With malware accounting for at least 40% of all breaches, knowing how malware works can be an extremely valuable asset in your threat detection cache – especially for the incident responder. According to Verizon’s 2013 Data Breach Investigations Report, “Malware and hacking still rank as the most common [threat] actions”. In general, malware can range from being simple annoyances like pop-up advertising to causing serious damage like stealing passwords and data or infecting other machines on the network. Malware is as old as software itself and although there are new types of malware constantly under development, they generally fall into a few broad categories. Check out this SlideShare to learn how malware works, and what we believe are the most common types of malware you should be prepared for. By learning how malware works and recognizing its different types, you’ll understand: - How they find their way into your network - How attackers control them remotely - How they use your systems for nefarious purposes - And most importantly, the security controls you need to effectively defend against and detect malware infections. (Hint: you need more than antivirus!)

2. About AlienVault

3. Agenda
• What is malware?
• Malware variants
• How does it get in?
• Tips for mitigating risk
• Detecting malware with USM

4. What is Malware?
Malware is a portmanteau that
refers to malicious software and
encompasses a large variety of
computer programs designed to
steal sensitive data, gain
unauthorized access, or just
wreak havoc.

5. Malware Variants
Ransomware
• Cryptolocker
• Bitlocker
• Cryptovault
Remote access
• Rootkits
Data gathering
• Spyware
• Adware
General maliciousness

6. Top Threats seen by SpiceHeads
We asked SpiceHeads what kind of malware they are seeing and
these seem to be the most prevalent:
• Ransomware
• Potentially Unwanted Programs (PUPs)
• Misc phishing emails
• Malicious email attachments disguised as
PDFs, Excel docs, etc.
Most popular “funny” answer?
Users… :p

7. How does it get in?
Users
• Blindly clicking links in email, social media, etc.
• Downloading and running email attachments
• Disgruntled/generally malicious users
• Using company assets outside of corporate perimeter
Social Engineering
• Phishing/Spearphishing
• Drive-by downloads
• Malicious executables

8. But, wait… I have Endpoint Protection!
While Anti-Malware scanners will spot the majority of malicious files, there are
several ways to get past them:
• Polymorphic code
- Over lifespan of malware
- In real-time (every copy looks different)
• Encryption/packing
• Stealth
- Monitor system resource utilization
- Hiding malware in legitimate applications
- Sometimes even block anti-virus and/or system messages that
might alert a user to the malware’s presence
• Some legacy Firewalls may not have the tech to detect

9. Risk Mitigation
Education
• Ongoing training
- New, different malware variants
- Delivery mechanisms
• Institute a policy
- What you can and cannot download on the corporate network
- What to do if your users get hit
Containment
• Network segmentation

10. Risk Mitigation
Continuous Monitoring
• Operate under the assumption that you will get breached
- If prevention doesn’t work for these folks, why do you think it would
work for you?
• Multiple detection methods
- Don’t put all of your eggs in one basket

11. AlienVault Vision
Accelerating and simplifying threat
detection and incident response for IT
teams with limited resources, on day
one
Enable organizations of all sizes to
benefit from the power of crowd-
sourced threat intelligence & unified
security

12. AlienVault USM:
Discover Security That’s Highly Intelligent

13. Unified Security Management Platform
Accelerates and simplifies threat detection and incident response for IT teams with
limited resources, on day one
AlienVault Labs Threat Intelligence
Identifies the most significant threats targeting your
network and provides context-specific remediation
guidance
Open Threat Exchange
The world’s largest repository of crowd-sourced
threat data, provides a continuous view of
real-time threats
AlienVault Approach:
Unified Security Management

14. USM Platform
ASSET DISCOVERY
• Active Network Scanning
• Passive Network Scanning
• Asset Inventory
• Host-based Software Inventory
VULNERABILITY
ASSESSMENT
• Continuous
Vulnerability Monitoring
• Authenticated /
Unauthenticated Active
Scanning
BEHAVIORAL MONITORING
• Log Collection
• Netflow Analysis
• Service Availability Monitoring
SIEM
• SIEM Event Correlation
• Incident Response
INTRUSION DETECTION
• Network IDS
• Host IDS
• File Integrity Monitoring
Built-In, Essential Security Capabilities

15. Open Threat Exchange

16. DEMO

17. 888.613.6023
ALIENVAULT.COM
CONTACT US
HELLO@ALIENVAULT.COM
Now for some Questions..
Questions? Hello@AlienVault.com
Twitter : @alienvault
Test Drive AlienVault USM
Download a Free 30-Day Trial
http://www.alienvault.com/free-trial
Check out our 15-Day Trial of USM for AWS
https://www.alienvault.com/free-trial/usm-for-aws
Try our Interactive Demo Site
http://www.alienvault.com/live-demo-site