Capabilities Aaron Barr
Presentation Outline • Company Overview • Products • Responder • Active Defense • Threat Monitoring Center • Services • Incident Response • Threat Intelligence • IO • CNO • Social Media
HBGary • Company established in 2003, founded by Greg Hoglund • Stood up HBGary Federal in Dec. 2009 • Provide classified software and services, leveraging HBGary malware analysis product-line • HQs in Sacramento, CA, offices in DC, establishing SCIF in Colorado • Aaron Barr – CEO • Ted Vera - President | COO
HBGary Responder
Digital DNA • • Automated zero-day malware detection. Trait/Behavior based software classification system 3500 software and malware behavioral traits Example • Huge number of key logger variants in the wild • About 10 logical ways to build a key logger
Digital DNA Ranking Software Modules by Threat Severity 0 B 8 A C 2 05 0 F 51 03 0 F 64 27 27 7 B ED 06 19 42 00 C 2 02 21 3 D 00 63 02 21 8 A C 2 0 F 51 0 F 64 Software Behavioral Traits
Active Defense Endpoint Visibility Digital DNA™ Physical Memory Raw Physical Disk Live Operating System Event Timeline https Web-based console AD Server Network Host Information Sources
Threat Monitoring Center • • Malware feeds Receives thousands of malware samples daily 64 simultaneous VMWare instances of Windows HBGary DDNA automated classification of 30, 000 unique malware daily • Automated fingerprint signature, DDNA behavior, and social analysis (attribution) • Accessible via online Portal Nobody else does this!
HBGary Malware Threat Processor Nobody else does this!
Global Malware Genome Portal
Fingerprint. exe • Cluster Analysis of Malware based on common factors
Palantir • Build Threat Maps based on Malware internals, cluster data, C&C, and social
Security Focus Threat Intelligence Incident Response Information Operations
IR Services • Advanced malware detection & threat analysis • Live first response triage of servers and workstations • Enterprise scope of breach analysis • Root cause analysis • Malware analysis • Enterprise containment, mitigation and remediation
Incident Response • HBGary Active Defense • Fidelis XPS • EGS Sicily • Leave behind capability to provide continuous incident response.
Information Operations • • • Forensics Reverse Engineering Custom Development Influence Operations Social Media VA/PT • Training • Information Exposure Analysis • Campaign Management
Questions? Aaron Barr aaron@hbgary. com Ted Vera ted@hbgary. com
Скачать презентацию Capabilities Aaron Barr Presentation Outline Company
8f4c6850f31d1874a420a6fff03f6a5c.ppt