Rich Baich Principal March 22, 2012
|
|
- Bernadette Howard
- 8 years ago
- Views:
Transcription
1 Cyber espionage The harsh reality of advanced security threats Rich Baich Principal March 22, 2012
2 Agenda Introductions Threat landscape update How organizations are responding Other discussion topics 1 Cyber espionage: The harsh reality of advanced security threats
3 Threat landscape update
4 The changing threat landscape The cybercrime landscape has evolved into a set of highly specialized criminal products and services that are able to target specific organizations, regions, and customer profiles by using a sophisticated set of malware exploits and anonymization systems which routinely evade present-day security controls. 3 Cyber espionage: The harsh reality of advanced security threats
5 The cyber underground economy An entire underground economy has been built for the purpose of stealing, packaging, and reselling electronic information. Cyber criminals have expanded their reach into other forms of information theft and are now selling access to private networks. Compromise Acquire Enrich and validate Sell Monetize Stolen Data Drop Sites Payment Gateways ecommerce Sites emoney On-Line Gambling Phishing Spammer Botnet Service Keyloggers Botnet Owner Data Validation Service Instant Messaging Carding Forums Bank Retailers Wire Transfer Drop Service Malware Distribution Service Data Acquisition Service Data Mining & Enrichment Data Sales Cashing Malware Authors Identity Collectors Credit Card Cashers Cyber Criminals Key: Malicious Code Related Roles Underground Services Criminal Communications 3 rd Party Enablers 4 Cyber espionage: The harsh reality of advanced security threats
6 An overview of Advanced Persistent Threats Advanced Persistent Threats (APTs) are modern, automated versions of traditional espionage. Goals Targets Brand damage Corporate espionage Military advantage Revenge Actors Domestic competitors Foreign competitors Foreign governments Hacktivist groups Rogue nations Board members IT administrators Key executives Privileged users Supply chain Support staff Tools Custom malware Packet capture tools Satellite imaging Targeted exploit tools Wireless surveillance 1. Target selection and research Horizontal exploitation opportunities Internet search engines Social networking sites Underground repositories Vertical and geographic exploitation targets 3. Maintaining access Command and control infrastructure Covert network tunnels Wireless surveillance 2. Exploitation and infiltration Distributing specialized malware Embedding field agents Social engineering Spear phishing System vulnerability exploitation 4. Exfiltration Encrypted outbound transmissions Hardware and software key loggers Rogue devices performing network packet captures 5 Cyber espionage: The harsh reality of advanced security threats
7 How are adversaries planning and carrying out attacks? Cyber adversaries, such as Hacktivists, collect open source intelligence in order to generate schemes and methodologies for carrying out well-planned attacks to achieve their tactical and strategic goals. Attack sequence Goals Denial of service Open source intelligence collection Intelligence analysis and review Attack planning and target selection Attack execution Social or Political Change Peer to peer networks Search engines Social networking Job sites Vulnerabilities System information Supply chain data Credentials Privileged users Available exploits Target information Target systems Target employees Anonymization Obfuscation Schedule Customer lists Control systems System and network access Patents and research Personal identity information Targets A cyber threat profile represents how cyber criminals perceive an organization. Financial data Intellectual property On-line credentials Protected health information Secret formulas System access 6 Cyber espionage: The harsh reality of advanced security threats
8 Tools and techniques Selecting and profiling targets Hacktivists are taking advantage of public open source intelligence found on the Internet to select specific people of interest to target. Roles and duties addresses User IDs Organizations Physical addresses Contact information Person of Interest Relationships Personal web sites Telephone numbers IP addresses Social network profiles Devices 7 Cyber espionage: The harsh reality of advanced security threats
9 Understanding the current threat landscape A review of recent breaches and developments in the cyber underground have identified several threat focus areas that require additional diligence and vigilance. Spear phishing Mobile malware Targeted exploits Zero day exploits Privileged users Mobile devices Supply chain Un-remediated vulnerabilities Board members Executives Personal Corporate Technology Data processing Services and applications Personal computers Key questions 1. What is leaving our network and where is it going? 3. Do we know what s running on our computers? 2. Who is really logging into our network and from where? 4. What information are we making available to a cyber adversar 8 Cyber espionage: The harsh reality of advanced security threats
10 How organizations are responding
