Positive Vs. Negative Security Models – Which Wins?

Presented at Black Hat Europe 2017, Dec. 6, 2017, 10:15 a.m. (25 minutes)

To detect unknown malware, organizations need a new approach that doesn’t rely on malware signatures and learning from what past malware looks like and how it behaves. This Negative Security Model approach that detects “the bad” falls short because it can’t keep up with a practically infinite number of new malware samples. A Positive Security Model that focuses on understanding a finite set of legitimate system behavior offers more foolproof detection. When behavior isn’t following a normal path, the Positive Security Model assumes it’s “bad” and prevents it from executing, no matter what attack vector or method is being used.

Presenters:

• Rene Kolga - Sr. Director of Product Management , Nyotron
• Ben Wheeler - General Manager, Europe, Nyotron
  Ben Wheeler is Nyotron’s General Manager. Prior to Nyotron, Ben was part of the management team at Accumuli Plc, an UK MSSP. Ben has worked for several security vendors including Trend Micro, where he was responsible for the System Integrator and Service Provider business unit. Ben has also worked at Novell, Remedy, Oracle, Microsoft and SAP.

Links:

• https://www.blackhat.com/eu-17/sponsored-sessions/schedule/#positive-vs-negative-security-models--which-wins-9611

Similar Presentations:

• DerbyCon 3.0 All in the Family (2013) / The Malware Management Framework, a process you can use to find advanced malware. We found WinNTI with it!
• ekoparty 14 (2018) / To Execute or Not to Execute. How to Build a Malware Execution Lab
• BSidesDC 2014 / Cyanomix Fireside Chat Demo