Challenges in Cri-cal Infrastructure Security
|
|
- Anna Shelton
- 8 years ago
- Views:
Transcription
1 Challenges in Cri-cal Infrastructure Security Corrado Leita Symantec Research Labs 1
2 Symantec Research Labs CARD (Collabora*ve Advanced Research Department) group Sophia An*polis, FR Culver City, CA Herndon, VA European projects: WOMBAT ( ): Worldwide Observatory of Malicious Behaviors and AQack Threats VIS- SENSE ( ): Visual Analyi*cs of Large Datasets for Enhancing Network Security CRISALIS ( ): CRi*cal Infrastructure Security AnaLysIS BIGFOOT ( ): Big Data Analy*cs of Digital Footprints 2
3 Convergence between IT and ICS technologies Interconnec*on of standard computer systems with industrial control systems An opportunity? Lower costs and increased system efficiency Opportunity to leverage standard IT techniques (intrusion detec*on, file scanning, standard hardening techniques, ) Opportunity to enable ICS suppliers to manage and support ICS devices at scale A threat? Enable aqacks and incidents that are typical of standard IT environments Enable aqacks on cri*cal infrastructures and environments such as energy, gas, medical Privacy viola*ons from data being more widely available 3
4 What is this talk about? Q1 Why is research on Industrial Control Systems security important? How does it differ from standard IT security? Q2 What are the challenges associated to doing research on ICS security? 4
5 Q1 What are the challenges in the protec-on of ICS environments? 5
6 Off- the- shelf suitability to ICS Challenges IT VS OT culture Threat economy 6
7 Are off- the- shelf product suitable for ICS security? + =? 7
8 Smart Grid as a complex ecosystem Our focus SCADA AMI 8
9 A composi-on of complex environments flow datagram generated from the analysis of one hour of opera*on of a water pump control system diverse, o]en non- standard protocols Physical environment servers clients in main network gateways clients in separate network 9
10 Off- the- shelf suitability to ICS Challenges IT VS OT culture Threat economy 10
11 6th Interna*onal Conference on Autonomous Infrastructure, Management and Security (AIMS 2012) 11
12 The interes-ng lesson Is it possible to burn- out a water pump by solely interfacing with the SCADA layer? Fail- safe mechanisms exist to prevent physical damage! 12
13 Off- the- shelf suitability to ICS Challenges IT VS OT culture Threat economy 13
14 Threat economy Security mechanisms o]en aim at rendering an intrusion difficult enough Their effec*veness depends on the value of the target! Requiring a signed cer*ficate to inject a kernel driver Keeping valuable resources in a private network Storing a cer*ficate in a secure room cost revenue 14
15 Stuxnet, Duqu, Flamer Stuxnet: first publicly known malware to cause public damage Duqu: shares many similari*es, used for cyber espionage Flamer: even more advanced pladorm for data exfiltra*on è Cyber warfare is not a myth! 15
16 Is this the -p of an iceberg? 16
17 16 What is your experience with each of this type of abacks? (1580 industries contacted, 2010) Symantec 2010 Cri*cal Infrastructure Protec*on Study - hbp://bit.ly/bka8uf 17
18 Symantec 2010 Critical Infrastructure Protection Study - Global: Oc 2010 How many -mes have you suspected or been sure each of the following has occurred in the last 5 years? Symantec 2010 Cri*cal Infrastructure Protec*on Study - hbp://bit.ly/bka8uf 18
19 Cost es-ma-ons of all the abacks over the 5 years Symantec 2010 Cri*cal Infrastructure Protec*on Study - hbp://bit.ly/bka8uf 19
20 Q2 Research in ICS security 20
21 The problems Few or no informa*on is available on the threat landscape and on ongoing aqacks against ICS environments How do we ensure the relevance of our research? The few informa*on we have at our disposal shows very advanced threats carried out by groups or governments with almost unlimited resources How do we ensure the effec-veness of our research? 21
22 How do (should) we do research? Observe Form Hypothesis Perform experiments Analyze results Draw conclusions DATA 22
23 Marco Cova, Corrado Leita, Olivier Thonnard, Angelos Keromy*s, Marc Dacier, An analysis of Rogue AV campaigns, RAID 2010 An example: Rogue security sogware 1. What is the big picture? 2. Is there any major difference from other threats? All done in Javascript! 23
24 Methodology 1. Scope defini-on: defini*on of lists of domains likely to be related to the threat Norton Safeweb, Malware Domain Lists, Data enrichment using robtex.com 2. Data enrichment: collec*on of informa*on on the infrastructure hos*ng the content Registra*on informa*on, DNS informa*on, server informa*on, 3. Data mining: defini*on of a set of features for each domain and applica*on of MCDA Manual analysis of each generated cluster 24
25 PC An-spyware Domain name Web server Web server/dns server /24 network Registrant 25
26 Level of coordina-on This is unique to this threat and not shared by, for instance, drive- by- downloads Registra*on date 26
27 Are these findings specific to the threat landscape? Experiment: drive by downloads Analysis of 5304 domains known to be landing pages for Internet Explorer ADODB.Stream Object Installa*on Weakness (CVE ) Repeated feature collec*on and analysis using MCDA Only 21 clusters were found accoun*ng for a total of 201 domains (3.8%) The domains under analysis do not share a common infrastructure The infrastructure is not actually owned by the perpetuators of the aqacks Important difference with the Rogue AV scenario How to jus*fy this difference? 27
