Defending against Cyber Attacks
|
|
- Marilyn Reed
- 8 years ago
- Views:
Transcription
1 2015 AMC Privacy & Security Conference Defending against Cyber Attacks MICHAEL DOCKERY CHRIS BEAL PAUL HOWELL Security & Privacy Track June 24, 2015
2 In the News 2015 MCNC General Use v1.0
3 Healthcare Data Breaches April % increase in healthcare data breaches in % higher than rate across all industries Majority caused by human error and lost or stolen devices 44% of healthcare breaches due to lost or stolen devices Accidental disclosure due to human error up 11% in 2014 Targeting of patient medical info an increasing issue Breaches resulting from targeted attacks up 82% in 2014 Breaches resulting from insider theft nearly doubled in MCNC General Use v1.0
4 Why Are Attackers Interested In Healthcare Targets? Medical data sets tend to be more complete compared to what can be obtained elsewhere Government ID, bank and credit card info, insurance info, physical descriptors, health status Can be used for ID theft, financial fraud, prescription fraud, obtaining passports, visas or other ID Translates to higher value for attackers Credit card numbers may fetch from $0.50 to $1.00 ID and insurance info worth up to $10 or as high as $50 depending on completeness of the record MCNC General Use v1.0
5 Healthcare Data Breaches April MCNC General Use v1.0
6 Why s It Getting Tougher? Threats Have Evolved Attackers Are Smarter & More Efficient Users are More Mobile (BYOD) Data Is More Distributed Everything is Interconnected Short Supply Motivations Are Focused on Near-Term 2015 MCNC General Use v1.0
7 [ 7] R & E Networks Not Immune
8 [ 8]
9 Questions for Panel What do you think is the most significant cyber threat facing healthcare today? Outline a strategy for defending against cyber attacks? Determine what his/her organization can do to improve its security posture against cyber attacks?
10 [ 10 ] Simple DDoS Attack
11 [ 11 ] Man in the Middle Attack
12 DDoS Bandwidth Use Source: Arbor Networks [ 12 ]
13 Multi-Vector and Adaptive Source: Coreo Network Security [ 13 ]
14 Defenses Watch what s happening on the network. Know which systems depend on external Internet access. Get an alternative to . Secure your teleconferences. Send your conference passcode securely, not in the body of your calendar invite. Be ready for total shutdown, if necessary. Ask your ISP about their capabilities. Consider mitigation such as scrubbing services. For very large attacks, consider contacting a DDoS mitigation company. [ 14 ]
15 Defenses US-CERT Alert TA15-120A Securing End to End Communications Employing multiple network and browser protection methods forces an attacker to develop different tactics, techniques, and procedures to circumvent the new security configuration. Use VPNs and HTTPS Prepare your people for these advanced attacks by educating them on the dynamics, patterns, samples and frequency of attack methods attempted on other organizations. [ 15 ]
16 SIEM and Endpoint Failures Due to Inability to Detect Malware Mine for Windows Codes Indicative of Malware 1. Implement Malware Cheat Sheet Logging Recommendations Be prepared for incident and have logs available 2. Focus on codes that are indicative of Malware See Michael Gough s tutorials and slide shares Monitor CMD.EXE usage Process Create 4688 File/Registry Auditing 4663 Service Changed 4070 User Login Success 4624 Share Accessed Use analytics where possible to look for indicators of partner compromise. 4. Remove admin and ban usage/internet access using admin credentials
17 Analytics You May Already Have Source Proofpoint Malicious Links from Partners
18 Malicious Link Sorted for a Year by Partner, Source Proofpoint
19 Individual Partner Threat Report: Malicious Links, Source Proofpoint
20 Panel Questions What is working right now in Cyber Defense and what is broken? What are your go to resources which are giving you an edge? Any magic bullets?
