Cyber Threats

Facts & Figures

Cybersecurity
According to Cambridge Dictionary : things that are done to protect a person, organization,
or country and their computer information against crime or attacks carried out using the internet

SECURITY THAT WORKS

 Top Global Risk 2020
Top Global Risk in term of likelihood :
Comparison between 2008 and 2018

Source: World Economic Forum 2008-2018,

Global Risks Reports

SECURITY THAT WORKS

 Cyber Security Threat in Malaysia
TREND OF MALAYSIA CYBER Reports from
SECURITY THREATS Cybersecurity Malaysia
indicated that :

• More than 3 million

detected cases of
Malware & Botnet
Drones infection in
Malaysia in 2018

• The numbers
increased to more
than 5 million in
2020
2018 : 10,699
2019 : 10,772 • More than 10
2020 : 10,790 thousand reported
cyber security
2018 : 3,000,613 incidents each year
2019 : 3,261,023
2020 : 5,508,357
SECURITY THAT WORKS
Growing Threats of Cyber security

SECURITY THAT WORKS

Cyber Threat : Ransom Note!

SECURITY THAT WORKS

 Issues & Concerns in Cyber Security
T H E B U S I N E S S I M PA C T O F C Y B E R C R I M E I S O V E R W H E L M I N G

200+ D AY S $3 TRILLION $4 MILLION

Average cost of a
Cyber threats are a Median number of days Impact of loss of data breach
material risk to attackers are present on
a victims network
productivity and (up 29% since 2013)
your business
growth by 2020 [383 Org in 12
before detection countries]
Source : McKinsey Risk and
Responsibility in Hyperconnected Source : 2016 Ponemon Institute
Source Microsoft Advanced World Report 2014 Cost of Data Breach Study
Threat Analytics

MALAYSIA RANKS

50 %
MALAYSIA RANKS

Attacks are fast,

6 TH 12 TH
efficient, and in Southeast Asian
region, and 33rd globally
in Asia Pacific Region and
47th globally on
of those who open
phishing messages, click
easier to on social media scams ransomware attack. attachments within
implement Source Symantec 2015 Internet
the first hour
Source: Symantec 2016
Security Threat Report
Source Microsoft Advanced Threat Analytics

SECURITY THAT WORKS

Security Layers

VPN : Virtual Private Network

IDS : Intrusion Detection
IPS : Prevention System
NAC : Network Access Control
IAM : Internet Access Mgmt.
WAF : Web Access Filtering
DLP : Data Loss Prevention
EDR : Endpoint Detection & Response

SECURITY THAT WORKS

COVID-19 : Threats of Cyber security

https://www.thestar.com.my/news/
focus/2020/04/12/cybersecurity-
cases-rise-by-825

Page 8
 Security Layers

VPN : Virtual Private Network

IDS : Intrusion Detection
IPS : Prevention System
NAC : Network Access Control
IAM : Internet Access Mgmt.
WAF : Web Access Filtering
DLP : Data Loss Prevention
EDR : Endpoint Detection & Response

Our last defence to protect our valuable data

SECURITY THAT WORKS

 The Product: CYSECA
Endpoint Application Control &
Protection

SECURITY THAT WORKS

Product Information
What is CYSECA
 CYSECA is Pernec’s home-grown Endpoint Application Control software
 Provide 2 main functions : Application Control and Endpoint Protection
 It uses Application Whitelist approach as compared to Blacklist by normal Anti-Virus software

2 Protection
• It blocks or lockdown our Endpoint 1 Control
from executing any unknown, • It allows only registered /
unwanted, unapproved applications whitelisted files or application
including all Malware/viruses to be run in our Endpoint

SECURITY THAT WORKS

Solution Framework IDENTIFY and discover all software and
 Integrated CYSECA Endpoint applications installed in the client’s AUDIT MODE
Application Control Solution machine

1
Identify
PROTECTION MODE

QUARANTINE DETECT running

4 2 application or
unknown, unwanted,
unapproved Respond Detect attempt to execute
CYSECA
applications including application.
Endpoint
malware.
Application
Control

3
Protect

BLOCK and lockdown Endpoint from executing any

unknown, unwanted, unapproved applications including
malware. Set AWL policy.

SECURITY THAT WORKS

What makes CYSECA different & special?
CYSECA uses Application Whitelist (AWL) approach as compared to Blacklist by normal Anti-Virus Software.