28 Rogue AV economics What are the costs/revenues associated to the rogue AV business? Costs (informal survey) Average monthly cost: 50$ Annual domain registra*on costs: 3-10$ Total annual costs: 879-2,230$ Revenues Average price for a rogue AV: 30-50$ Client volume??? Total annual revenues:?? 28
29 Rogue AV servers and Apache mod_status 6 servers (193 domains) were discovered to be offering u*liza*on sta*s*cs through the output of Apache mod_status Con*nuous sampling of the output over a period of 44 days Filtered out probing/scanning aqempts Tracked a total of 372,096 dis*nct IP addresses 29
30 Behavior evolu-on Successful scans: 25,447 Unsuccessful scans: 306,248 Hit rate: 7.7% A scan is considered successful if a download is performed by the same IP address within 24 hours Cumula*ve number of dis*nct IP addresses for each behavior type 30
31 Comple-ng the table What are the costs/revenues associated to the rogue AV business? Costs (informal survey) Average monthly cost: 50$ Annual domain registra*on costs: 3-10$ Total annual costs: 879-2,230$ Revenues (pessimis-c es-mate) Average price for a rogue AV: 30-50$ Expected mone*za*on rate for client hit: 0.26% (in previous studies on spam) Client volume over 44 days: 331,695 Total annual revenues: 214, ,702$ 31
32 Challenges Rigorous data collec*on is essen-al to security research Understanding the threat landscape Understanding the threat economics Evalua*ng/benchmarking real- world applica*on of specific solu*ons It s an expensive process Highly dynamic threat landscape Need to ensure representa*veness of the observa*ons, but also repeatability It s an itera*ve process The effort cannot be easily shared Field data experimenta*on is associated to lots of legal and ethical concerns when it comes to sharing data 32
33 The importance of observa-on What should we really do research on? 33
34 WINE: Benchmark for Computer Security Symantec s worldwide sensors Pladorm for experimental reproducibility 34
35 The Worldwide Intelligence Network Environment (WINE) Goal: repeatable cyber security experiments at scale Field data collected on millions of end- hosts Data sampled from Symantec s opera-onal data sets Access WINE on SRL site: Culver City, CA or Herndon, VA Fee required Store reference data sets used in prior experiments Maintain lab book 35
36 What WINE is not a defini*ve benchmark suite a data set that can be copied outside of SRL a system that can be accessed remotely a repository for all the data that Symantec collects an effort targeted exclusively at cyber security 36
37 Opera-onal Model 1 Malware Samples Proposal Hypothesis Data needed 3 2 WINE Catalog NDA 7 Isolated Red Lab 5 6 Contract 4 Researcher 7 Virtualized Server DB 5 6 Publica*on Ack: WINE 8 Contextual informa*on 37
38 WINE Data Set: Malware Packed and unpacked malware binaries Vulnerability Remedia*on Patch Malware Samples New AQacks Zero- Day AQacks Advisory Dissemina*on & Concealment 38
39 WINE Data Set: Binary Reputa0on Norton Insight (opt- in program) Submissions Queries MachineID Timestamp MD5 of binary Remedia*on SHA2 of binary Download URL Protocol version Patch Advisory Vulnerability Malware Samples Dissemina*on & Concealment New AQacks Zero- Day AQacks Binary Reputa-on 39
40 WINE Data Set: A/V & IPS Telemetry Threats detected by Norton products A/V, IPS Telemetry Remedia*on Patch Advisory Vulnerability Malware Samples Dissemina*on & Concealment Telemetry AQack signature Timestamp Zero- Day Target AQacks OS Target process New AQacking IP AQacks CPU make & model Binary Reputa*on 40
41 WINE Data Set: Spam Samples of spam and phishing s Sta*s*cs on blocked spam Vulnerability Remedia*on Patch Malware Samples New AQacks Zero- Day AQacks A/V, IPS Telemetry Advisory Dissemina*on & Concealment Binary Reputa*on Spam 41
42 WINE Data Set: URL Reputa0on Data collected by crawling the Web A/V, IPS Telemetry URL Reputa-on Site name Site ra*ng Remedia*on Threat URL Threat type Threat name Patch Timestamp Advisory Vulnerability Malware Samples Dissemina*on & Concealment New AQacks Zero- Day AQacks Binary Reputa*on URL Reputa-on Spam 42
43 Distributed Data Collec-on Malware: 7M samples A/V telemetry: 130M machines URL reputa-on: 10M domains Binary reputa-on: 35M machines Spam: 2.5M decoys 43
44 Can we extend the WINE idea to ICS research? CRISALIS: 3- year collabora*ve project (funded by FP7- SEC) Par*cipants: Symantec (Ireland) Siemens (Germany) Security MaQers (Netherlands) EURECOM (France) Chalmers (Sweden) University of Twente (Netherlands) ENEL (Italy) Alliander (Netherlands) Industry Academia End users 44
45 The problems Few or no informa*on is available on the threat landscape and on ongoing aqacks against ICS environments How do we ensure the relevance of our research? The few informa*on we have at our disposal shows very advanced threats carried out by groups or governments with almost unlimited resources How do we ensure the effec-veness of our research? 45