21 Where To Begin? 2015 MCNC General Use v1.0
22 The Critical Security Controls A ready-made list of the things you should be thinking about and doing to protect your assets This is your map! What Are They? While not a replacement for a formal Risk Management program or framework, you can consider the controls as a foundational risk assessment A starting point for immediate, high-value action that is demonstrably consistent with formal risk assessment frameworks Not a on-size-fits-all solution. You still need to understand what s important to your business, your specific threat environment, and develop a plan for assessment, implementation, and ongoing management MCNC General Use v1.0
23 5 Critical Tenets 1 Offense Informs Defense Use knowledge of actual attacks that have compromised systems to provide the foundation to continually learn from these events to build effective, practical defenses. Include only those controls that can be shown to stop known realworld attacks. 2 Prioritization Invest first in Controls that will provide the greatest risk reduction and protection against the most dangerous threat actors, and that can be feasibly implemented in your computing environment. 3 Metrics Establish common metrics to provide a shared language for executives, IT specialists, auditors, and security officials to measure the effectiveness of security measures within an organization so that required adjustments can be identified and implemented quickly. 4 Continuous Diagnosis and Mitigation Carry out continuous measurement to test and validate the effectiveness of current security measures, and to help drive the priority of next steps. 5 Automation Automate defenses so that organizations can achieve reliable, scalable, and continuous measurements of their adherence to the Controls and related metrics MCNC General Use v1.0 Of an Effective Cyber Defense System
24 The Critical Security Controls 2015 MCNC General Use v1.0
25 Example CSC 5 What? Control the installation, spread, and execution of malicious code at multiple points in the enterprise, while optimizing the use of automation to enable rapid updating of defense, data gathering, and corrective action. Why? Malware Defenses Malware is pervasive and used in the majority of modern attacks and data breaches, in order to compromise systems and account credentials 2015 MCNC General Use v1.0
26 Example CSC MCNC General Use v1.0 Malware Defenses ID # Description Category CSC 5-1 CSC 5-2 Use automated tools such as anti-virus, anti-spyware, host-based firewalls, and host-based IPS to continuously monitor systems for indicators of malware. Use anti-malware software that offers remote, cloud-based centralized management infrastructure to share intelligence and update managed systems. Quick Win Quick Win CSC 5-3 Disable auto-run feature for removable media and network shares. Quick Win CSC 5-4 Automatically scan removable media for malware upon connection to a system. Quick Win CSC 5-5 Scan all and block messages containing malicious content. Quick Win CSC 5-6 Enable features such as DEP, ASLR, containerization, etc. Quick Win CSC 5-7 Limit use of external devices to only where it is required. Quick Win CSC 5-8 Ensure that automated monitoring tools use behavior-based anomaly detection in addition to signature based detection. Visibility CSC 5-9 Use network-based malware scanning tools to detect and filter network traffic. Visibility CSC 5-10 Implement IR process to collect malware samples found to be running that were not caught by existing malware defenses. Advanced CSC 5-11 Enable DNS query logging to detect lookups for known bad sites. Advanced
27 First Five Quick Wins 1 Application Whitelisting CSC2 2 Use of Standard, Secure System Configurations CSC 3 3 Patch Application Software Within 48 Hours CSC 4 4 Patch System Software Within 48 Hours CSC4 5 Reduce Number of Users With Administrative Privileges CSC 3, CSC MCNC General Use v1.0
28 The Top 4 Strategies 1 Application Whitelisting Explicitly define the applications that are allowed to run on a system 2 Patch Applications Keep applications updated 3 Patch the Operating System Keep the OS and core components updated 4 Minimize Administrative Privileges Limit the power that users have on systems and what they are allowed to change 2015 MCNC General Use v1.0
29 Resources VER pdf Spotting the Adversary Windows Event Log Monitoring TSA SG NSA/CSS Information Assurance Service og_monitoring.pdf Windows Logging Cheat Sheet cheat sheet v11?related=4 Michael Gough s Logging Slides, Slideshare Episode #388 Paul s Security Weekly
