Fighting Off an Advanced Persistent Threat & Defending Infrastructure and Data. Dave Shackleford February, 2012

Size: px
Start display at page:

Download "Fighting Off an Advanced Persistent Threat & Defending Infrastructure and Data. Dave Shackleford February, 2012"

Transcription

1 Fighting Off an Advanced Persistent Threat & Defending Infrastructure and Data Dave Shackleford February, 2012

2 Agenda Attacks We ve Seen Advanced Threats what s that mean? A Simple Example What can we do? A cycle: Prevent Detect React

3 What are we seeing? (2009- The attacks are getting worse More stealthy, more damaging, for longer term compromises April 2009: US Electrical Grid compromised by Chinese & Russian hackers US Joint Strike Fighter Program compromised through contractor networks data was encrypted June ) Stuxnet discovered, affecting Siemens SCADA control systems

4 What are we seeing in ? RSA Breach in March 2011 Compromised token seed files via initial vector of social engineering ( ) + 0-day Flash exploit Lockheed Martin compromised 2 months later with fake tokens Possibly other victims too, including Northrop Grumman Citigroup hacked in June ,000 customer records exposed And there s plenty of hacktivism targeting that s happening with Lulzsec and Anonymous

5 What s an APT? The APT is A more methodical, professional attack conducted by well-organized and possibly well-funded attackers The APT is NOT Just malware. Or any one attack. We ve settled on this term for anything even remotely sophisticated or targeted Is this a cop out? Are all of these breaches that sophisticated at all?

6 The APT: An Attack Cycle The APT is really an attack cycle: Reconnaissance Intrusion Backdoors and persistence Advancement Privilege escalation Data theft Additional attacks Maintenance Maintenance Advancement Recon Backdoors & malware Initial intrusion

7 Advanced Attacks Methods? The methods, techniques, and technology we see now, more than ever: Social engineering, especially phishing Use of 0-day exploits HTTP and HTTPS C&C channels Memory-resident payloads Use of common document formats for delivery, such as PDF, DOC, XLS, etc. Focus on client-side software exploits Data stealing code components

8 A Targeted Attack Example Competitor wants to gain access to R&D documents They decide to target the firm s engineers Step 1: Recon Step 2: Targeted Attack Step 3: Gaining Access Step 4: Command and Control Step 5: Data Access/Exfiltration

9 Step 1: Recon Twitter Starbucks Starbucks Sniffing Captured: address Friend s Interests (www.techstuff.com)

10 Step 2: Targeted Attack Hey look! An from Engineer2. With a catalog attached! Spoofed, of course Most certainly clicking here

11 Step 3: Gaining Access The PDF gets clicked. Code gets dropped. The backdoor is opened.

12 Step 4: Command & Control The attacker connects back to the listening port A more likely scenario would be the other way around an outbound shell ( Shoveling Shell ) or a more robust bot/rootkit

13 Step 5: Adios to the Data At this point, the attacker could do any number of things to get more sensitive data FTP/SFTP SSH/SCP Custom encrypted channels (Base64/UDP)

14 Today s Security Programs $$$ People Security Information Tools Decrease Risk Increase Security Maintain Compliance

15 How most security shops spend their time

16 Changing our Risk Profile Today s attacks require a different focus: 1. Prevention techniques should protect you from 80% or more of the issues 2. Detection techniques should be focused on continuous monitoring 3. Reaction capabilities are inevitable, and should be focused on speed and thoroughness With 90% Detection and Reaction - we are just doing knee jerk security This is bad.

17 Prevention: Education Educating users about the dangers of the Internet (!) is important Browsing safely Not giving out personal or sensitive information over the phone Separating work and personal life on social media networks Being wary of links and s with attachments However, many security awareness programs don t seem to work well - why?

18 Prevention: Communication Risk needs to be articulated in audience-specific formats What are the best ways to communicate and work with groups internally & externally? Internally: Proactive communications: Share news stories and new threat information with executive management, IT management, and employees (via newsletter or Intranet) Externally: Develop and nurture contacts and relationships with law enforcement, ISP, and key partners and customers Set a threshold or trigger for when to communicate potential issues

19 Prevention: Testing Yourself Find holes before attackers do! Prove that security issues exist to skeptical management Raise overall security awareness Verify secure system configurations Test new technology Discover gaps in compliance posture and satisfy legal, industry and/or governmental requirements such as HIPAA, SOX or PCI DSS.