46 Threat economy (reminder) Security mechanisms o]en aim at rendering an intrusion difficult enough Their effec*veness depends on the value of the target! Requiring a signed cer*ficate to inject a kernel driver Keeping valuable resources in a private network Storing a cer*ficate in a secure room cost revenue 46
47 Stuxnet Windows worm discovered in July 2010 Uses 7 different self- propaga*on methods Uses 4 Microso] 0- day exploits + 1 known vulnerability Leverages 2 Siemens security issues Contains a Windows rootkit Used 2 stolen digital cer-ficates (second one introduced when first one was revoked) Modified code on Programmable Logic Controllers (PLCs) First known PLC rootkit 47
48 Stuxnet and the myth of the private network Internet P2P communica*on Remote propaga*on C&C servers 48
49 Stuxnet: an isolated incident? September 2011: a European company seeks help to inves*gate a security incident that happened in their IT system, and contacts CrySyS labs (Budapest University of Technology and Economics) October 2011: CrySyS labs iden*fies the infec*on and shares informa*on with major security companies Duqu: named a]er the filenames created by the infec*on, star*ng with the string ~DQ A few days later, Symantec releases the first report on Duqu malware sample with the help of the outcomes of the original CrySyS inves*gators 49
50 Signed Drivers Some signed (C- Media cer*ficate) Revoked immediately a]er discovery 50
51 Extremely stealthy and targeted infec-on 0- day vulnerability in TTF font parser Shellcode ensures infec*on only in an 8 days window in August No self- propaga*on, but spreading can be directed to other computers through C&C Secondary target do not communicate with C&C, communicate instead through P2P Infec*on leaves almost no trace on hard drive: only the driver file is stored in stable storage! 51
52 Command & Control Complexity Communica*on over TCP/80 and TCP/443 Embeds protocol under HTTP, but not HTTPS Includes small blank JPEG in all communica*ons Basic proxy support Complex protocol TCP- like with fragments, sequence and ack. numbers, etc. Encryp*on AES- CBC with fixed Key Compression LZO Extra custom compression layer CnC server hidden behind a long sequence of proxies 52
53 Targets 6 organiza*ons in 8 countries confirmed infected 53
54 Duqu strange clues TTF Exploit Font name Dexter Regular from Show*me Inc. Only two characters defined: : ) Inside the keylogger component is a par*al image interac*ng Galaxy System NGC
55 W32.Flamer Recently discovered, but ac*ve for more than 2 years Extremely high complexity LUA Interpreter Comprehensive toolkit for data exfiltra*on Ability to record from internal microphone Bluetooth toolkit 55
56 What have we learned so far? 1. Abacker mo-va-on: no security prac*ce is likely to make the intrusion difficult enough. New mo*va*ons for aqackers (crime, cyber warfare) mean more resources and incen*ves to conduct aqacks. 2. Myth of the private network: also because of 1., relying on network isola*on from the Internet as main security protec*on is ineffec*ve. Physical security cannot be enforced in prac*ce, and network isola*on renders cloud- based security technologies impossible to apply (e.g. reputa*on, data analysis, signatures, ). 3. From Intrusion Preven-on to Intrusion Tolerance: a layered approach is required with several safety nets and managerial procedures to handle fallback modes. 56
57 The CRISALIS approach O.1 Securing the systems O.2 Detec-ng the intrusions O.3 Analyzing successful intrusions System discovery SCADA environments AMI environments End user support 57
58 System discovery: the founda-on of the CRISALIS project Understand the environment being monitored Devices Interconnec*ons among devices Seman*cs of the interac*ons Challenges Proprietary devices and protocols Lack of protocol parsers O.1 Securing the systems O.2 Detec-ng the intrusions O.3 Analyzing successful intrusions End user support System discovery 58
59 O.1 Securing the systems Penetra*on tes*ng Globally accepted methodologies in ICT infrastructures O.1 Securing the systems O.2 Detec-ng the intrusions O.3 Analyzing successful intrusions End user support System discovery Methodology needs to be carefully revisited to be applicable to ICS (dangerous!) Vulnerability discovery AQen*on to the automated discovery of vulnerabili*es in ICS devices Sta*c analysis of the binary code Dynamic analysis Drive the vulnerability discovery process through informa*on on the protocol specifica*on 59
60 O.2 Detec-ng the intrusions O.1 Securing the systems O.2 Detec-ng the intrusions O.3 Analyzing successful intrusions System discovery End user support Vulnerability discovery is unlikely to exhaus*vely iden*fy all the possible threat vectors. How to iden*fy and block a successful intrusions? Targeted aqacks: we need to avoid a- priori assump*ons on the threat vector Tradi*onal assump*ons on the threat model are likely to not hold Signature- based technologies are not appropriate Revisit behavior- based detec*on in ICS environments Revisit host- based monitoring techniques 60
61 O.3 Analyzing successful intrusions O.1 Securing the systems O.2 Detec-ng the intrusions O.3 Analyzing successful intrusions System discovery End user support Be ready to fail: provide instruments to detect suspicious modifica*ons to the devices and analyze their effects Forensic analysis of industrial devices: how can we understand if a PLC device has been compromised? How can we understand the impact of the modifica*ons? Challenges Perceived absence of real threats by the industry Deployment of proprietary components and protocols Lack of persistent storage capabili*es 61