30 Thank You Chris Beal Chief Security Architect on Twitter Paul Howell Internet2 Chief Cyberinfrastructure Security Officer Michael Dockery Information Security Officer Cincinnati Insurance Companies Disclaimer: The author s affiliation with The Cincinnati Insurance Companies is provided for identification purposes only, and is not intended to convey or imply Cincinnati Insurance s concurrence with, or support for, the positions, opinions, or viewpoints expressed by the author AMC Privacy & Security Conference
Critical Security Controls
Critical Security Controls Session 2: The Critical Controls v1.0 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter The Critical Security Controls The Critical Security
More informationTop 20 Critical Security Controls
Top 20 Critical Security Controls July 2015 Contents Compliance Guide 01 02 03 04 Introduction 1 How Rapid7 Can Help 2 Rapid7 Solutions for the Critical Controls 3 About Rapid7 11 01 INTRODUCTION The Need
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationIBM QRadar Security Intelligence April 2013
IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence
More informationO N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response workflow guide. This guide has been created especially for you for use in within your security
More informationThe webinar will begin shortly
The webinar will begin shortly An Introduction to Security Intelligence Presented by IBM Security Chris Ross Senior Security Specialist, IBM Security Agenda The Security Landscape An Introduction to Security
More informationSecuring OS Legacy Systems Alexander Rau
Securing OS Legacy Systems Alexander Rau National Information Security Strategist Sample Agenda 1 Today s IT Challenges 2 Popular OS End of Support & Challenges for IT 3 How to protect Legacy OS systems
More informationCS 356 Lecture 25 and 26 Operating System Security. Spring 2013
CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control
More informationCyber Security Metrics Dashboards & Analytics
Cyber Security Metrics Dashboards & Analytics Feb, 2014 Robert J. Michalsky Principal, Cyber Security NJVC, LLC Proprietary Data UNCLASSIFIED Agenda Healthcare Sector Threats Recent History Security Metrics
More informationCompliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.
ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework
More informationLarry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping
Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control
More informationThe Role of Security Monitoring & SIEM in Risk Management
The Role of Security Monitoring & SIEM in Risk Management Jeff Kopec, MS, CISSP Cyber Security Architect Oakwood Healthcare Jeff Bell, CISSP, GSLC, CPHIMS, ACHE Director, IT Security & Risk Services CareTech
More informationGuideline on Auditing and Log Management
CMSGu2012-05 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Auditing and Log Management National Computer Board Mauritius
More information24/7 Visibility into Advanced Malware on Networks and Endpoints
WHITEPAPER DATA SHEET 24/7 Visibility into Advanced Malware on Networks and Endpoints Leveraging threat intelligence to detect malware and exploitable vulnerabilities Oct. 24, 2014 Table of Contents Introduction
More informationSound Business Practices for Businesses to Mitigate Corporate Account Takeover
Sound Business Practices for Businesses to Mitigate Corporate Account Takeover This white paper provides sound business practices for companies to implement to safeguard against Corporate Account Takeover.
More informationASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES
ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More informationEmerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA
Emerging Network Security Threats and what they mean for internal auditors December 11, 2013 John Gagne, CISSP, CISA 0 Objectives Emerging Risks Distributed Denial of Service (DDoS) Attacks Social Engineering
More informationWeb Security. Discovering, Analyzing and Mitigating Web Security Threats
Web Security Discovering, Analyzing and Mitigating Web Security Threats Expectations and Outcomes Mitigation strategies from an infrastructure, architecture, and coding perspective Real-world implementations
More informationDescription of Actual State Sensor Types for the Software Asset Management (SWAM) Capability. 7 Jul 2014
Description of Actual State Sensor Types for the Software Asset Management (SWAM) Capability 7 Jul 2014 1 Purpose This document is intended to provide insight on the types of tools and technologies that
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationThe Cloud App Visibility Blindspot