Whitelist: denies everyone access Blacklist: allows everyone access

except those listed in the whitelist except those listed in the blacklist

VS

Challenges of Traditional Anti-Virus

 Morph / Mutate malwares to avoid
detection by AV
 Always need to keep update the
blacklist signature
 Newer malware that yet to have
signature in AV database
 Zero–day malware
 The next generation Endpoint
Protection includes Behavioural
Detection, Artificial Intelligence (AI)
Gartner and Forrester)
and Machine Learning (ML) –
Nearly 88% of today's malware can morph* to avoid detection by signature-based anti- consume high CPU and memory
virus solutions. Standalone anti-virus protection is no longer adequate. resources.
 Why Application Whitelist (AWL)?
TOP 4 STRATEGIES TO MITIGATE TARGETED CYBER INTRUSIONS: MANDATORY
REQUIREMENT EXPLAINED by Australian Signals Directorate (ASD) – 2010 Guidance

Top 4 Strategies
ASD The Essential Eight (update in 2017)
Minimize Application Multi-factor
Application authentication
Administrative Whitelisting whitelisting
privilege
4 1 1 8 Patching
Patching Operating
applications systems
2 7
3 2
Hardening 3 6
Office Backup
Patching Hardening/patching macros daily
Applications Operating system 4 5
Harden user Restricting
applications administrative
privilege

https://www.cyber.gov.au/publications/strategies-to-mitigate-cyber-security-incidents-mitigation-details

SECURITY THAT WORKS

Why Application Whitelist (AWL)?

SECURITY THAT WORKS

 Competitive Analysis of Endpoints Protection
APPLICATION WHITELISTING features
CYSECA Endpoint
Microsoft Carbon Black Symantec Endpoint
Strengths Application
AppLocker Protection Security Enterprise
Control
Whitelist Applications & Block Unauthorized ✔ (Whitelist file manage by
✔ ✔ ✔
Applications user)

Whitelisting Based on Publisher (Digital

✔ ✔ ✔ ✕
Certification)
✕ Whitelist file manage by
Low Maintenance On Whitelist Updates ✔ ✔ ✔
user

Real-time Detection And Alerts On Suspicious

✔ ✔ ✔ ✔
Files Executed
Stop Malware, Ransomware, Zero-day,
✔ ✔ ✔ ✔
Crypto-mining.
Block Unauthorized Application Installation ✔ ✔ ✔ ✕

Allow Policy User Grouping ✔ ✔ ✔ ✔

Fileless Attack Protection ✔ ✔ ✕ ✕

✕(Quarantine a
Quarantine Suspicious File ✔ ✔ ✔
machine)

Allow Report Customization ✔ ✔ doesn't specify ✔

SECURITY THAT WORKS

Competitive Analysis of Endpoints Protection
APPLICATION WHITELISTING features

CYSECA Endpoint Microsoft Carbon Black Symantec Endpoint

Strengths
Application Control AppLocker Protection Security Enterprise
File/Malware Detail ✕
Information & Sandbox ✔ ✕ different product ✕
Analysis (VMRAY)

Managed Protection ✕ ✔ (Managed Endpoint

✔ doesn't specify (CB Threat Detection &
Services Hunter) Response)
Application Inventory & CVE
✔ ✕ ✕
Details
USB Access Control on end-
✔ ✕ ✕
user
Malaysian Product ✔ ✕ ✕ ✕
Data Sovereignty ✔ ✕ ✕ ✕

SECURITY THAT WORKS

 Fileless attack comparison with Traditional Anti-virus
Fileless Technique CYSECA Bitdefender Avast Symantec Webroot ESET Kaspersky Sophos TrendMicro
koadic
✔ ✔ ✕ ✕ ✕ ✔ ✕ ✕ ✕
mshta
koadic
✔ ✔ ✕ ✕ ✕ ✔ ✔ ✔ ✔
regsrv
koadic ✔ ✕
✔ ✔ ✕ ✕ ✔ ✔ ✔
rundll32_js
koadic ✔
✔ ✕ ✕ ✕ ✔ ✕ ✔ ✔
bitsadmin
koadic disk ✔ ✕ ✕ ✕ ✕ ✔ ✕ ✔ ✔
koadic wmic ✔ ✔ ✕ ✔ ✕ ✕ ✔ ✔ ✔
Malicious ✕
✔ ✔ ✔ ✔ ✕ ✕ ✔ ✔
Powershell line
msvenom ✔
✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔
msiexec
msvenom
✔ ✔ ✔ ✔ ✕ ✔ ✔ ✔ ✔
certutil
msvenom ✕
✔ ✔ ✔ ✔ ✕ ✔ ✕ ✕
batch
msvenom
✔ ✔ ✔ ✔ ✕ ✔ ✔ ✔ ✔
cscript (vbs)
Powercat ✔ ✔ ✔ ✔ ✕ ✕ ✕ ✕ ✕