62 Valida-on environment O.1 Securing the systems O.2 Detec-ng the intrusions O.3 Analyzing successful intrusions System discovery End user support How can we validate the soundness of the obtained results? What is the performance of an intrusion detec*on methodology in real world environments? Valida*on environments: ENEL Security Lab (Livorno, Italy): replica of a real- world SCADA system used in power genera*on Alliander Tes*ng deployment (Netherlands): tes*ng AMI deployment 62
63 Thank you! Corrado Leita Copyright 2010 Symantec Corpora-on. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corpora*on or its affiliates in the U.S. and other countries. Other names may be trademarks of their respec*ve owners. This document is provided for informa*onal purposes only and is not intended as adver*sing. All warran*es rela*ng to the informa*on in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The informa*on in this document is subject to change without no*ce. 63
64 An example: CRISALIS and protocol learning Can we try to aqach seman*cs to the different edges with no a- priori knowledge on the protocol structure? Can we infer causality? 64
65 ScriptGen Protocol- agnos*c algorithm Observe conversa*on samples between a client and a real server Infer seman*cs using bioinforma*cs algorithms Proved good results in handling determinis*c exploit scripts 250 OK MAIL FROM: <alice@symantec.com> MAIL FROM: <*@symantec.com> MAIL FROM: <bob@symantec.com> MAIL FROM: <carl@symantec.com> 250 OK 250 OK MAIL FROM: <xxx@bad.ru> MAIL FROM: <*@*.*> 550 ERR 65
66 Region analysis 1 2 Multiple alignment Clustering 4 3 Region synthesis Micro clustering MAIL FROM: <alice@eurecom.fr> MAIL FROM:<*@eurecom.fr> MAIL FROM: MAIL FROM:<*@*.*> 66
Challenges in Critical Infrastructure Security
Challenges in Critical Infrastructure Security Corrado Leita Symantec Research Labs DIMVA 2012 - Heraklion, Greece - 26-27 July 2012 1 Symantec Research Labs Symantec Research Labs Sophia Antipolis, FR
More informationOverview. Introduction. Conclusions WINE TRIAGE. Zero day analysis. Symantec Research Labs (SRL)
1 Overview Introduction WINE TRIAGE Zero day analysis Conclusions 2 5 locations: USA: Mountain View (CA), Culver City (CA), Herndon (VA) Europe: Dublin (IE), Sophia Antipolis(FR).. 4 thematic domains:
More informationEmail/Endpoint Security and More Rondi Jamison
Email/Endpoint Security and More Rondi Jamison Sr. Marke)ng Manager - Enterprise Security Strategy Agenda 1 Why Symantec? 2 Partnership 3 APS2 Packages 4 What s next Copyright 2014 Symantec Corpora)on
More informationNIST Email Security Improvements. William C. Barker and Scott Rose October 22, 2015 M3AAWG 35 th General Meeting
NIST Email Security Improvements William C. Barker and Scott Rose October 22, 2015 M3AAWG 35 th General Meeting Presenters Scott Rose Computer Scientist, NIST ITL William (Curt) Barker Guest Researcher,
More informationSophos Ltd. All rights reserved.
Sophos Ltd. All rights reserved. 1 Sophos Approach to Unified Security Integrated Security for Be9er Protec;on James Burchell & Greg Iddon, Sales Engineers UK&I, Technology Services What we re going to
More informationSymantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team
Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................
More informationDNS Traffic Monitoring. Dave Piscitello VP Security and ICT Coordina;on, ICANN
DNS Traffic Monitoring Dave Piscitello VP Security and ICT Coordina;on, ICANN Domain Names ICANN coordinates the administra2on of global iden2fier systems Domain names provide user friendly identification
More informationMain Research Gaps in Cyber Security
Comprehensive Approach to cyber roadmap coordina5on and development Main Research Gaps in Cyber Security María Pilar Torres Bruna everis Aerospace and Defence Index CAMINO WP2: Iden8fica8on and Analysis
More informationProtecting the Infrastructure: Symantec Web Gateway
Protecting the Infrastructure: Symantec Web Gateway 1 Why Symantec for Web Security? Flexibility and Choice Best in class hosted service, appliance, and virtual appliance (upcoming) deployment options
More informationCri$cal Infrastructure Security: The Emerging Smart Grid. Cyber Security Lecture 5: Assurance, Evalua$on, and Compliance Carl Hauser & Adam Hahn
Cri$cal Infrastructure Security: The Emerging Smart Grid Cyber Security Lecture 5: Assurance, Evalua$on, and Compliance Carl Hauser & Adam Hahn Overview Evalua$on Common Criteria Security Tes$ng Approaches
More informationProtec'ng Communica'on Networks, Devices, and their Users: Technology and Psychology
Protec'ng Communica'on Networks, Devices, and their Users: Technology and Psychology Alexey Kirichenko, F- Secure Corpora7on ICT SHOK, Future Internet program 30.5.2012 Outline 1. Security WP (WP6) overview
More informationDeep Discovery. Technical details
Deep Discovery Technical details Deep Discovery Technologies DETECT Entry point Lateral Movement Exfiltration 360 Approach Network Monitoring Content Inspection Document Emulation Payload Download Behavior