11 The old approach for information security Reactive Perimeter security focus Information silos Signature based controls Inward facing Too many alerts Too much data Organization silos Resource constrained Manual analysis Threat Security Investigation isolated and Remediation incident reported contained Root cause analysis Security incidents are typically reported to an information security organization through a variety of different channels including other departments, external vendors, law enforcement, media outlets, and the public. Investigations typically take a considerable amount of time and often are plagued with missing or lost information that could have assisted significantly with understanding what happened Quickly finding and containing compromised devices can be very challenging in large distributed network environments. This process can often involve dispatching resources on-site to locate devices of interest. Remediation often involves having to reimage devices, which can take long period of times and also result in lost data and negative impacts to employee productivity. Root cause analysis often involves collecting and analyzing logs from multiple internal sources. In some cases, the true root cause is not determined due to a lack of consistent logging or missing cyber intelligence 10 Cyber espionage: The harsh reality of advanced security threats
12 Current cyber security challenges Our experience with our clients highlights the following challenges which organizations need to address: Current signature-based information security controls are not effective against sophisticated, evolving cyber threats and exploits. A large number of unique security appliances are generating even larger number of false positives and false negatives Lack of automated capability to rapidly identify, contain, analyze and remediate compromised devices. Information provided by various intelligence sources is often outdated, high level, and not actionable. Organizations lack technology and process capabilities for taking timely action on near real-time intelligence data. What kind of security controls are necessary to detect cyber threats that are currently flying under the security radar? How do we collect data from multiple disparate sources and generate normalized, enriched, and actionable information? How do we ensure that we can quickly find and contain compromised devices? How do we collect timely, relevant, and actionable cyber intelligence data? How can cyber intelligence data be used to automatically challenge or stop fraudulent transactions? 11 Cyber espionage: The harsh reality of advanced security threats
13 Developments, trends, and strategies Development Significance Counter-strategy Cyber criminals have been able to infiltrate millions of computers located in corporate networks, government sites, military networks, and homes, around the world. While the evidence showing the number of compromised devices is staggering, what is not fully known is what the cyber criminals have learned and collected that could be used to support future attacks and criminal activities. Cyber intelligence data should be leveraged and used to expose internal devices that are communicating with known criminal destinations. Cyber criminals are increasing their ability to use cryptography, code obfuscation, and code packing techniques. Cyber criminals are capitalizing on the broad based appeal of social networking sites to gain a foothold inside of corporate networks. Cyber criminals are now leveraging custom counterfeit hardware with embedded malicious code to establish covert attack vectors. Kernel level root kits are being enhanced with additional capabilities to avoid detection from network based controls. Social networking users are downloading and installing applications that cyber criminals have developed for the purpose of stealing identities and getting access to their network. It is now necessary to examine the supply chain more vigorously in order to detect fraudulent hardware that has been purposely designed to enable espionage and cyber fraud. Binary hash information needs to be collected from computers whenever new binary files are detected and compared against large hash databases. Never before seen binaries need to be analyzed in a sandbox. Additional behavior based browser and proxy security controls should be considered when allowing users to visit social networking sites. Partnerships with government intelligence agencies are becoming a priority and necessity. 12 Cyber espionage: The harsh reality of advanced security threats
14 Organizations are turning to cyber intelligence to enhance their security programs Social networks Cyber criminals Fraudulent services Compromised hosts Underground data Available target data Criminal tradecraft Available target data Peer to peer Malware and exploits Target list Attack tools Search engines External cyber intelligence Internal cyber intelligence Attack vectors Security controls Logs Business processes Business locations Technology inventory Logs Vulnerabilities Residual Risks Vulnerabilities Key suppliers Privileged users Executives and board members 13 Cyber espionage: The harsh reality of advanced security threats
15 Cyber threat management programs Organizations are developing and implementing cyber threat management programs that integrate and enhance existing information security capabilities. Supporting capabilities Core cyber threat intelligence capabilities Supporting capabilities Cyber security education Insider threat detection Cyber threat modeling Cyber security readiness assessment (Red Teaming) Penetration testing Vulnerability management Log collection and analysis Cyber threat intelligence acquisition Cyber threat intelligence capability 3 rd Party threat monitoring Patch management Solution research and development Application security review Emerging threat research Brand monitoring Network and malware forensics Incident response 14 Cyber espionage: The harsh reality of advanced security threats