20 Prioritized and risk-focused remediation guidance Define what is important to you in terms of risk Confidentiality for PII and other data? Availability concerns with systems and apps? Integrity with MitM and other attacks? Build on this for the report Ensure both attacks and successful exploits are framed in the context of priorities to your business Any VA/PT should be focused on your actual risks not just a scan or exploit to prove you re vulnerable

21 Pen Testing Metrics What kinds of metrics make sense for penetration testing and vulnerability assessments? For more continual vulnerability assessments: Number of vulnerabilities found Criticality and types of vulnerabilities Percentage of systems/apps scanned Number of unowned or questionable assets detected For penetration tests, the key is a baseline: How many critical vulnerabilities were found vs. the last test? User accounts / passwords compromised Data records accessed (or similar)

22 The Rub: Wrapping Up The APT is not malware, or one specific type of attack Any targeted attacks with forethought, custom exploits or malware, and social engineering will likely fall into the APT realm Embedded document code is a very common attack vector We have a huge gap in our risk profile right now: PROACTIVE ASSESSMENT Better knowledge of attack vectors = better security overall.

23 Final Discussion & Questions Thanks for attending!

A Penetration Testing Maturity and Scoring Model

A Penetration Testing Maturity and Scoring Model A Penetration Testing Maturity and Scoring Model SESSION ID: TECH-W02 Dave Shackleford Founder & Principal Consultant Voodoo Security @daveshackleford Introduction Most organizations conduct some variety

More information

How We're Getting Creamed

How We're Getting Creamed ed Attacks How We're Getting Creamed By Ed Skoudis June 9, 2011 ed Attacks - 2011 Ed Skoudis 1 $ cut -f5 -d: /etc/passwd grep -i skoudis Ed Skoudis Started infosec career at Bellcore in 1996 working for

More information

Advanced & Persistent Threat Analysis - I

Advanced & Persistent Threat Analysis - I Advanced & Persistent Threat Analysis - I Burak Ekici ekcburak@hotmail.com Department of Computer Engineering, Yaşar University, Turkey. April 21, 2012 Burak Ekici (Dept. of Comp. Eng.) Advanced & Persistent

More information

Next-Generation Penetration Testing. Benjamin Mossé, MD, Mossé Security

Next-Generation Penetration Testing. Benjamin Mossé, MD, Mossé Security Next-Generation Penetration Testing Benjamin Mossé, MD, Mossé Security About Me Managing Director of Mossé Security Creator of an Mossé Cyber Security Institute - in Melbourne +30,000 machines compromised

More information

Cybersecurity Kill Chain. William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015

Cybersecurity Kill Chain. William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015 Cybersecurity Kill Chain William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015 Who Am I? Over 20 years experience with 17 years in the financial industry

More information

RSA Security Anatomy of an Attack Lessons learned

RSA Security Anatomy of an Attack Lessons learned RSA Security Anatomy of an Attack Lessons learned Malcolm Dundas Account Executive John Hurley Senior Technology Consultant 1 Agenda Advanced Enterprise/ Threats The RSA Breach A chronology of the attack

More information

GAINING THE ADVANTAGE. Applying Cyber Kill Chain Methodology to Network Defense

GAINING THE ADVANTAGE. Applying Cyber Kill Chain Methodology to Network Defense GAINING THE ADVANTAGE Applying Cyber Kill Chain Methodology to Network Defense THE MODERN DAY ATTACKER Cyberattacks aren t new, but the stakes at every level are higher than ever. Adversaries are more

More information

Advanced Persistent Threats

Advanced Persistent Threats Advanced Persistent Threats Craig Harwood Channel Manager SADC and Indian Ocean Islands 1 Agenda Introduction Today s Threat landscape What is an Advance persistent Threat How are these crimes perpetrated

More information

What IT Auditors Need to Know About Secure Shell. SSH Communications Security

What IT Auditors Need to Know About Secure Shell. SSH Communications Security What IT Auditors Need to Know About Secure Shell SSH Communications Security Agenda Secure Shell Basics Security Risks Compliance Requirements Methods, Tools, Resources What is Secure Shell? A cryptographic

More information

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

defending against advanced persistent threats: strategies for a new era of attacks agility made possible defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been

More information

Trends in Advanced Threat Protection

Trends in Advanced Threat Protection Trends in Advanced Threat Protection John Martin Senior Security Architect IBM Security Systems Division 1 2012 IBM Corporation John Martin Senior Security Architect IBM Security Systems Division Security