More informationSecure Your Mobile Workplace
Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in
More informationComputer Security Incident Handling Detec6on and Analysis
Computer Security Incident Handling Detec6on and Analysis Jeff Roth, CISSP- ISSEP, CISA, CGEIT Senior IT Security Consultant 1 Coalfire Confiden+al Agenda 2 SECURITY INCIDENT CONTEXT TERMINOLOGY DETECTION
More informationMission. To provide higher technological educa5on with quality, preparing. competent professionals, with sound founda5ons in science, technology
Mission To provide higher technological educa5on with quality, preparing competent professionals, with sound founda5ons in science, technology and innova5on, commi
More informationRogue Programs. Rogue Programs - Topics. Security in Compu4ng - Chapter 3. l Rogue programs can be classified by the way they propagate
Rogue Programs Security in Compu4ng - Chapter 3 Rogue Programs - Topics l Rogue programs can be classified by the way they propagate l Virus l Trojan l Worm l Or how they are ac4vated l Time Bomb l Logic
More informationTargeted A6ack Security - A Case Study
Looking Back at Three Years of Targeted A6acks Lessons Learned on the A>ackers Behaviors and VicBms Profiles Olivier Thonnard Principal Research Engineer 1 OUTLINE 1 IntroducBon 2 Targeted A>ack Intelligence
More informationGetting Real with Policies for Software Defined Infrastructure. Manish Dave Principal Engineer, Intel IT
Getting Real with Policies for Software Defined Infrastructure Manish Dave Principal Engineer, Intel IT Manish Dave, Principal Engineer, Intel IT Network Security Architect @ Intel IT 15+ years of experience
More informationIntroducing IBM s Advanced Threat Protection Platform
Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM
More informationCisco Advanced Malware Protection for Endpoints
Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview With today s sophisticated malware, you have to protect endpoints before, during, and after attacks. Cisco Advanced Malware Protection
More informationBetter Together: Microsoft Office 365 & Symantec Office 365
#SymVisionEmea #SymVisionEmea Better Together: Microsoft Office 365 & Symantec Office 365 & Symantec Mike Smart Product Marketing Information SECURITY David Moseley Product Marketing Information MANAGEMENT
More informationMcAfee Global Threat Intelligence File Reputation Service. Best Practices Guide for McAfee VirusScan Enterprise Software
McAfee Global Threat Intelligence File Reputation Service Best Practices Guide for McAfee VirusScan Enterprise Software Table of Contents McAfee Global Threat Intelligence File Reputation Service McAfee
More informationModern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth
Modern Cyber Threats how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure Axel Wirth Healthcare Solutions Architect Distinguished Systems Engineer AAMI 2013 Conference
More informationIntro Fun. S#ck- figure strip humor sourced and courtesy of h8p://xkcd.com and is provided for informa#ve use only.
Intro Fun S#ck- figure strip humor sourced and courtesy of h8p://xkcd.com and is provided for informa#ve use only. Security & Trust Trends on security and trust within the Internet A focus on Phishing
More informationGyrus: A Framework for User- Intent Monitoring of Text- Based Networked ApplicaAons
Gyrus: A Framework for User- Intent Monitoring of Text- Based Networked ApplicaAons Yeongjin Jang*, Simon P. Chung*, Bryan D. Payne, and Wenke Lee* *Georgia Ins=tute of Technology Nebula, Inc 1 Tradi=onal
More informationYou ll learn about our roadmap across the Symantec email and gateway security offerings.
#SymVisionEmea In this session you will hear how Symantec continues to focus our comprehensive security expertise, global intelligence and portfolio on giving organizations proactive, targeted attack protection
More informationNetwork Security. Computer Security & Forensics. Security in Compu5ng, Chapter 7. l Network Defences. l Firewalls. l Demilitarised Zones
Network Security Security in Compu5ng, Chapter 7 Topics l Network AAacks l Reconnaissance l AAacks l Spoofing l Web Site Vulnerabili5es l Denial of Service l Network Defences l Firewalls l Demilitarised
More informationIBM Advanced Threat Protection Solution
IBM Advanced Threat Protection Solution Fabio Panada IBM Security Tech Sales Leader 1 Advanced Threats is one of today s key mega-trends Advanced Threats Sophisticated, targeted attacks designed to gain
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationMicrosoft Security Intelligence Report volume 7 (January through June 2009)
Microsoft Security Intelligence Report volume 7 (January through June 2009) Key Findings Summary Volume 7 of the Microsoft Security Intelligence Report provides an in-depth perspective on malicious and
More informationCyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.
Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control
More informationINDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION
INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION Prepared for the NRC Fuel Cycle Cyber Security Threat Conference Presented by: Jon Chugg, Ken Rohde Organization(s): INL Date: May 30, 2013 Disclaimer
More informationGetting Ahead of Malware