16 The new approach for cyber security Proactive External Intelligence Internal Data Normalization Enrichment Fusion Raw Data Actionable Intelligence Security Control Updates Authentication Decisions Risk Assessment Technology Investment Intel Vendor Selection and HR Decisions Business Unit Level Decisioning A forward looking security threat management capability 1. Conduct emerging threat research 2. Establish partnerships to collect and share intelligence 3. Assign and prioritize threat focus areas 4. Establish live, dynamic intelligence feeds 5. Implement a holistic approach to security threat identification 6. Actively track the criminal element 7. Perform daily emerging threat reviews 8. Maintain awareness of the changing technology and business environment 9. Patch operating system, network, process, and application vulnerabilities 10. Deploy and maintain signature and behavioral based controls 11. Produce metrics and trending data for multiple key threat indicators 12. Continuously innovate and improve automation capabilities 15 Cyber espionage: The harsh reality of advanced security threats
17 Cyber intelligence functionality and usage framework A comprehensive, holistic cyber threat intelligence framework is required to maximize the value gained from collecting, correlating, enriching and distributing intelligence data. Commercial Feeds Law Enforcement Industry Associations Underground Forums Hash databases GEOIP data Fraud investigations Security event data Abuse mailbox info Vulnerability data Sandboxes Human intelligence Honeynets Malware Forensics Brand monitoring P2P monitoring DNS monitoring Watchlist monitoring External Cyber Threat Intelligence Feeds Internal Threat Intelligence Feeds Proactive Surveillance Near-Real Time Criminal Surveillance Recovered PII & Company Confidential Data Cyber Threat Intelligence Collection Research, and Analysis Process All Source Fusion Ideally, cyber intelligence should flow to a central cyber threat intelligence function to be normalized, enriched, and then distributed to the appropriate function using automation where possible. Risk Assessment Process Urgent security control updates IP reputation data for authentication Threat Intelligence Reporting Risk Acceptance Process Risk Mitigation & Remediation Line of Business Teams Security, Fraud and Operational Risk Teams Proactive Surveillance Proactive Surveillance 3 rd Parties, Subsidiaries 16 Cyber espionage: The harsh reality of advanced security threats
18 Proactive Defense Capability Measuring cyber threat intelligence capability maturity It has been our experience that many of our larger clients are between level 2 and level 3. Cyber Threat Intelligence Capability Maturity Matrix Capability Measurement Area A. Situational Awareness B. Actionable Intelligence C. Malware Forensic Analysis Capability C B A Adaptive Authentication Manual Malware Forensics Brand Monitoring & Awareness Situational Awareness of Threats to Financial Services Sector Automated Security Control Updates Automated Malware Forensic Analysis Process D. Quality of Intelligence E. Depth of Intelligence Distribution F. Proactive Threat Planning G. Event Correlation E D Cyber Intel from Law Enforcement Manual Intelligence Distribution to Limited Audience Cyber Intelligence from Criminal Surveillance Cyber Intelligence Distributed to Fraud Operations Cyber Intelligence from Self Managed HoneyPots & Baiting Operations Cyber Intelligence Distributed to Subsidiaries & Key Suppliers H. Operations I. Type of Intelligence F Manual Cyber Threat Modeling Automated Cyber Threat Modeling Risk Based Decisioning Support G Security Event Management Pilot Security Event Management System with Basic Correlation Cyber Threat Analysis Portal with Targeted Use Case Correlation Insider Threat & Cross Channel Fraud Monitoring I H Help Desk Signature Based Security Controls Security Opertations Center Internal Log Collection Cyber Intelligence Team Focused on General Threats and Hi-Level Security Briefings Commercial Threat Intelligence Feed Cyber Intelligence Analysts Assigned to Technology Categories Threat Specific Open Source Intelligence Feeds Cyber Intelligence Analysts Assigned to Business Functions Self Generated Threat Intelligence Cyber Threat Intelligence Maturity Levels Level 1 Level 2 Level 3 Level 4 Level 5 17 Cyber espionage: The harsh reality of advanced security threats
19 Sample leading practices for a cyber threat intelligence function 1. Organization Resources dedicated toward reviewing and analyzing emerging threats. Annual budget for security control upgrades, new detection tools, and intelligence sources Cyber command center 2. Process Daily regimen to review and communicate emerging threat data Threat matrix Scenario planning 3. Malware forensic capability Ability to rapidly collect and review forensic information from devices that are suspect. Network extrusion monitoring 4. Perimeter monitoring Network conversation recording and reconstruction 5. All Source Intel fusion Automated, monitored, incremental feeds with aging algorithm. Two-way, cross-industry intelligence sharing Contingency plans for loss of intelligence sources 6. Metrics and reporting Regular cyber bulletin updates. Threat briefings by line of business/delivery channel Automated custom alerting based on thresholds 7. Threat modeling Capability to model and analyze the likelihood that an emerging threat will impact an organization and identify where the weaknesses are that will be exposed 8. Threat lifecycle management Case management tools to coordinate cyber incidents across multiple business areas and support organizations 9. Research and development 10. Supporting capabilities Threat intelligence teams should work in conjunction with internal security teams to identify new strategies and solutions for testing and improving the security posture of customer devices and banking applications Patch management Vulnerability management Incident Response Configuration management Security event management 18 Cyber espionage: The harsh reality of advanced security threats