More information

When less is more (Spear-Phishing and Other Methods to Steal Data) Alexander Raczyński

When less is more (Spear-Phishing and Other Methods to Steal Data) Alexander Raczyński When less is more (Spear-Phishing and Other Methods to Steal Data) Alexander Raczyński 1 Agenda Spear-Fishing the new CEO Fear How to Fight Spear-Fishing It s All About the Data Evolution of the bad guys

More information

Breaking the Cyber Attack Lifecycle

Breaking the Cyber Attack Lifecycle Breaking the Cyber Attack Lifecycle Palo Alto Networks: Reinventing Enterprise Operations and Defense March 2015 Palo Alto Networks 4301 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com

More information

FERPA: Data & Transport Security Best Practices

FERPA: Data & Transport Security Best Practices FERPA: Data & Transport Security Best Practices April 2013 Mike Tassey Privacy Technical Assistance Center FERPA and Data Security Unlike HIPAA and other similar federal regulations, FERPA does not require

More information

Rational AppScan & Ounce Products

Rational AppScan & Ounce Products IBM Software Group Rational AppScan & Ounce Products Presenters Tony Sisson and Frank Sassano 2007 IBM Corporation IBM Software Group The Alarming Truth CheckFree warns 5 million customers after hack http://infosecurity.us/?p=5168

More information

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary

More information

How Your Current IT Security System Might Be Leaving You Exposed TAKEAWAYS CHALLENGES WHITE PAPER

How Your Current IT Security System Might Be Leaving You Exposed TAKEAWAYS CHALLENGES WHITE PAPER WHITE PAPER CHALLENGES Protecting company systems and data from costly hacker intrusions Finding tools and training to affordably and effectively enhance IT security Building More Secure Companies (and

More information

The Peak of Chaos Shane D. Shook, PhD 10/31/2012

The Peak of Chaos Shane D. Shook, PhD 10/31/2012 w h a c k e r n a v k n d n h m y a w h o? n r h p e n c n o s a n w s o v y i d u n n n r n m s r k d e a i k o w i r c d i o m u t w e t w s u t s i v i t c a Shane D. Shook, PhD 10/31/2012 Cyber Crime

More information

CORE IMPACT AND THE CONSENSUS AUDIT GUIDELINES (CAG)

CORE IMPACT AND THE CONSENSUS AUDIT GUIDELINES (CAG) CORE IMPACT AND THE CONSENSUS AUDIT GUIDELINES (CAG) Extending automated penetration testing to develop an intelligent and cost-efficient security strategy for enterprise-scale information systems CAG

More information

Threat Intelligence Pty Ltd info@threatintelligence.com 1300 809 437. Specialist Security Training Catalogue

Threat Intelligence Pty Ltd info@threatintelligence.com 1300 809 437. Specialist Security Training Catalogue Threat Intelligence Pty Ltd info@threatintelligence.com 1300 809 437 Specialist Security Training Catalogue Did you know that the faster you detect a security breach, the lesser the impact to the organisation?

More information

Agenda. 3 2012, Palo Alto Networks. Confidential and Proprietary.

Agenda. 3 2012, Palo Alto Networks. Confidential and Proprietary. Agenda Evolution of the cyber threat How the cyber threat develops Why traditional systems are failing Need move to application controls Need for automation 3 2012, Palo Alto Networks. Confidential and

More information

Storage Cloud Infrastructures

Storage Cloud Infrastructures Storage Cloud Infrastructures Detection and Mitigation of MITM Attacks Presenter: Jaqueline Carmilema CyberSecurity for the Next Generation South American Round, Quito 31 January 1 February, 2013 PAGE

More information

N4SECURE SERVICES TECHNICAL DESCRIPTION PUBLIC NODE4 LIMITED 25/04/2016

N4SECURE SERVICES TECHNICAL DESCRIPTION PUBLIC NODE4 LIMITED 25/04/2016 N4SECURE SERVICES TECHNICAL DESCRIPTION PUBLIC NODE4 LIMITED 25/04/2016 INTRODUCTION N4Secure is a Threat Intelligence managed service. By monitoring network traffic, server traffic, scanning for internal

More information

After the Attack. The Transformation of EMC Security Operations

After the Attack. The Transformation of EMC Security Operations After the Attack The Transformation of EMC Security Operations Thomas Wood Senior Systems Engineer, GSNA CISSP RSA, The Security Division of EMC Thomas.WoodJr@rsa.com 1 Agenda Review 2011 Attack on RSA