The Cloud App Visibility Blindspot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Introduction Today, enterprise assets are more at risk than ever before
More informationVladimir Yordanov Director of Technology F5 Networks, Asia Pacific v.yordanov@f5.com. Developments in Web Application and Cloud Security
Vladimir Yordanov Director of Technology F5 Networks, Asia Pacific v.yordanov@f5.com Developments in Web Application and Cloud Security Forces of Change Workforce and IT trends 2 Applications 3 Web Application
More informationREVOLUTIONIZING ADVANCED THREAT PROTECTION
REVOLUTIONIZING ADVANCED THREAT PROTECTION A NEW, MODERN APPROACH Blue Coat Advanced Threat Protection Group GRANT ASPLUND Senior Technology Evangelist 1 WHY DO I STAND ON MY DESK? "...I stand upon my
More informationDDoS Threat Report. Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter
DDoS Threat Report Insights on Finding, Fighting, and Living with DDoS Attacks v1.1 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter DDoS in the News - 2014 DDoS Trends
More informationComprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)
Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware
More informationContent Security: Protect Your Network with Five Must-Haves
White Paper Content Security: Protect Your Network with Five Must-Haves What You Will Learn The continually evolving threat landscape is what makes the discovery of threats more relevant than defense as
More informationBeyond Check The Box
Beyond Check The Box Powering Intrusion Investigations PRESENTED BY: Jim Aldridge 27 MARCH 2014 Five Important Capabilities Mapping an IP address to a hostname Identifying the systems to which a specified
More informationTechnical Testing. Network Testing DATA SHEET
DATA SHEET Technical Testing Network Testing The Dell SecureWorks Technical Testing services deliver the independent expertise, experience and perspective you need to enhance your security posture, reduce
More informationThe Role of Threat Intelligence and Layered Security for Intrusion Prevention in the Post-Target Breach Era
The Role of Threat Intelligence and Layered Security for Intrusion Prevention in the Post-Target Breach Era Dave Plzak Security Evangelist Sentinel IPS davep@econet.com * Agenda Review of the current Network
More informationAddressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense
A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical
More informationRedefining SIEM to Real Time Security Intelligence
Redefining SIEM to Real Time Security Intelligence David Osborne Security Architect September 18, 2012 Its not paranoia if they really are out to get you Malware Malicious Insiders Exploited Vulnerabilities
More informationI ve been breached! Now what?
I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have
More informationFull-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform
Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Solution Brief Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Finding
More informationPerforming Advanced Incident Response Interactive Exercise
Performing Advanced Incident Response Interactive Exercise Post-Conference Summary Merlin Namuth Robert Huber SCENARIO 1 - PHISHING EMAILS... 3... 3 Mitigations... 3 SCENARIO 2 - IDS ALERT FOR PSEXEC...
More informationBreach Findings for Large Merchants. 28 January 2015 Glen Jones Cyber Intelligence and Investigation Lester Chan Payment System Security
Breach Findings for Large Merchants 28 January 2015 Glen Jones Cyber Intelligence and Investigation Lester Chan Payment System Security Disclaimer The information or recommendations contained herein are
More informationSmarter Security for Smarter Local Government. Craig Sargent, Solutions Specialist
Smarter Security for Smarter Local Government Craig Sargent, Solutions Specialist SUMMARY 1 Trustwave and SpiderLabs 2 Penetration Testing 3 Web Application Firewall (WAF) 4 Security Information & Event
More informationEvolution Of Cyber Threats & Defense Approaches
Evolution Of Cyber Threats & Defense Approaches Antony Abraham IT Architect, Information Security, State Farm Kevin McIntyre Tech Lead, Information Security, State Farm Agenda About State Farm Evolution
More informationThe Role of Threat Intelligence and Layered Security for Intrusion Prevention in the Post-Target Breach Era
The Role of Threat Intelligence and Layered Security for Intrusion Prevention in the Post-Target Breach Era Ted Gruenloh Director of Operations Sentinel IPS * Agenda! Review of the current Network Security
More informationCyber intelligence in an online world
