Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Protect your cloud infrastructureagainst the root cause of cyber attacks:
UNAUTHORIZED CODE
INDUSTRY LEADING THREAT DETECTION WITH NO MANUAL CONFIGURATION OR OVERHEAD FOR YOUR TEAM
Intezer Protect is a Cloud Workload Protection Platform (CWPP) that defends your cloud infrastructure against unauthorized and malicious code. Revealing the “genetic” origins of all applications running on your
systems, Intezer provides full visibility in runtime and enables you to adopt a Zero Trust Execution strategy without the operational overhead.
Zero Trust Execution Meets Low Overhead
AWS AZURE
GCP PROTECT YOUR AWS, AZURE, GCP OR PRIVATE CLOUD ENVIRONMENTS against the root cause of all cyber attacks: unauthorized and malicious code.
ADOPT A ZERO TRUST EXECUTION STRATEGY without the high maintenance, disrupting the agile CI/CD pipeline or downgrading your servers’ performance. Ensure all code running on your cloud infrastructure is under your control and solely from trusted origins.
ALLOW YOUR ORGANIZATION TO CONTINUOUSLY INNOVATEwhile knowing the entire spectrum of your workloads—including Virtual Machines, containers, Kubernetes and Open Shift instances, and more—is secure.
Cyber attacks on the cloud are diverse, meaning attackers can choose from a variety of attack vectors or vulnerabilities to exploit, for instance in Docker, Kubernetes, and Linux applications. However, cyber attacks on the cloud all have one factor in common. They all require an attacker to run unauthorized code or commands in the victim's runtime environment.
Exploit vulnerabilityin WAF
Capital One
Tesla
Kinsing Attack
UnprotectedKubernetes
console
Misconfigure Docker API
Create a Linuxcontainer with
running malware
Spread maliciouscode
Run malware in otherhosts and containers
Steal credentialsto AWS from
containerAsset discovery
Run cryptominers on allLinux servers
Run commands onEC2 instance
Steal credentialsfor S3 bucket Leak data
It doesn’t matter if you have an unknown vulnerability, a deadly misconfiguration, or if an adversary has stolen your credentials—nearly all cyber attacks require the attacker to run code in your systems. Regardless of the attack vector, monitoring the runtime environment is the key to preventing cyber attacks on your cloud infrastructure.
Unauthorized Code is the Root Cause of Cyber Attacks
Vulnerabilityexploitation
Informationstealing
Credentialscraping
Internalreconnaissance
Data breachAPTs
Lateralmovement
Code in Runtime
of organizations suffered at leastone cloud data breach in the past 18 months
of companies reported 10 or morecloud data breaches
According to an Ermetic report published on June 3, 2020
80% 43%
What Does a CloudCyber Attack Look Like?
Secure entire cloud-native stackBest ROI in the cloud security market
Full visibility Low overhead
Defend against modern and evolving attacks All recommended IaaS security controls
and Linux serversIntezer’s novel Genetic Software Mapping approach combines a best-in-class threat detection with low operational overhead and maintenance
and control over all code and applications running in your environment
Produce only high-confidence alerts with no manual configuration, rules, or policies required
Our in-memory Genetic Software Mapping capabilities defend against a wide scope of attack vectors
under one platform
Advantages
Vulnerability exploitation and
other fileless threats
Unauthorized or risky
software
Malicious code Suspicious shell commands and administrative
activity
App Control
Memory protection
EDR-like visibility
Anti-malware
System integrity
We create a genetic profile of your workloads and continuously monitor for new code running in memory. Any detected deviation from the baseline is genetically inspected which allows us to alert you only on deviations that present true risk, rather than natural deviations such as legitimate software upgrades that don't require a response.
1. Basline
2. Monitor
3. Inspect
4. Alert
5. Terminate
6. Enforce Clean
Generate a trusted genetic profile of all software in your infrastructure (your applications, third party applications, operating system)
Monitor in runtime for any deviations in memory across the entire cloud stack (IaaS, CaaS, PaaS) and layers (OS, K8s, containers), while providing full visibility over all software running on your system
Genetically inspect the deviation to determine if it's unauthorized code or just a natural and legitimate deviation
Alerts on unauthorized code and provides deep context for each threat
Terminate unauthorized code on demand
Ensure your systems are in a trusted state and run 100% trusted code
How it Works
Genetic Software Mapping
Unknown code Extracting genes
Code genome database containing billions of genes
Identify and classify unknown and reused code
Mirai malware
Red HatEnterprise Linux
Malicious
Trusted
Our core technology classifies unknown code and applications by identifying the code origins of these potential threats, regardless of behavioral indicators which can be designed by attackers to appear normal. Detecting code reuse between software, we identify the source of the attack itself, making it exponentially harder for attackers to launch a new attack in the future.
Deployment ArchitectureWith a lightweight sensor (< 0.5% CPU) seamlessly deployed on the Host/VM level or as a sidecar container, Intezer Protect secures the full cloud-native stack and legacy Linux servers, while protecting your infrastructure at the lowest layer: the operating system itself. This enables our customers to detect container-based attacks and defend against multiple attack vectors.
Lightweight sensor
(0.5% CPU, 5 MB/day)
Features and Benefits
Threat Protection
Cloud-Native
Visibility
Low Overhead During and After Onboarding
Detect and terminate any unauthorized and malicious code
Ultra-lightweight agent designed to work in modern production environments
Monitor and log any new software running on your cloud servers
Doesn’t require intrusive integrations into the CI/CD pipeline
Detect and terminate in-memory threats, including exploitation of known and unknown vulnerabilities
Designed to protect Linux systems (not a migration from a Windows Endpoint detection platform)
Visual dashboard showing high-level security status of all cloud servers
Simple deployment tailored for cloud environments. Quick onboarding process protects workloads against breaches in less than 24 hours
Extremely low false positive rate with flexible immutability
Actionable, automatic response for alerts
Contextual, prioritized alerts including origin of code and malware family
Detect suspicious shell commands and Living off the Land (LotL) attacks
Covers the entire cloud native stack: VMs, containers, and container orchestration platforms
In 2019, researchers at Intezer documented over 20 instances of previously undetected Linux threats. Those threats included large scale crypto-mining campaigns, botnets, ransomware, and nation-state sponsored attacks.
Revealing the "genetic" origins of software, Intezer introduces a new way to detect and respond to cyber threats. Intezer offers enterprises advanced solutions to detect modern cyber attacks, while providing deep context for effective response.
Proven Capabilities in the Cloud and Linux Domains
Intezer Overview
HQ IN NEW YORK CITY
CUSTOMERS INCLUDE FORTUNE 500 COMPANIES, GOVERNMENT AND FAST-GROWING TECH STARTUPS
INVESTORS INCLUDE
Partner with Intezer
HiddenWasp Kaiji QNAPCrypt