More information

Unknown threats in Sweden. Study publication August 27, 2014

Unknown threats in Sweden. Study publication August 27, 2014 Unknown threats in Sweden Study publication August 27, 2014 Executive summary To many international organisations today, cyber attacks are no longer a matter of if but when. Recent cyber breaches at large

More information

Information Security Services

Information Security Services Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual

More information

Presented by Evan Sylvester, CISSP

Presented by Evan Sylvester, CISSP Presented by Evan Sylvester, CISSP Who Am I? Evan Sylvester FAST Information Security Officer MBA, Texas State University BBA in Management Information Systems at the University of Texas Certified Information

More information

Real World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services

Real World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services Real World Healthcare Security Exposures Brian Selfridge, Partner, Meditology Services 2 Agenda Introduction Background and Industry Context Anatomy of a Pen Test Top 10 Healthcare Security Exposures Lessons

More information

A Simple Guide to Successful. Penetration Testing

A Simple Guide to Successful. Penetration Testing A Simple Guide to Successful Penetration Testing Table of Contents Penetration Testing, Simplified. Scanning is Not Testing. Test Well. Test Often. Pen Test to Avoid a Mess. Six-phase Methodology. A Few

More information

A Case for Managed Security

A Case for Managed Security A Case for Managed Security By Christopher Harper Managing Director, Security Superior Managed IT & Security Services 1. INTRODUCTION Most firms believe security breaches happen because of one key malfunction

More information

SECURITY INTELLIGENCE: CAN BIG DATA ANALYTICS OVERCOME OUR BLIND SPOTS? AN IANS CUSTOM REPORT

SECURITY INTELLIGENCE: CAN BIG DATA ANALYTICS OVERCOME OUR BLIND SPOTS? AN IANS CUSTOM REPORT SECURITY INTELLIGENCE: CAN BIG DATA ANALYTICS OVERCOME OUR BLIND SPOTS? AN IANS CUSTOM REPORT DECEMBER 2012 Contents Contents... 2 Introduction... 3 Today s Threat Landscape... 4 The State of Security

More information

Fighting Advanced Threats

Fighting Advanced Threats Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.

More information

Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com

Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com SAINT Integrated Network Vulnerability Scanning and Penetration Testing www.saintcorporation.com Introduction While network vulnerability scanning is an important tool in proactive network security, penetration

More information

SECURITY. Risk & Compliance Services

SECURITY. Risk & Compliance Services SECURITY Risk & Compliance s V1 8/2010 Risk & Compliances s Risk & compliance services Summary Summary Trace3 offers a full and complete line of security assessment services designed to help you minimize

More information

Overview. Figure 1 - Penetration testing screenshot examples showing (i) PACS image and (ii) breached Electronic Health Record system

Overview. Figure 1 - Penetration testing screenshot examples showing (i) PACS image and (ii) breached Electronic Health Record system Contents Overview... 3 Why Should We Hack Our Own Systems?... 4 Healthcare is a Soft Target... 4 How About Those Compliance Requirements... 5 Breach Avoidance: Compliance Is Not Enough... 6 Supporting

More information

I ve been breached! Now what?

I ve been breached! Now what? I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have

More information

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave

More information

Protecting against cyber threats and security breaches

Protecting against cyber threats and security breaches Protecting against cyber threats and security breaches IBM APT Survival Kit Alberto Benavente Martínez abenaventem@es.ibm.com IBM Security Services Jun 11, 2015 (Madrid, Spain) 12015 IBM Corporation So

More information

Advanced Persistent Threats

Advanced Persistent Threats White Paper INTRODUCTION Although most business leaders and IT managers believe their security technologies adequately defend against low-level threats, instances of (APTs) have increased. APTs, which

More information

Universities and Schools Under Cyber-Attack: How to Protect Your Institution of Excellence

Universities and Schools Under Cyber-Attack: How to Protect Your Institution of Excellence Universities and Schools Under Cyber-Attack: How to Protect Your Institution of Excellence About ERM About The Speaker Information Security Expert at ERM B.S. Software Engineering and Information Technology

More information

Compliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's:

Compliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's: Security.01 Penetration Testing.02 Compliance Review.03 Application Security Audit.04 Social Engineering.05 Security Outsourcing.06 Security Consulting.07 Security Policy and Program.08 Training Services