Cyber intelligence in an online world James Hanlon CISM, CISSP, CMI Cyber Strategy & GTM, EMEA Cyber intelligence in an online world SYMANTEC VISION SYMPOSIUM 2014 2 Software and data powers the world
More informationMicrosoft s cybersecurity commitment
Microsoft s cybersecurity commitment Published January 2015 At Microsoft, we take the security and privacy of our customers data seriously. This focus has been core to our culture for more than a decade
More informationEcom Infotech. Page 1 of 6
Ecom Infotech Page 1 of 6 Page 2 of 6 IBM Q Radar SIEM Intelligence 1. Security Intelligence and Compliance Analytics Organizations are exposed to a greater volume and variety of threats and compliance
More informationCALNET 3 Category 7 Network Based Management Security. Table of Contents
State of California IFB STPD 12-001-B CALNET 3 Category 7 Network Based Security Table of Contents 7.2.1.4.a DDoS Detection and Mitigation Features... 1 7.2.2.3 Email Monitoring Service Features... 2 7.2.3.2
More informationPerspectives on Cybersecurity in Healthcare June 2015
SPONSORED BY Perspectives on Cybersecurity in Healthcare June 2015 Workgroup for Electronic Data Interchange 1984 Isaac Newton Square, Suite 304, Reston, VA. 20190 T: 202-618-8792/F: 202-684-7794 Copyright
More informationSecurity Controls Implementation Plan
GIAC Enterprises Security Controls Implementation Plan Group Discussion and Written Project John Hally, Erik Couture 08/07/2011 Table of Contents Executive Summary 3 Introduction 3 Security Controls Implementation
More informationA HELPING HAND TO PROTECT YOUR REPUTATION
OVERVIEW SECURITY SOLUTIONS A HELPING HAND TO PROTECT YOUR REPUTATION CONTENTS INFORMATION SECURITY MATTERS 01 TAKE NOTE! 02 LAYERS OF PROTECTION 04 ON GUARD WITH OPTUS 05 THREE STEPS TO SECURITY PROTECTION
More informationSIEM is only as good as the data it consumes
SIEM is only as good as the data it consumes Key Themes The traditional Kill Chain model needs to be updated due to the new cyber landscape A new Kill Chain for detection of The Insider Threat needs to
More informationAMPLIFYING SECURITY INTELLIGENCE
AMPLIFYING SECURITY INTELLIGENCE WITH BIG DATA AND ADVANCED ANALYTICS Chris Meenan Senior Product Manager, Security Intelligence 1 IBM Security Systems Welcome to a Not So Friendly Cyber World Biggest
More informationModern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth
Modern Cyber Threats how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure Axel Wirth Healthcare Solutions Architect Distinguished Systems Engineer AAMI 2013 Conference
More informationCORE Security and the Payment Card Industry Data Security Standard (PCI DSS)
CORE Security and the Payment Card Industry Data Security Standard (PCI DSS) Addressing the PCI DSS with Predictive Security Intelligence Solutions from CORE Security CORE Security +1 617.399-6980 info@coresecurity.com
More informationEnabling Security Operations with RSA envision. August, 2009
Enabling Security Operations with RSA envision August, 2009 Agenda What is security operations? How does RSA envision help with security operations? How does RSA envision fit with other EMC products? If
More informationAdvanced Threat Protection with Dell SecureWorks Security Services
Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More informationExtreme Networks Security Analytics G2 Vulnerability Manager
DATA SHEET Extreme Networks Security Analytics G2 Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution HIGHLIGHTS Help prevent security breaches by discovering
More informationIntegrating MSS, SEP and NGFW to catch targeted APTs
#SymVisionEmea #SymVisionEmea Integrating MSS, SEP and NGFW to catch targeted APTs Tom Davison Information Security Practice Manager, UK&I Antonio Forzieri EMEA Solution Lead, Cyber Security 2 Information
More informationDefend Your Network with DNS Defeat Malware and Botnet Infections with a DNS Firewall
Defeat Malware and Botnet Infections with a DNS Firewall By 2020, 30% of Global 2000 companies will have been directly compromised by an independent group of cyberactivists or cybercriminals. How to Select
More informationSecurity Information & Event Management (SIEM)
Security Information & Event Management (SIEM) Peter Helms, Senior Sales Engineer, CISA, CISSP September 6, 2012 1 McAfee Security Connected 2 September 6, 2012 Enterprise Security How? CAN? 3 Getting
More informationIBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer
IBM Security QRadar SIEM & Fortinet / FortiAnalyzer Introducing new functionality for IBM QRadar Security Intelligence Platform: integration with Fortinet s firewalls and logs forwarded by FortiAnalyzer.
