Malware is dead; it's still out there but is used for smash-and-grab, in-your-eye pokes or as distraction at most. The real threat has moved to higher ground, and PowerShell is King there. PowerShell is the vector for over 80% fileless malware executions in attacks. The majority of market endpoint protection solutions either bluntly stop all Powershell sessions or stop nothing as they don't have granular insight intoPowerShell sessions, so sophisticated attackers exploit it by running malicious and obfuscated code inside PowerShell thus infecting the endpoint without being detected or blocked.
Cybereason has announced the unique ability to gain visibility and control on what PowerShell is running within a session. Cybereason analyses all the commands PowerShell attempts to execute and blocks the execution of malicious commands, even if they are obfuscated. The result: scoped PowerShell use and high malop detection rates with low false positives. This session will discuss Powershell attacks and how Cybereason is uniquely able to shut down the Motorway to attackers while still letting administrators use this most versatile of toolkits.