More information

Recent Developments in PCI DSS. PCI in the Headlines Risks to Higher Education PCI DSS Version 1.2

Recent Developments in PCI DSS. PCI in the Headlines Risks to Higher Education PCI DSS Version 1.2 Recent Developments in PCI DSS PCI in the Headlines Risks to Higher Education PCI DSS Version 1.2 1 2009 Breach Investigation Who did it? 74% external parties 20% insiders 32% implicated business partners

More information

The Essentials Series. PCI Compliance. sponsored by. by Rebecca Herold

The Essentials Series. PCI Compliance. sponsored by. by Rebecca Herold The Essentials Series PCI Compliance sponsored by by Rebecca Herold Using PCI DSS Compliant Log Management to Identify Attacks from Outside the Enterprise...1 Outside Attacks Impact Business...1 PCI DSS

More information

Redhawk Network Security, LLC 62958 Layton Ave., Suite One, Bend, OR 97701 sales@redhawksecurity.com 866-605- 6328 www.redhawksecurity.

Redhawk Network Security, LLC 62958 Layton Ave., Suite One, Bend, OR 97701 sales@redhawksecurity.com 866-605- 6328 www.redhawksecurity. Planning Guide for Penetration Testing John Pelley, CISSP, ISSAP, MBCI Long seen as a Payment Card Industry (PCI) best practice, penetration testing has become a requirement for PCI 3.1 effective July

More information

McAfee Database Security. Dan Sarel, VP Database Security Products

McAfee Database Security. Dan Sarel, VP Database Security Products McAfee Database Security Dan Sarel, VP Database Security Products Agenda Databases why are they so frail and why most customers Do very little about it? Databases more about the security problem Introducing

More information

Data Center security trends

Data Center security trends Data Center security trends Tomislav Tucibat Major accounts Manager, Adriatic Copyright Fortinet Inc. All rights reserved. IT Security evolution How did threat market change over the recent years? Problem:

More information

The Top Web Application Attacks: Are you vulnerable?

The Top Web Application Attacks: Are you vulnerable? QM07 The Top Web Application Attacks: Are you vulnerable? John Burroughs, CISSP Sr Security Architect, Watchfire Solutions jburroughs@uk.ibm.com Agenda Current State of Web Application Security Understanding

More information

What Do You Mean My Cloud Data Isn t Secure?

What Do You Mean My Cloud Data Isn t Secure? Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there

More information

Building The Human Firewall. Andy Sawyer, CISM, C CISO Director of Security Locke Lord

Building The Human Firewall. Andy Sawyer, CISM, C CISO Director of Security Locke Lord Building The Human Firewall Andy Sawyer, CISM, C CISO Director of Security Locke Lord Confidentiality, Integrity, Availability Benchmarks of Cybersecurity: Confidentiality Information is protected against

More information

Cyber Security for SCADA/ICS Networks

Cyber Security for SCADA/ICS Networks Cyber Security for SCADA/ICS Networks GANESH NARAYANAN HEAD-CONSULTING CYBER SECURITY SERVICES www.thalesgroup.com Increasing Cyber Attacks on SCADA / ICS Systems 2 What is SCADA Supervisory Control And

More information

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks

More information

Advice from the Trenches: Preparing for the Challenges and Pressures of a Security Incident Investigation

Advice from the Trenches: Preparing for the Challenges and Pressures of a Security Incident Investigation Advice from the Trenches: Preparing for the Challenges and Pressures of a Security Incident Investigation Marshall Heilman Managing Director Craig A. Hoffman Partner Who we are Marshall Heilman Craig Hoffman

More information

Incident Response. Six Best Practices for Managing Cyber Breaches. www.encase.com

Incident Response. Six Best Practices for Managing Cyber Breaches. www.encase.com Incident Response Six Best Practices for Managing Cyber Breaches www.encase.com What We ll Cover Your Challenges in Incident Response Six Best Practices for Managing a Cyber Breach In Depth: Best Practices

More information

Penetration Testing Services. Demonstrate Real-World Risk

Penetration Testing Services. Demonstrate Real-World Risk Penetration Testing Services Demonstrate Real-World Risk Penetration Testing Services The best way to know how intruders will actually approach your network is to simulate a real-world attack under controlled

More information

Attribution: The Holy Grail or Waste of Time? Billy Leonard Google Should this be the end, our Holy Grail? How s that picture going to help you now? But, the pictures make me safer! We can do better. Our

More information

Into the cybersecurity breach

Into the cybersecurity breach Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing

More information

Understanding the Advanced Threat Landscape an MSPs Guide. IT Security: Enabled

Understanding the Advanced Threat Landscape an MSPs Guide. IT Security: Enabled Understanding the Advanced Threat Landscape an MSPs Guide IT Security: Enabled 1.0 Cutting through the APT hype to help your clients prevent, detect and mitigate advanced threats Sophisticated cyber-espionage

More information

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current

More information

Application Security in the Software Development Lifecycle

Application Security in the Software Development Lifecycle Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO

More information

Course Descriptions November 2014

Course Descriptions November 2014 Master of Science In Information Security Management Course Descriptions November 2014 Master of Science in Information Security Management The Master of Science in Information Security Management (MSISM)

More information

INDUSTRY OVERVIEW: HEALTHCARE

INDUSTRY OVERVIEW: HEALTHCARE ii IBM MSS INDUSTRY OVERVIEW: HEALTHCARE RESEARCH AND INTELLIGENCE REPORT RELEASE DATE: OCTOBER 7, 2014 BY: JOHN KUHN, SENIOR THREAT RESEARCHER iii TABLE OF CONTENTS EXECUTIVE OVERVIEW/KEY FINDINGS...

More information

Surviving and operating services despite highly skilled and well-funded organised crime groups. Romain Wartel, CERN CHEP 2015, Okinawa

Surviving and operating services despite highly skilled and well-funded organised crime groups. Romain Wartel, CERN CHEP 2015, Okinawa Surviving and operating services despite highly skilled and well-funded organised crime groups Romain Wartel, CERN CHEP 2015, Okinawa 1 Operation Windigo (2011 - now) 30,000+ unique servers compromised

More information

Speaker Info Tal Be ery

Speaker Info Tal Be ery Battlefield Network Speaker Info Tal Be ery Senior Security Research Manager @Microsoft Former VP for Research @Aorato (Acquire by Microsoft) 15 years of security research Author of the TIME attack on

More information

Cyber Security Management

Cyber Security Management Cyber Security Management Focusing on managing your IT Security effectively. By Anthony Goodeill With the news cycles regularly announcing a recurrently theme of targets of hacker attacks and companies

More information

2012 North Dakota Information Technology Security Audit Vulnerability Assessment and Penetration Testing Summary Report

2012 North Dakota Information Technology Security Audit Vulnerability Assessment and Penetration Testing Summary Report 2012 North Dakota Information Technology Security Audit Vulnerability Assessment and Penetration Testing Summary Report 28 September 2012 Submitted to: Donald Lafleur IS Audit Manager ND State Auditor

More information

The Mile High Denver Chapter of ARMA welcomes you to our virtual meeting!

The Mile High Denver Chapter of ARMA welcomes you to our virtual meeting! The Mile High Denver Chapter of ARMA welcomes you to our virtual meeting! March 18 th Meeting ediscovery and Social Media -- What Records Managers Need to Know By: Kelly Twigger Americans spend an average

More information

Developing Secure Software in the Age of Advanced Persistent Threats

Developing Secure Software in the Age of Advanced Persistent Threats Developing Secure Software in the Age of Advanced Persistent Threats ERIC BAIZE EMC Corporation DAVE MARTIN EMC Corporation Session ID: ASEC-201 Session Classification: Intermediate Our Job: Keep our Employer

More information

Malicious Network Traffic Analysis

Malicious Network Traffic Analysis Malicious Network Traffic Analysis Uncover system intrusions by identifying malicious network activity. There are a tremendous amount of network based attacks to be aware of on the internet today and the

More information

TESTING OUR SECURITY DEFENCES

TESTING OUR SECURITY DEFENCES INFOSECURITY WITH PLYMOUTH UNIVERSITY TESTING OUR SECURITY DEFENCES Dr Maria Papadaki maria.papadaki@plymouth.ac.uk 1 1 Do we need to test our defences? Can penetration testing help to improve security?