20 Evolving with the changing cyber threat environment Fundamental change in the threat Historical threat landscape Generic attack tools and resources General targeting and exploiting Often easily thwarted by existing security controls Basic methodology and processes Often done in plain sight Focus is finding any information that will work Often noisy and clumsy techniques Need for a fundamental change to security Existing cyber-security landscape Perimeter security focused (Castle mentality) Information silos often based on organization Inwardly focused with manual analysis Signature based and reactive controls Too much data and too many alerts Often resource constrained Focus on preserving the status quo Emerging threat landscape Highly evolved specialized criminal products Able to target specific entities Advanced malware and hardware development Increased use of anonymization Moving beyond traditional security controls More complete attack methodology Increased use of encryption and stealth Increased use of Social Media Increased use of foreign carrier networks Evolving cyber-security landscape Unique solution set for each organization Solutions cannot be mass produced Must be fully integrated with business operations Solutions often require non-cyber integration Outward looking cyber threat intelligence Create security before the emergency! Prevention focused versus reaction focused Process and people focused versus technology Humans are more important than technology Not only more technology; use existing better! Quality is better than quantity! 19 Cyber espionage: The harsh reality of advanced security threats
21 Cyber threat analyst tradecraft Cyber Threat Intelligence Data Acquisition Sources, Proactive Acquisition, Data Normalization Cyber Criminal Profiling Techniques, Methodologies, Tools, and Information Sources for determining how Criminals are currently operating. Cyber Threat Risk Analysis Techniques and Methodologies for understanding likelihood of impact, determining scope, and assessing existing security posture. Network Forensics Tools, Techniques, and Analysis Methods for exposing active compromises, intrusions, and extrusions. Cyber security analyst Emerging Cyber Threat Management Identification, Analysis, Threat Vector Considerations, Security Control Considerations, and Action Planning Malware Forensics Tools, Techniques, and Analysis Methods for examining and understanding malicious code and how it is impacting your organization. Cyber Threat Incident Response Methodologies, Key Tools, Escalation Procedures for handling security incidents and breaches. Cyber Threat Internal Log Collection & Analysis Tools, techniques, behavioral analysis, correlation rules, and threat patterns. Understanding ways to reduce noise levels and properly tune security controls. 20 Cyber espionage: The harsh reality of advanced security threats
22 Special Operations Forces (SOF) Truths Advanced threats have always required advanced capabilities and methodologies to counter them and re-seize the operational momentum. The development and implementation of these advanced capabilities and methodologies has been driven by those who are not satisfied with merely performing the status quo SOF Truths Humans are more important than hardware Quality is better than quantity Special Operations Forces cannot be mass produced Competent Special Operations Forces cannot be created after emergencies occur Most special operations require non-sof assistance Cyber Truths Integrated processes are more important then technology silos Can t chase the latest technology, must employ basic technologies to their fullest potential The cyber Jedi Knight is grown over time Cyber defense is more than incident response; it must include predictive Cyber Intelligence Must be fully integrated into all business processes Sure I am this day we are masters of our fate, that the task which has been set before us is not above our strength; that its pangs and toils are not beyond our endurance. As long as we have faith in our own cause and an unconquerable will to win, victory will not be denied us. 21 Cyber espionage: The harsh reality of advanced security threats Sir Winston Churchill
23 Contact information Rich Baich Principal Deloitte & Touche LLP Cyber espionage: The harsh reality of advanced security threats
24 This presentation contains general information only and Deloitte is not, by means of this presentation, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This presentation is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte, its affiliates, and related entities shall not be responsible for any loss sustained by any person who relies on this presentation. About Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. Please see for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting. Member of Deloitte Touche Tohmatsu Limited
Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model
Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model Stéphane Hurtaud Partner Governance Risk & Compliance Deloitte Laurent De La Vaissière Director Governance Risk & Compliance
More informationInto the cybersecurity breach
Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing
More informationThreat Intelligence & Analytics Cyber Threat Intelligence and how to best understand the adversary s operations
Threat Intelligence & Analytics Cyber Threat Intelligence and how to best understand the adversary s operations September 2015 Copyright 2015 Deloitte Development LLC. All rights reserved. This presentation
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationSymantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team
Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................