SECURITY THAT WORKS

MyCC Certification

SECURITY THAT WORKS

 Competitive Analysis of Endpoints Protection
APPLICATION WHITELISTING features
CYSECA Endpoint Carbon Symantec Kaspersky McAfee
Microsoft Bit defender
Strengths Application Black Endpoint Security Endpoint Endpoint
Defender Gravity Zone
Control Protection Enterprise Security Security

Whitelist Applications & Block different product ✔ (Whitelist file ✔ (Whitelist file ✔ (Whitelist file ✔ (Whitelist file
✔ ✔
Unauthorized Applications (Applocker) manage by user) manage by user) manage by user) manage by user)

different product
Cloud Management Dashboard ✔ ✔ ✔ ✔ ✔ ✔
(Microsoft ATP)

Low Maintenance On Whitelist different product ✕ Whitelist file ✕ Whitelist file ✕ Whitelist file
✔ ✔ ✕
Updates (Applocker) manage by user manage by user manage by user

Real-time Detection And Alerts

✔ ✔ ✔ ✔ ✔ ✔ ✔
On Suspicious Files Executed

Stop Malware, Ransomware,

✔ ✔ ✔ ✔ ✔ ✔ ✔
Zero-day, Crypto-mining.

Block Unauthorized Application

✔ ✕ ✔ ✕ ✕ ✕ ✕
Installation

different product
Allow Policy User Grouping ✔ ✔ ✔ ✔ ✔ ✔
(Microsoft ATP)
On-demand Whitelist Update ✔ ✕ ✔ ✕ ✕ ✕ ✕
Reputation Services For
✔ ✕ ✔ ✕ ✕ ✕ ✕
Whitelisting

✕(Quarantine a
Quarantine Suspicious File ✔ ✔ ✔ ✔ ✔ ✔
machine)
different product
Allow Report Customization ✔ doesn't specify ✔ ✔ ✔
SECURITY ✔
THAT WORKS
(Microsoft ATP)
 Competitive Analysis of Endpoints Protection
APPLICATION WHITELISTING features
CYSECA Endpoint Symantec Kaspersky McAfee
Microsoft Carbon Black Bit defender
Strengths Application Endpoint Security Endpoint Endpoint
Defender Protection Gravity Zone
Control Enterprise Security Security
File/Malware Detail ✔ (GravityZone
different product
Information & Sandbox ✔ ✕ ✕ Elite, Ultra & ✕ ✕
(VMRAY)
Analysis Enterprise Security)

✔ (Managed
Full Level Support (1st,2nd, ✔ (CB Threat ✔ (GravityZone
✔ doesn't specify Endpoint Detection doesn't specify doesn't specify
3rd level) within SLA Hunter) Managed EDR)
& Response)
Malaysian Product ✔ ✕ ✕ ✕ ✕ ✕ ✕
Data Sovereignty ✔ ✕ ✕ ✕ ✕ ✕ ✕
Installed Application
✔ ✕ ✔ ✕ ✕ ✕ ✕
Inventory on users' machine

Device Control on end-user

✔ ✕ ✔ ✔ ✔ ✔ ✔
machines

Firewall ✕ ✔ different product ✔ ✔ ✔ ✔

different product
Intrusion Prevention ✕ ✔ ✔ ✔ ✔ ✔
(CB Defense)
Behavioural Analysis & different product
✕ ✔ ✔ ✔ ✔ ✔
Protection (CB Defense)
different product
Exploit Prevention ✕ ✔ ✔ ✔ ✔ ✔
(CB Defense)

Endpoint Threat Detection & ✕ (Partial – Malware different product different product different product different product
✔ ✔
Response (EDR) Detection) (Microsoft ATP) (Symantec EDR) (Kaspersky EDR) (MVISION EDR)
SECURITY THAT WORKS
Product Information - Architecture