IT@Intel White Paper Intel Information Technology Security December 2009 Getting Ahead of Malware Executive Overview Since implementing our security event monitor and detection processes two years ago,
More informationPrivacy- Preserving P2P Data Sharing with OneSwarm. Presented by. Adnan Malik
Privacy- Preserving P2P Data Sharing with OneSwarm Presented by Adnan Malik Privacy The protec?on of informa?on from unauthorized disclosure Centraliza?on and privacy threat Websites Facebook TwiFer Peer
More informationTrend Micro Cloud App Security for Office 365. October 27, 2015 Trevor Richmond
Trend Micro Cloud App Security for Office 365 October 27, 2015 Trevor Richmond Too many malware incidents >90% Targeted Attacks Start with Email Attackers: Target specific companies or individuals Research
More informationTHREAT VISIBILITY & VULNERABILITY ASSESSMENT
THREAT VISIBILITY & VULNERABILITY ASSESSMENT Date: April 15, 2015 IKANOW Analysts: Casey Pence IKANOW Platform Build: 1.34 11921 Freedom Drive, Reston, VA 20190 IKANOW.com TABLE OF CONTENTS 1 Key Findings
More informationQubera Solu+ons Access Governance a next genera0on approach to Iden0ty Management
Qubera Solu+ons Access Governance a next genera0on approach to Iden0ty Management Presented by: Toby Emden Prac0ce Director Iden0ty Management and Access Governance Agenda Typical Business Drivers for
More informationAutomating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com
Automating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com A number of devices are running Linux due to its flexibility and open source nature. This has made Linux platform
More informationCyber intelligence in an online world
Cyber intelligence in an online world James Hanlon CISM, CISSP, CMI Cyber Strategy & GTM, EMEA Cyber intelligence in an online world SYMANTEC VISION SYMPOSIUM 2014 2 Software and data powers the world
More informationDesign and Evalua.on of a Real- Time URL Spam Filtering Service
Design and Evalua.on of a Real- Time URL Spam Filtering Service Kurt Thomas, Chris Grier, Jus.n Ma, Vern Paxson, Dawn Song University of California, Berkeley Interna.onal Computer Science Ins.tute Mo.va.on
More informationMalicious Network Traffic Analysis
Malicious Network Traffic Analysis Uncover system intrusions by identifying malicious network activity. There are a tremendous amount of network based attacks to be aware of on the internet today and the
More informationJOOMLA REFLECTION DDOS-FOR-HIRE
1 TLP: GREEN GSI ID: 1085 JOOMLA REFLECTION DDOS-FOR-HIRE RISK FACTOR - HIGH 1.1 / OVERVIEW / Following a series of vulnerability disclosures throughout 2014, the popular content management framework Joomla
More informationPrivileged Administra0on Best Prac0ces :: September 1, 2015
Privileged Administra0on Best Prac0ces :: September 1, 2015 Discussion Contents Privileged Access and Administra1on Best Prac1ces 1) Overview of Capabili0es Defini0on of Need 2) Preparing your PxM Program
More informationSECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal
WHITE PAPER SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM Why Automated Analysis Tools are not Created Equal SECURITY REIMAGINED CONTENTS Executive Summary...3 Introduction: The Rise
More informationOne Minute in Cyber Security
Next Presentation begins at 15:30 One Minute in Cyber Security Simon Bryden Overview Overview of threat landscape Current trends Challenges facing security vendors Focus on malware analysis The year? The
More informationCS 5150 So(ware Engineering System Architecture: Introduc<on
Cornell University Compu1ng and Informa1on Science CS 5150 So(ware Engineering System Architecture: Introduc
More informationEnd to End Security do Endpoint ao Datacenter
do Endpoint ao Datacenter Piero DePaoli & Leandro Vicente Security Product Marketing & Systems Engineering 1 Agenda 1 Today s Threat Landscape 2 From Endpoint: Symantec Endpoint Protection 3 To Datacenter:
More informationCloud Security Primer MALICIOUS NETWORK COMMUNICATIONS: WHAT ARE YOU OVERLOOKING?
A Cloud Security Primer : WHAT ARE YOU OVERLOOKING? LEGAL DISCLAIMER The information provided herein is for general information and educational purposes only. It is not intended and should not be construed
More informationFighting Advanced Threats
Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.
More informationSecurity Awareness. Top Security Issues. Office of Informa(on Technology Informa5on Security Department 2011-2012 BE CYBER SAFE
Security Awareness Office of Informa(on Technology Informa5on Security Department 2011-2012 Top Security Issues BE CYBER SAFE 1 Top Security Items for 2011-2012 Passwords Social Networking Phishing Malware,
More informationBig Data in Action: Behind the Scenes at Symantec with the World s Largest Threat Intelligence Data
Big Data in Action: Behind the Scenes at Symantec with the World s Largest Threat Intelligence Data Patrick Gardner VP Engineering Sourabh Satish Distinguished Engineer Symantec Vision 2014 - Big Data
More informationTrend Micro Incorporated Research Paper 2012. Adding Android and Mac OS X Malware to the APT Toolbox
Trend Micro Incorporated Research Paper 2012 Adding Android and Mac OS X Malware to the APT Toolbox Contents Abstract... 1 Introduction... 1 Technical Analysis... 2 Remote Access Trojan Functionality...
