The document discusses the need for a balanced approach to endpoint security that includes both prevention and detection. It argues that relying solely on prevention is not sufficient, as attacks will always get through, requiring detection capabilities to identify breaches. Likewise, detection alone is insufficient, as preventing attacks upfront reduces workload. The document outlines the key components needed to properly unify next-generation antivirus and endpoint detection and response, including complete visibility of endpoint activity, large-scale analysis capacity, and the ability to derive insights and indicators of attack from collected data. An integrated approach is advocated that allows prevention and detection to strengthen one another.
Strategies for Landing an Oracle DBA Job as a Fresher
You Can't Stop The Breach Without Prevention And Detection
1. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
YOU CAN’T STOP THE BREACH WITHOUT
PREVENTION AND DETECTION
CHRIS SHERMAN, SENIOR ANALYST, FORRESTER
ROD MURCHISON, VP, PRODUCT MANAGEMENT, CROWDSTRIKE
2. Mastering the Endpoint: Leverage
Forrester’s Targeted Attack Hierarchy Of
Needs
Chris Sherman, Senior Analyst
October 20th, 2016
29. THE YING & YANG OF ENDPOINT PROTECTION
§ You need to see Prevention &
Detection
in a holistic way
§ There needs to be a virtuous
approach - one feeds the other
and vice-versa
§ You need to have a vision, from
the outset to build this, you
can’t just make this up as you
go along
PREVENTIONDETECTION
30. Cloud Delivered Endpoint Protection
MANAGED
HUNTING
ENDPOINT DETECTION
AND RESPONSE
NEXT-GEN
ANTIVIRUS
CrowdStrike is the only security technology provider to unify next-gen AV and EDR into a single agent,
backed by 24/7 proactive threat hunting – all delivered via the cloud
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
31. PREVENTIONBENEFITS
PREVENTS
ALL TYPES OF
ATTACKS
Protect against Known/Unknown
Malware
Protect Against
Zero-Day Attacks
Eliminate Ransomware
No Signature Updates
No User Impact—Less than 1%
CPU overhead
Reduce re-imaging time
and costs
BUSINESS VALUE
Machine
Learning
IOA
Behavioral
Blocking
Block
Known Bad
Exploit
Mitigation
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
32. CLASSIC EDR JUSTIFICATION:
THERE IS NO SUCH THING AS 100% PREVENTION
§ Attacks will always get through
§ Even with 99% efficacy you still need
something to deal with the 1%
§ So, you need EDR to deal with this and
solve the ‘silent failure’ problem
1%
missed
99%
stopped
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
33. WHAT 99% CAN MEAN…
33
Chanceofatleastonesuccess
foradversary
Number of attempts
1%
>99%
500
Bottom
line:
change the
binary 500
times and
with 99%
detection
efficacy -
you will
get one
file thru
34. PREVENT AGAINST
SILENT FAILURE
DVR FOR
ENDPOINT
BUSINESS VALUE
5 Second
Enterprise Search
No Hardware or
Storage Costs
Full Spectrum
Visibility
Reduced
Time to Remediation
BENEFITS
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
DETECTION AND RESPONSE
35. FINDING THE ADVERSARY
So You Don’t Have To
BREACH PREVENTION
SERVICES
Team of Hunters
Working for You
24 x 7
BUSINESS VALUE
Force Multiplier
Community Immunity
BENEFITS
Reduce Alert Fatigue:
Focus on What Matters!
Stop the
“Mega” Breach
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
MANAGED
HUNTING
36. SO YOU GOT DETECTION AND PREVENTION,
WHY ARE YOU STILL DISAPPOINTED?
§ You can’t just slam two things together - detection & prevention
§ You can’t just tick a list of features where you check-off features
§ This is tough stuff, you need to be thoughtful and considered in how you
architect a prevention and detection solution
§ You can’t see prevention and EDR as two separate things
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
37. SO, WHERE DOES PREVENTION END
& DETECTION START?
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
PREVENTIONDETECTION
38. OVERVIEW OF WHAT’S REQUIRED
TO PROPERLY UNIFY NEXT-GEN AV AND EDR
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
Complete
and accurate
visibility
Analysis
capacity
1 2 3
Ability to turn data into
information
and insight
39. COMPLETE AND ACCURATE VISIBILITY
§ Data: Need lot’s of it
§ Scalability: In the Cloud
§ Power: Storage, throughput and
compute power
§ Integrity: High fidelity
§ Usefulness: Insightful
§ Flexible Capture: distributed/mobile/
BYOD and or on/off network
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
40. ANALYSIS CAPACITY
§ Organize and analyze big data
§ You need to analyze this at massive scale
§ You need to ‘glue’ all this data together
§ That’s why a ‘Graph’ is the answer
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
41. ABILITY TO TURN DATA INTO INFORMATION AND
INSIGHT
§ Piecing data together and establishing
the relationships between drives
‘Context’ - the more data you have the
‘richer the context’
§ Understanding context let’s you
understand behavior and that allows you
to get to IOA
THREAT GRAPH
Indicators of Attack
EDR
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
42. WHICH IN TURN MAKES BOTH PREVENTION
AND EDR BETTER
§ IOA’s = better ‘prevention’
§ IOA’s = defeat attackers who are ‘living of the land’
§ Traditional malware and security approaches inadequate
§ IOA’s = better EDR and better EDR = better IOA’s
43. SUMMARY
§ You need to see Prevention & Detection in a holistic way
§ There needs to be a virtuous approach - one feeds the
other and vice-versa
§ You need to have a vision, from the outset to build this,
you can’t just make this up as you go along
44. NEW FORRESTER WAVE
The Forrester Wave™: Endpoint Security, Q4 2016
The 15 Providers That Matter Most And How They Stack Up
§ CrowdStrike will be sending a copy to ALL webcast registrants
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.