomware.
We will also discuss the spikes we've seen from phishing attacks this year and what it means for an end user.
What do you do when adversaries don’t use any malware or exploits? We will show how to deal with malware-free intrusions; how to detect, prevent, attribute and respond. This session will feature techniques we’ve observed in the field, from the stealthiest adversaries who leave no malware footprints behind. We will demonstrate a live attack and show how CrowdStrike’s next-generation endpoint protection solution, Falcon Host, can detect the activity in real-time and provide relevant countermeasures for protection and response.
In this session, you will learn how to:
•Determine whether advanced adversaries have gained a foothold in your organization without using malware
•Identify and observe adversary’s lateral movement to understand what they want and who they are targeting in your organization
•Gain the ability to record and reconstruct an incident completely to understand what systems and data the adversary has touched
There are now more than 1 billion websites in existence, with more than 100,000 additional ones created every day. The Web is the primary attack vector for the vast majority of malware.
Join Kowsik Guruswamy, CTO of Menlo Security, as he presents the findings of a recent study on the security vulnerabilities of the world's most popular websites.
This webinar will cover:
- A review of the findings of a recent Menlo Security Vulnerability report into the top 1m website and their security vulnerabilities.
- An analysis of the current state of web security, it's evolution and why it is not effective in blocking modern malware attacks.
- An introduction to the concept of "Isolation Security'.
- A demonstration of the innovation Menlo Security Isolation Platform, illustrating how to eliminate web-borne malware.
This webinar will describe how isolation technology can be used to definitively eliminate malware from Web & email.
- Web and email vulnerabilities and exploits (compromised & malicious Web sites, Java, Flash)
- How malware evades detection
- Isolation as an alternative to detection for preventing malware
- 5 key considerations of an isolation system
- Isolation in action: Case studies for uncategorized Web sites, elimination of Java and Flash, phishing prevention
In conjunction with Osterman Research, Trustwave will present a live panel discussion on the challenges of modern malware and how to effectively combat it.
Trustwave editor Dan Kaplan will facilitate this discussion with Analyst Michael Osterman of Osterman Research, and Steve Brunetto, Director of Anti-Malware Product Management for Trustwave. This deep-dive session will investigate techniques modern malware uses to evade even “zero-day” detection methods, debunk misconceptions, and discuss what the next generation of malware prevention looks like.
Following the discussion, audience members will be able to ask the panelists questions. Please join us for this interview-format webcast.
An in depth live video panel discussion hosted by Alex Hinchliffe, Ramon De Boer, Batuhan Uslu, Steve Perich, Dharminder Debisarun and moderated by Matt Harper
Our panelists will discuss the following:
- What makes it interesting for someone to become a target.
- Could this be down to the systems you have in place or the lack of them?
- Could it be the type of organization or just a random attack?
Can the reason be political or just out of the blue to become a target.
Osterman Research finds that security decision makers are still concerned – and rightly so – about the effectiveness of their security defenses to prevent the infiltration of malware. Email is the #1 threat vector for your organization, and phishing is the easiest way to bypass your defenses.
Join Michael Osterman, of Osterman Research, and ThreatTrack Security to hear more about the security challenges organizations like yours face in regard to email and other threat vectors, and solutions you can implement to improve your security posture:
We will discuss how:
· Cybercriminals are getting better and more efficient
· Users are sharing more information through social media and making organizations more vulnerable to phishing attacks and other threats.
· Malware is “improving” and is harder to detect and remediate.
· IT should implement robust and layered security solutions based on strong threat intelligence, including how the cloud should be used as part of a robust security infrastructure.
· Decision makers should conduct a thorough analysis of the entire organization to understand where data is stored and who has access to it, as well as the tools that employees are using to access corporate data and network resources.
· IT should establish detailed and thorough acceptable use policies for the use of every type of communication or collaboration system that is in place now or might be used in the foreseeable future.
ThreatTrack Security will also show how it’s newest advanced malware solution, ThreatSecure, can help organizations detect and monitor malicious activity.
The rapid rise in cloud adoption – of which corporate IT has underestimated the scope by as much as 10x - has created a new effect: a “cloud attack fan-out.” Between many connected devices, which increase the attack surface, and capabilities like sync and share, which increase data velocity in the cloud, both the propensity and the severity of a breach rise.
Join Krishna Narayanaswamy, Founder and Chief Scientist of cloud security company Netskope, as he takes an in-depth look at data breaches involving cloud services and how they come about. Krishna will take a fun, CSI-like presentation approach and draw upon unique, anonymized data seen in the cloud to illustrate:
- The multiplier effect that that the cloud can have on the probability of a data breach
- Three real-world examples in which the cloud can play a role in data breaches, including a step-by-step review of a recent exploit found in a cloud storage app
- How to identify data breaches in an enterprise cloud environment using advanced anomaly detection techniques
- A forensic walk-through in the reconstruction of a complex audit following a data breach
- Best practices for mitigating breaches as well as monitoring and protecting sensitive enterprise data in the cloud
Many vendors are rushing to bring malware protection systems to market, but today’s advanced malware is stealthy and can often evade these systems. Organizations need a more comprehensive approach that looks beyond behavior seen in the sandbox, uncovering the hidden danger in malware's latent code.
Anne Aarness, Senior Manager at McAfee, explains how McAfee Advanced Threat Defense combines in-depth static code and dynamic malware analysis for a comprehensive malware protection system. Combined, this represents the strongest advanced anti-malware technology in the market, and effectively balances the need for both security and performance.