More informationDescription: Course Details:
Course: Malicious Network Traffic Analysis Duration: 5 Day Hands-On Lab & Lecture Course Price: $ 3,495.00 Description: There are a tremendous amount of network based attacks to be aware of on the internet
More informationWhite Paper. Advantage FireEye. Debunking the Myth of Sandbox Security
White Paper Advantage FireEye Debunking the Myth of Sandbox Security White Paper Contents The Myth of Sandbox Security 3 Commercial sandbox evasion 3 Lack of multi-flow analysis and exploit detection 3
More informationDefending Against Cyber Attacks with SessionLevel Network Security
Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive
More informationCisco Advanced Services for Network Security
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
More informationResearch at the Department of Computer Science and Software Engineering. Professor Yong Yue BEng, PhD, CEng, FIET, FIMechE 17 October 2014
Research at the Department of Computer Science and Software Engineering Professor Yong Yue BEng, PhD, CEng, FIET, FIMechE 17 October 2014 Research Areas Ar%ficial intelligence Robo%cs Data mining Image
More informationConcierge SIEM Reporting Overview
Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts
More informationComparison of Firewall, Intrusion Prevention and Antivirus Technologies
White Paper Comparison of Firewall, Intrusion Prevention and Antivirus Technologies How each protects the network Juan Pablo Pereira Technical Marketing Manager Juniper Networks, Inc. 1194 North Mathilda
More informationBotnet Analysis Leveraging Domain Ratio Analysis Uncovering malicious activity through statistical analysis of web log traffic
The Leader in Cloud Security RESEARCH REPORT Botnet Analysis Leveraging Domain Ratio Analysis Uncovering malicious activity through statistical analysis of web log traffic ABSTRACT Zscaler is a cloud-computing,
More informationCyber and Mobile Landscape, Challenges, & Best Practices
Cyber and Mobile Landscape, Challenges, & Best Practices while increasing efficiencies through automation Cheri McGuire VP, Global Govt. Affairs & Cybersecurity Policy Cyber and Mobility Challenges and
More informationThe Seven Habits of State-of-the-Art Mobile App Security
#mstrworld The Seven Habits of State-of-the-Art Mobile App Security Mobile Security 8 July 2014 Anand Dwivedi, Product Manager, MicroStrategy strworld Agenda - Seven Habits of State of the Art Mobile App
More informationUnknown threats in Sweden. Study publication August 27, 2014
Unknown threats in Sweden Study publication August 27, 2014 Executive summary To many international organisations today, cyber attacks are no longer a matter of if but when. Recent cyber breaches at large
More informationThreat Advisory: Accellion File Transfer Appliance Vulnerability
Threat Advisory: Accellion File Transfer Appliance Vulnerability Niara Threat Advisories provide timely information regarding new attacks along with how Niara helps companies quickly detect an attack to
More informationInterna'onal Standards Ac'vi'es on Cloud Security EVA KUIPER, CISA CISSP EVA.KUIPER@HP.COM HP ENTERPRISE SECURITY SERVICES
Interna'onal Standards Ac'vi'es on Cloud Security EVA KUIPER, CISA CISSP EVA.KUIPER@HP.COM HP ENTERPRISE SECURITY SERVICES Agenda Importance of Common Cloud Standards Outline current work undertaken Define
More informationPreparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE
More informationIBM Security. 2013 IBM Corporation. 2013 IBM Corporation
IBM Security Security Intelligence What is Security Intelligence? Security Intelligence --noun 1.the real-time collection, normalization and analytics of the data generated by users, applications and infrastructure
More informationSecurity Analytics for Smart Grid
Security Analytics for Smart Grid Dr. Robert W. Griffin Chief Security Architect RSA, the Security Division of EMC robert.griffin@rsa.com blogs.rsa.com/author/griffin @RobtWesGriffin 1 No Shortage of Hard
More informationNetworks and Security Lab. Network Forensics
Networks and Security Lab Network Forensics Network Forensics - continued We start off from the previous week s exercises and analyze each trace file in detail. Tools needed: Wireshark and your favorite
More informationConnec(ng to the NC Educa(on Cloud
NC Educa)on Cloud Connec(ng to the NC Educa(on Cloud May 2012 Update! http://cloud.fi.ncsu.edu! Dave Furiness, MCNC! Phil Emer, Friday Institute! 1 First Things First Year one was about planning we are
More informationCountering Insider Threats Jeremy Ho
Countering Insider Threats Jeremy Ho Strategic Sales Group (ASEAN) 1 CONFIDENTIAL Key Challenges Impacting Organization Today REGULATORY COMPLIANCE Rising Data Volumes Changing Requirements Prioritization
More informationBENCHMARKING V ISUALIZATION TOOL
Copyright 2014 Splunk Inc. BENCHMARKING V ISUALIZATION TOOL J. Green Computer Scien
More informationComputer Networks. Examples of network applica3ons. Applica3on Layer
Computer Networks Applica3on Layer 1 Examples of network applica3ons e- mail web instant messaging remote login P2P file sharing mul3- user network games streaming stored video clips social networks voice
More informationPu?ng B2B Research to the Legal Test
With the global leader in sampling and data services Pu?ng B2B Research to the Legal Test Ashlin Quirk, SSI General Counsel 2014 Survey Sampling Interna6onal 1 2014 Survey Sampling Interna6onal Se?ng the
More informationGyrus: A Framework for User- Intent Monitoring of Text- Based Networked ApplicaAons
Gyrus: A Framework for User- Intent Monitoring of Text- Based Networked ApplicaAons Yeongjin Jang*, Simon P. Chung*, Bryan D. Payne, and Wenke Lee* *Georgia Ins=tute of Technology Nebula, Inc 1 Tradi=onal
More informationScalus A)ribute Workshop. Paris, April 14th 15th
Scalus A)ribute Workshop Paris, April 14th 15th Content Mo=va=on, objec=ves, and constraints Scalus strategy Scenario and architectural views How the architecture works Mo=va=on for this MCITN Storage
More informationTake the Red Pill: Becoming One with Your Computing Environment using Security Intelligence
Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence Chris Poulin Security Strategist, IBM Reboot Privacy & Security Conference 2013 1 2012 IBM Corporation Securing
More informationWildFire. Preparing for Modern Network Attacks