More information

Cyber - Security and Investigations. Ingrid Beierly August 18, 2008

Cyber - Security and Investigations. Ingrid Beierly August 18, 2008 Cyber - Security and Investigations Ingrid Beierly August 18, 2008 Agenda Visa Cyber - Security and Investigations Today s Targets Recent Attack Patterns Hacking Statistics (removed) Top Merchant Vulnerabilities

More information

Protecting Your POS System from PoSeidon and Other Malware Attacks

Protecting Your POS System from PoSeidon and Other Malware Attacks Protecting Your POS System from PoSeidon and Other Malware Attacks A Multi-tier, Defense in Depth Strategy for Securing Point of Sale Systems from Remote Access Attacks Retailers are being threatened by

More information

TOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY. Mark Villinski @markvillinski

TOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY. Mark Villinski @markvillinski TOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY Mark Villinski @markvillinski Why do we have to educate employees about cybersecurity? 2014 Corporate Threats Survey 94% of business s suffered one

More information

Penetration Testing Using The Kill Chain Methodology

Penetration Testing Using The Kill Chain Methodology Penetration Testing Using The Kill Chain Methodology Presented by: Rupert Edwards This course is intended for a technically astute audience.this course is 98% hands on.the attendee should have some basic

More information

Penetration Testing Walkthrough

Penetration Testing Walkthrough Penetration Testing Walkthrough Table of Contents Penetration Testing Walkthrough... 3 Practical Walkthrough of Phases 2-5... 4 Chose Tool BackTrack (Armitage)... 5 Choose Target... 6 Phase 2 - Basic Scan...

More information

SecurityMetrics Introduction to PCI Compliance

SecurityMetrics Introduction to PCI Compliance SecurityMetrics Introduction to PCI Compliance Card Data Compromise What is a card data compromise? A card data compromise occurs when payment card information is stolen from a merchant. Some examples

More information

Give Vendors Access to the Data They Need NOT Access to Your Network

Give Vendors Access to the Data They Need NOT Access to Your Network Give Vendors Access to the Data They Need NOT Access to Your Network Acumera AirGap Architecture By the year 2020 just five years from now it is estimated that 25 billion devices will be connected to the

More information

What s Lurking in Your Network & The Business Impact of Data Breaches. Colby Clark Director of Incident Management FishNet Security

What s Lurking in Your Network & The Business Impact of Data Breaches. Colby Clark Director of Incident Management FishNet Security What s Lurking in Your Network & The Business Impact of Data Breaches Colby Clark Director of Incident Management FishNet Security Who am I? Colby Clark is the Director of Incident Management at Fishnet

More information

Internet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM

Internet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM Internet Security Protecting Your Business Hayden Johnston & Rik Perry WYSCOM Introduction Protecting Your Network Securing Your Information Standards & Best Practices Tools & Options Into The Future Creating

More information

Jumpstarting Your Security Awareness Program

Jumpstarting Your Security Awareness Program Jumpstarting Your Security Awareness Program Michael Holcomb Director, Information Security HO20110473 1 Jumpstarting Your Security Awareness Program Classification: Confidential Owner: Michael Holcomb

More information

Why The Security You Bought Yesterday, Won t Save You Today

Why The Security You Bought Yesterday, Won t Save You Today 9th Annual Courts and Local Government Technology Conference Why The Security You Bought Yesterday, Won t Save You Today Ian Robertson Director of Information Security Michael Gough Sr. Risk Analyst About

More information

Defending Against Data Beaches: Internal Controls for Cybersecurity

Defending Against Data Beaches: Internal Controls for Cybersecurity Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity

More information

TODAY S AGENDA. Trends/Victimology. Incident Response. Remediation. Disclosures

TODAY S AGENDA. Trends/Victimology. Incident Response. Remediation. Disclosures TODAY S AGENDA Trends/Victimology Incident Response Remediation Disclosures Trends/Victimology ADVERSARY CLASSIFICATIONS SOCIAL ENGINEERING DATA SOURCES COVERT INDICATORS - METADATA METADATA data providing

More information

We ve been hacked! We did it! Rick Grandy Lockheed Martin Hanford Site

We ve been hacked! We did it! Rick Grandy Lockheed Martin Hanford Site We ve been hacked! We did it! Rick Grandy Lockheed Martin Hanford Site April 18, 2012 Outline Motivation What is Pen Testing? Establishing the Program Our Approach Pen Test Results Conclusion DOE Hanford

More information

Developing National Frameworks & Engaging the Private Sector

Developing National Frameworks & Engaging the Private Sector www.pwc.com Developing National Frameworks & Engaging the Private Sector Focus on Information/Cyber Security Risk Management American Red Cross Disaster Preparedness Summit Chicago, IL September 19, 2012

More information

Penetration Testing //Vulnerability Assessment //Remedy

Penetration Testing //Vulnerability Assessment //Remedy A Division Penetration Testing //Vulnerability Assessment //Remedy In Penetration Testing, part of a security assessment practice attempts to simulate the techniques adopted by an attacker in compromising