More informationAddressing Advanced Web Threats. Addressing Advanced Web Threats: Protect Your Data and Brand
Addressing Advanced Web Threats: Protect Your Data and Brand What You Will Learn From collaboration to communication to data access, the web is a mission-critical business tool. Enterprises rely on the
More informationWHITEPAPER. How a DNS Firewall Helps in the Battle against Advanced Persistent Threat and Similar Malware
WHITEPAPER How a DNS Firewall Helps in the Battle against Advanced Persistent Threat and Similar Malware How a DNS Firewall Helps in the Battle against Advanced As more and more information becomes available
More informationTHE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols
THE TOP 4 CONTROLS www.tripwire.com/20criticalcontrols THE TOP 20 CRITICAL SECURITY CONTROLS ARE RATED IN SEVERITY BY THE NSA FROM VERY HIGH DOWN TO LOW. IN THIS MINI-GUIDE, WE RE GOING TO LOOK AT THE
More informationConcierge SIEM Reporting Overview
Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts
More informationEnterprise Cybersecurity: Building an Effective Defense
Enterprise Cybersecurity: Building an Effective Defense Chris Williams Oct 29, 2015 14 Leidos 0224 1135 About the Presenter Chris Williams is an Enterprise Cybersecurity Architect at Leidos, Inc. He has
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationFind the needle in the security haystack
Find the needle in the security haystack Gunnar Kristian Kopperud Principal Presales Consultant Security & Endpoint Management Technology Day Oslo 1 Find the needle in the security haystack Manually deep
More informationSymantec Endpoint Protection 12.1.4
Data Sheet: Endpoint Security Overview provides unrivaled security across physical and virtual platforms and support for the latest operating systems-mac OS X 10.9 and Windows 8.1. Powered by Symantec
More informationHow to Practice Safely in an era of Cybercrime and Privacy Fears
How to Practice Safely in an era of Cybercrime and Privacy Fears Christina Harbridge INFORMATION PROTECTION SPECIALIST Information Security The practice of defending information from unauthorised access,
More informationCombating a new generation of cybercriminal with in-depth security monitoring
Cybersecurity Services Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored.
More informationSecurity Camp Conference Fine Art of Balancing Security & Privacy
Security Camp Conference Fine Art of Balancing Security & Privacy Kim Bilderback AT&T Director GovEd Cybersecurity Services kb7459@att.com August 21, 2014 Cybersecurity - The Threats Increase AT&T DDoS
More informationAnalyzing Security for Retailers An analysis of what retailers can do to improve their network security
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary
More informationHoneywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014
Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security
More informationPreparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE
More informationTHE BLIND SPOT IN THREAT INTELLIGENCE THE BLIND SPOT IN THREAT INTELLIGENCE
THE BLIND SPOT IN THREAT INTELLIGENCE THE BLIND SPOT IN THREAT INTELLIGENCE How application threat intelligence can make existing enterprise security infrastructures smarter THE BLIND SPOT IN THREAT INTELLIGENCE
More informationMiddle Class Economics: Cybersecurity Updated August 7, 2015
Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest
More informationDefend Your Network with DNS Defeat Malware and Botnet Infections with a DNS Firewall
Defeat Malware and Botnet Infections with a DNS Firewall By 2020, 30% of Global 2000 companies will have been directly compromised by an independent group of cyberactivists or cybercriminals. How to Select
More informationCisco Advanced Services for Network Security
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationReneaué Railton Sr. Informa2on Security Analyst, Duke Medicine Cyber Defense & Response
Reneaué Railton Sr. Informa2on Security Analyst, Duke Medicine Cyber Defense & Response Incident Response What is the most importance component of an Incident Response Program? Tools? Processes? Governance?