WildFire WildFire automatically protects your networks from new and customized malware across a wide range of applications, including malware hidden within SSL-encrypted traffic. WildFire easily extends
More informationSplunk and Big Data for Insider Threats
Copyright 2014 Splunk Inc. Splunk and Big Data for Insider Threats Mark Seward Sr. Director, Public Sector Company Company (NASDAQ: SPLK)! Founded 2004, first sohware release in 2006! HQ: San Francisco
More informationFirewalls and Classical Network Security
Firewalls and Classical Network Security Real stories from the news SERVER- SIDE ATTACKS A Story from the News A program infected thousands of computers Vic:m computers were mostly in one country Reported
More informationSpear Phishing Attacks Why They are Successful and How to Stop Them
White Paper Spear Phishing Attacks Why They are Successful and How to Stop Them Combating the Attack of Choice for Cybercriminals White Paper Contents Executive Summary 3 Introduction: The Rise of Spear
More informationInformation and Communications Technology Supply Chain Risk Management (ICT SCRM) AND NIST Cybersecurity Framework
Information and Communications Technology Supply Chain Risk Management (ICT SCRM) AND NIST Cybersecurity Framework Don t screw with my chain, dude! Jon Boyens Computer Security Division IT Laboratory November
More informationSecuring the endpoint and your data
#SymVisionEmea #SymVisionEmea Securing the endpoint and your data Piero DePaoli Sr. Director, Product Marketing Marcus Brownell Sr. Regional Product Manager Securing the Endpoint and Your Data 2 Safe harbor
More informationSecurity Intelligence Services. Cybersecurity training. www.kaspersky.com
Kaspersky Security Intelligence Services. Cybersecurity training www.kaspersky.com CYBERSECURITY TRAINING Leverage Kaspersky Lab s cybersecurity knowledge, experience and intelligence through these innovative
More informationLASTLINE WHITEPAPER. Using Passive DNS Analysis to Automatically Detect Malicious Domains
LASTLINE WHITEPAPER Using Passive DNS Analysis to Automatically Detect Malicious Domains Abstract The domain name service (DNS) plays an important role in the operation of the Internet, providing a two-way
More informationIBM Connections Cloud Security
IBM Connections White Paper September 2014 IBM Connections Cloud Security 2 IBM Connections Cloud Security Contents 3 Introduction 4 Security-rich Infrastructure 6 Policy Enforcement Points Provide Application
More informationReference Architecture: Enterprise Security For The Cloud
Reference Architecture: Enterprise Security For The Cloud A Rackspace Whitepaper Reference Architecture: Enterprise Security for the Cloud Cover Table of Contents 1. Introduction 2 2. Network and application
More informationThe Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud
The Advanced Attack Challenge Creating a Government Private Threat Intelligence Cloud The Advanced Attack Challenge One of the most prominent and advanced threats to government networks is advanced delivery
More informationPost-Stuxnet Industrial Security: Zero-Day Discovery and Risk Containment of Industrial Malware
Post-Stuxnet Industrial Security: Zero-Day Discovery and Risk Containment of Industrial Malware A White Paper presented by: Torsten Rössel Director of Business Development Innominate Security Technologies
More informationAdvanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA
Advanced Visibility Moving Beyond a Log Centric View Matthew Gardiner, RSA & Richard Nichols, RSA 1 Security is getting measurability worse Percent of breaches where time to compromise (red)/time to Discovery
More informationINCREASINGLY, ORGANIZATIONS ARE ASKING WHAT CAN T GO TO THE CLOUD, RATHER THAN WHAT CAN. Albin Penič Technical Team Leader Eastern Europe
INCREASINGLY, ORGANIZATIONS ARE ASKING WHAT CAN T GO TO THE CLOUD, RATHER THAN WHAT CAN Albin Penič Technical Team Leader Eastern Europe Trend Micro 27 years focused on security software Headquartered
More informationStream Deployments in the Real World: Enhance Opera?onal Intelligence Across Applica?on Delivery, IT Ops, Security, and More
Copyright 2015 Splunk Inc. Stream Deployments in the Real World: Enhance Opera?onal Intelligence Across Applica?on Delivery, IT Ops, Security, and More Stela Udovicic Sr. Product Marke?ng Manager Clayton
More informationCisco Advanced Malware Protection for Endpoints
Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview With today s sophisticated malware, you have to protect endpoints before, during, and after attacks. Cisco Advanced Malware Protection
More informationUnder the Hood of the IBM Threat Protection System
Under the Hood of the System The Nuts and Bolts of the Dynamic Attack Chain 1 Balazs Csendes IBM Security Intelligence Leader, CEE balazs.csendes@cz.ibm.com 1 You are an... IT Security Manager at a retailer
More informationHow To Protect Virtualized Data From Security Threats
S24 Virtualiza.on Security from the Auditor Perspec.ve Rob Clyde, CEO, Adap.ve Compu.ng; former CTO, Symantec David Lu, Senior Product Manager, Trend Micro Hemma Prafullchandra, CTO/SVP Products, HyTrust
More informationUser Documentation Web Traffic Security. University of Stavanger
User Documentation Web Traffic Security University of Stavanger Table of content User Documentation... 1 Web Traffic Security... 1 University of Stavanger... 1 UiS Web Traffic Security... 3 Background...
More informationVoIP Security How to prevent eavesdropping on VoIP conversa8ons. Dmitry Dessiatnikov
VoIP Security How to prevent eavesdropping on VoIP conversa8ons Dmitry Dessiatnikov DISCLAIMER All informa8on in this presenta8on is provided for informa8on purposes only and in no event shall Security
More informationN-Dimension Solutions Cyber Security for Utilities
AGENDA ITEM NO.: 3.A. MEETING DATE; 08/18/2014 N-Dimension Solutions Cyber Security for Utilities Cyber Security Protection for Critical Infrastructure Assets The cyber threat is escalating - Confidential
More informationBOTNETS. Douwe Leguit, Manager Knowledge Center GOVCERT.NL
BOTNETS Douwe Leguit, Manager Knowledge Center GOVCERT.NL Agenda Bots: what is it What is its habitat How does it spread What are its habits Dutch cases Ongoing developments Visibility of malware vs malicious
More informationComprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)
Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware
More information