More information

DMZ Gateways: Secret Weapons for Data Security

DMZ Gateways: Secret Weapons for Data Security A L I N O M A S O F T W A R E W H I T E P A P E R DMZ Gateways: Secret Weapons for Data Security A L I N O M A S O F T W A R E W H I T E P A P E R DMZ Gateways: Secret Weapons for Data Security EXECUTIVE

More information

Device Hardening, Vulnerability Remediation and Mitigation for Security Compliance

Device Hardening, Vulnerability Remediation and Mitigation for Security Compliance Device Hardening, Vulnerability Remediation and Mitigation for Security Compliance Produced on behalf of New Net Technologies by STEVE BROADHEAD BROADBAND TESTING 2010 broadband testing and new net technologies

More information

ENDPOINT SECURITY WHITE PAPER. Endpoint Security and Advanced Persistent Threats WWW.COMODO.COM

ENDPOINT SECURITY WHITE PAPER. Endpoint Security and Advanced Persistent Threats WWW.COMODO.COM WHITE PAPER Endpoint Security and Advanced Persistent Threats The Invisible Threat They re out there waiting. Sitting at their computers hoping for you to make a mistake. And you will. Because no one is

More information

Continuous Network Monitoring

Continuous Network Monitoring Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment

More information

Advanced Threat Protection with Dell SecureWorks Security Services

Advanced Threat Protection with Dell SecureWorks Security Services Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5

More information

PCI DSS Overview and Solutions. Anwar McEntee Anwar_McEntee@rapid7.com

PCI DSS Overview and Solutions. Anwar McEntee Anwar_McEntee@rapid7.com PCI DSS Overview and Solutions Anwar McEntee Anwar_McEntee@rapid7.com Agenda Threat environment and risk PCI DSS overview Who we are Solutions and where we can help Market presence High Profile Hacks in

More information

Are You A Sitting Duck?

Are You A Sitting Duck? The 7 Most Cricitcal I.T. Security Protections Every Business Must Have in Place Now to Protect Themselves from Cybercrime, Data Breaches, and Hacker Attacks Cybercrime is at an all-time high, and hackers

More information

Data Security for the Hospitality

Data Security for the Hospitality M&T Bank and SecurityMetrics Present: Data Security for the Hospitality Industry Featuring Lee Pierce, SecurityMetricsStrategicStrategic Accounts Dave Ellis, SecurityMetrics Forensic Investigator Doug

More information

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE

More information

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS) CORE Security and the Payment Card Industry Data Security Standard (PCI DSS) Addressing the PCI DSS with Predictive Security Intelligence Solutions from CORE Security CORE Security +1 617.399-6980 info@coresecurity.com

More information

Cloud Security Primer MALICIOUS NETWORK COMMUNICATIONS: WHAT ARE YOU OVERLOOKING?

Cloud Security Primer MALICIOUS NETWORK COMMUNICATIONS: WHAT ARE YOU OVERLOOKING? A Cloud Security Primer : WHAT ARE YOU OVERLOOKING? LEGAL DISCLAIMER The information provided herein is for general information and educational purposes only. It is not intended and should not be construed

More information

Metric Matters. Dain Perkins, CISSP Dain.Perkins@gmail.com

Metric Matters. Dain Perkins, CISSP Dain.Perkins@gmail.com Metric Matters Dain Perkins, CISSP Dain.Perkins@gmail.com My Perspective Information security metrics do not show us how we need to improve our defenses Image: http://abcnews.go.com/sports/2014-fifa-world-cup-us-goalie-tim-howard/story?id=24400295

More information

Securing Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group

Securing Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group Securing Your Web Application against security vulnerabilities Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group Agenda Security Landscape Vulnerability Analysis Automated Vulnerability

More information

SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper. Safeguarding data through increased awareness

SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper. Safeguarding data through increased awareness SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper Safeguarding data through increased awareness November 2015 1 Contents Executive Summary 3 Introduction 4 Martime Security 5 Perimeters Breached

More information

DSL and Cable Modems: The Dangers of Having a Static IP Address

DSL and Cable Modems: The Dangers of Having a Static IP Address DSL and Cable Modems: The Dangers of Having a Static IP Address By Joe Edwards ECE 478 Spring 2000 1.0 Introduction As computer technology continues to rapidly progress, more and more people are abandoning

More information