More informationEITC Lessons Learned: Building Our Internal Security Intelligence Capability
EITC Lessons Learned: Building Our Internal Security Intelligence Capability SESSION ID: SEC-W08 Tamer El Refaey Senior Director, Security Monitoring and Operations Emirates Integrated Telecommunications
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationCYBER SECURITY, A GROWING CIO PRIORITY
www.wipro.com CYBER SECURITY, A GROWING CIO PRIORITY Bivin John Verghese, Practitioner - Managed Security Services, Wipro Ltd. Contents 03 ------------------------------------- Abstract 03 -------------------------------------
More informationHow NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements
How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements I n t r o d u c t i o n The Payment Card Industry Data Security Standard (PCI DSS) was developed in 2004 by the PCI Security Standards
More informationTake the Red Pill: Becoming One with Your Computing Environment using Security Intelligence
Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence Chris Poulin Security Strategist, IBM Reboot Privacy & Security Conference 2013 1 2012 IBM Corporation Securing
More informationAdvanced Threats: The New World Order
Advanced Threats: The New World Order Gary Lau Technology Consulting Manager Greater China gary.lau@rsa.com 1 Agenda Change of Threat Landscape and Business Impact Case Sharing Korean Incidents EMC CIRC
More informationInfor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security
Technical Paper Plain talk about security When it comes to Cloud deployment, security is top of mind for all concerned. The Infor CloudSuite team uses best-practice protocols and a thorough, continuous
More informationSECURITY IN THE INTERNET OF THINGS
The Intelligence in the Internet of Things SECURITY IN THE INTERNET OF THINGS Lessons from the Past for the Connected Future By AJ Shipley, Senior Director, Security Solutions, Wind River INNOVATORS START
More informationLog Management, Compliance and Auditing
Log Management, Compliance and Auditing KR Information Security Solutions www.kriss.in 1 About KRISS Founded early 2008, by former Indian Naval Officers and Veterans with decades of experience in Information
More informationSecurity Business Intelligence Big Data for Faster Detection/Response
Security Business Intelligence Big Data for Faster Detection/Response SESSION ID: STU-R02B Stacy Purcell Security Architect Intel/IT Legal Notices This presentation is for informational purposes only.
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationFor more information on SQL injection, please refer to the Visa Data Security Alert, SQL Injection Attacks, available at www.visa.
Global Partner Management Notice Subject: Visa Data Security Alert Malicious Software and Internet Protocol Addresses Dated: April 10, 2009 Announcement: The protection of account information is a responsibility
More informationCombating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center
Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored. It takes an average
More informationBefore the DEPARTMENT OF COMMERCE Internet Policy Task Force
Before the DEPARTMENT OF COMMERCE Internet Policy Task Force In the Matter of Cybersecurity, Innovation Docket No. 100721305-0305-01 and the Internet Economy COMMENTS OF VeriSign, Inc Joe Waldron Director,
More informationManaging Business Risk
Managing Business Risk With Assurance Report Cards April 7, 2015 Table of Contents Introduction... 3 Cybersecurity is a Business Issue... 3 Standards, Control Objectives and Controls... 5 Standards and
More informationSECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION
SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION How ThreatBLADES add real-time threat scanning and alerting to the Analytics Platform INTRODUCTION: analytics solutions have become an essential weapon
More informationTASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices
Page 1 of 10 TSK- 040 Determine what PCI, NERC CIP cyber security standards are, which are applicable, and what requirements are around them. Find out what TRE thinks about the NERC CIP cyber security
More informationSeptember 20, 2013 Senior IT Examiner Gene Lilienthal
Cyber Crime September 20, 2013 Senior IT Examiner Gene Lilienthal The following presentation are views and opinions of the speaker and does not necessarily reflect the views of the Federal Reserve Bank
More informationStay ahead of insiderthreats with predictive,intelligent security
Stay ahead of insiderthreats with predictive,intelligent security Sarah Cucuz sarah.cucuz@spyders.ca IBM Security White Paper Executive Summary Stay ahead of insider threats with predictive, intelligent
More informationAgenda. 3 2012, Palo Alto Networks. Confidential and Proprietary.
Agenda Evolution of the cyber threat How the cyber threat develops Why traditional systems are failing Need move to application controls Need for automation 3 2012, Palo Alto Networks. Confidential and
More informationUsing SIEM for Real- Time Threat Detection
Using SIEM for Real- Time Threat Detection Presentation to ISSA Baltimore See and secure what matters Joe Magee CTO and Co-Founder March, 27 2013 About us Vigilant helps clients build and operate dynamic,
More informationHow we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz)
How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz) Domain.Local DC Client DomainAdmin Attack Operator Advise Protect Detect Respond
More information