3 Main CYSECA Components :

1) CYSECA Agent
2) CYSECA AWL Control Server
3) CYSECA Master Update Server

CONFIDENTIAL SECURITY THAT WORKS

 Supported Platform

Windows® Operating Systems

 Windows 7 (32-bit, 64-bit)
 Windows 8.1 (32-bit, 64-bit)
 Windows 10 (32-bit, 64-bit)
 Windows Server 2008 R2
 Windows Server 2012
 Windows Server 2016
 Windows Server 2019
 Windows XP SP3
Note:
Both Windows 7 and Windows Server 2008 R2
must be updated to the latest patches including
SP1 and KB4474419
https://support.microsoft.com/en-my/help/4474419/sha-2-code-signing-support-update
https://www.catalog.update.microsoft.com/Search.aspx?q=4474419

SECURITY THAT WORKS

High Level Network Diagram
Internet Port 443

FW

OPTION 1 • Signature Update

(On Cloud) • Sandbox CYSECA Master Update
• File Reputation Server
CYSECA Application
Control Server is
located at the CYSECA
Cloud
CYSECA CYSECA OPTION 2
Administrator Administrator (On Prem)

CYSECA
• Dashboard FW • Dashboard FW Application
• Audit Log • Audit Log Control Server is
• Policy Mgmt. • Policy Mgmt.
located at the
• Admin Mgmt. • Admin Mgmt.
• Endpoint Mgmt. • Endpoint Mgmt.
Server
Zone

User LAN Server Zone User LAN Server Zone

CYSECA Agents CYSECA Agents CYSECA Apps Control Server

SECURITY THAT WORKS

Sample Dashboard

SECURITY THAT WORKS

Product Features

SECURITY THAT WORKS

Product Features
1 Help to lockdown endpoints from executing malicious, unknown and unauthorized
files or application

2 Control what are approved applications on each endpoint with standardized

application catalogue

3
As tool to monitor and control software licenses

4 Able to curb internal staff from installing unauthorized applications, games or

entertainment software

5 Dashboard will provide better view and management of endpoints

6
Able to block read/write on USB disk drive – as part of data leakage management

7 Lightweight agent is suitable for low end & end of life PCs or notebook.

SECURITY THAT WORKS

Value Proposition
01
Malaysian Made : Home-grown product – own the source code and IP rights

02
Supported by local and in house expertise – SLA guaranteed

03
End-to-End professional support and services

04
Full control on pricing thus able to offer competitive pricing

05
Data sovereignty – all data and information hosted locally in Malaysia

06 SOC
24x7 Security Operation Center (SOC)

SECURITY THAT WORKS

After Sales Support

HQ : SOC : (24 x 7 : +603-83200660)

No 21, Jalan Setiawangsa 8, No 1-1 & 1-2, Cybersquare,
Taman Setawangsa Jalan Teknokrat 6, Cyber 5,
54200 Kuala Lumpur 63000 Cyberjaya, Selangor

SECURITY THAT WORKS

 Installed Sites
Commercial Sites

Jabatan Mufti Selangor

Proof Of Concept / Free Trial

Politeknik Mersing

Economic Planning Unit Politeknik Ibrahim Sultan

Dewan Bahasa &Pustaka

Hospital Kuala Lumpur

SECURITY THAT WORKS

Nationwide Deployment for Endpoint Security
Cloud Hosting

CYSECA nationwide deployment for Site A

more than 5,000 endpoints

Internet Site B

BB CYLANCE : 1,000
endpoints at 20 sites

PERNEC Security Operation

Center (SOC) @ CYBERJAYA

SECURITY THAT WORKS

 CYSECA Brand Awareness
Forum of Incident Response and Security Teams
24th – 29th Jun 2018
Strategic Business Collaboration with Politeknik Mersing, Johor
2nd Mar 2019

SECURITY THAT WORKS

 CYSECA Brand Awareness

24th Sept – 28th Sept 2018 23th Sept – 27th Sept 2019
 CYSECA Brand Awareness
Malaysia Cyber Security Strategy Launching 2020 Online Cyber Security Seminar for SMEs
(in collaboration with MDEC)
2021

M A LA Y S I A
CYBER SECURITY
STRATEGY

SECURITY THAT WORKS

 CYSECA Brand Awareness

CYSECA
In Collaboration CYSECA Virtual
with MDEC during Booth
CYDES 2021

SECURITY THAT WORKS

Buy Malaysian Product

SECURITY THAT WORKS

THANK YOU
Follow CYSECA at Social Media :
FB : Cyseca For more information visit us at :
LinkedIn : Cyseca
www.pernec.com.my
Twitter : CysecaOfficial www.cyseca.com.my
IG : Cyseca_official

SECURITY THAT WORKS