G Data  Header
  • Product Presentation
  • Technik II
  • Endpoint Protection
  • Data security / DLP / Know-how protection
  • Cloud Security

G Data - Proactive protection technologies against cybercriminals‘ tricks

How do cybercriminals overcome protections to successfully attack computer systems? How can modern technologies protect from these attacks?

10/8/2020 2:15:00 PM – 10/8/2020 2:30:00 PM

Please log in or register in advance so that you can take part in actions or watch videos about the action!

This action is available to the it-sa 365 community as a video.

G Data  Header
  • Product Presentation
  • Technik II

How do cybercriminals overcome protections to successfully attack computer systems? How can modern technologies protect from these attacks?

Language: German

Questions and Answers: Yes

graphical blue background
close

This video is available to the it-sa 365 community. Please register or log in with your login data.

Action description

In recent years, cybercriminals were able to shift the economic burden in the endless cat-and-mouse game of IT security to the defenders.

Malware authors constantly shorten the update cycle of their malicious software by automatically applying obfuscation layers to their samples. Malware authors also highly limit the amount of their own code visible on a machine by using stock tools in so-called "living-off-the-land"-attacks, or don't store their malware on disk at all, known as "file-less malware".

All of these techniques specifically limit the effectiveness of traditional static pattern detection. From the attackers' point of view, these techniques are relatively cheap to implement. On the other hand, attacks using these techniques significantly raise costs for defenders to be able to keep up comprehensive protection.

To overcome these limitations, a paradigm shift and new detection approaches are needed. One approach discussed here is based on machine learning combined with in-depth memory analysis. The other approach is to store the full system behaviour in a graph database and scan this graph for known malicious behaviour. Malware can easily change its outward appearance, but the tactics, techniques and procedures (TTPs) used in malware attacks keep the same. While malware can easily obfuscate or hide its presence on disk, actions within the process memory and interactions with the system are still visible and can therefore also be detected.

This talk will explore the effect of current real-world malware examples on traditional detection methods. We will also show how the discussed protection technologies enable resilient detections.

read more

Speaker