More informationAdvanced Threat Protection with Dell SecureWorks Security Services
Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5
More informationCyber Security Metrics Dashboards & Analytics
Cyber Security Metrics Dashboards & Analytics Feb, 2014 Robert J. Michalsky Principal, Cyber Security NJVC, LLC Proprietary Data UNCLASSIFIED Agenda Healthcare Sector Threats Recent History Security Metrics
More informationThe FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED
The FBI Cyber Program Bauer Advising Symposium October 11, 2012 Today s Agenda What is the threat? Who are the adversaries? How are they attacking you? What can the FBI do to help? What can you do to stop
More informationPerspectives on Cybersecurity in Healthcare June 2015
SPONSORED BY Perspectives on Cybersecurity in Healthcare June 2015 Workgroup for Electronic Data Interchange 1984 Isaac Newton Square, Suite 304, Reston, VA. 20190 T: 202-618-8792/F: 202-684-7794 Copyright
More informationDefending Against Cyber Attacks with SessionLevel Network Security
Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive
More informationPractical Steps To Securing Process Control Networks
Practical Steps To Securing Process Control Networks Villanova University Seminar Rich Mahler Director, Commercial Cyber Solutions Lockheed Martin Lockheed Martin Corporation 2014. All Rights Reserved.
More informationGetting real about cyber threats: where are you headed?
Getting real about cyber threats: where are you headed? Energy, utilities and power generation companies that understand today s cyber threats will be in the best position to defeat them June 2011 At a
More informationAddressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave
More informationEMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security Evangelist @StephenCoty
EMERGING THREATS & STRATEGIES FOR DEFENSE Stephen Coty Chief Security Evangelist @StephenCoty Industry Analysis 2014 Data Breaches - Ponemon Ponemon 2014 Data Breach Report *Statistics from 2013 Verizon
More informationCyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen. 14th Annual Risk Management Convention
Cyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen 14th Annual Risk Management Convention New York, New York March 13, 2013 Today s Presentation 1)
More informationThe Next Generation Security Operations Center
The Next Generation Security Operations Center Vassil Barsakov Regional Manager, CEE & CIS RSA, the Security Division of EMC 1 Threats are Evolving Rapidly Criminals Petty criminals Unsophisticated Organized
More informationA New Approach to Assessing Advanced Threat Solutions
A New Approach to Assessing Advanced Threat Solutions December 4, 2014 A New Approach to Assessing Advanced Threat Solutions How Well Does Your Advanced Threat Solution Work? The cyber threats facing enterprises
More informationWho Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015
Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders
More informationComprehensive Advanced Threat Defense
1 Comprehensive Advanced Threat Defense June 2014 PAGE 1 PAGE 1 1 INTRODUCTION The hot topic in the information security industry these days is Advanced Threat Defense (ATD). There are many definitions,
More informationUnknown threats in Sweden. Study publication August 27, 2014
Unknown threats in Sweden Study publication August 27, 2014 Executive summary To many international organisations today, cyber attacks are no longer a matter of if but when. Recent cyber breaches at large
More informationSeptember 20, 2013 Senior IT Examiner Gene Lilienthal
Cyber Crime September 20, 2013 Senior IT Examiner Gene Lilienthal The following presentation are views and opinions of the speaker and does not necessarily reflect the views of the Federal Reserve Bank
More informationFighting Advanced Threats
Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationGregg Gerber. Strategic Engagement, Emerging Markets
Government of Mauritius Gregg Gerber Strategic Engagement, Emerging Markets 2 (Advanced) Persistent Targeted attacks 2010 2011 2012 Time 1986-1991 Era of Discovery 1992-1998 Era of Transition 1999-2005
More informationWRITTEN TESTIMONY OF
WRITTEN TESTIMONY OF KEVIN MANDIA CHIEF EXECUTIVE OFFICER MANDIANT CORPORATION BEFORE THE SUBCOMMITTEE ON CRIME AND TERRORISM JUDICIARY COMMITTEE UNITED STATES SENATE May 8, 2013 Introduction Thank you
More informationUnified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice
Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice Introduction There are numerous statistics published by security vendors, Government
More informationBreaking the Cyber Attack Lifecycle
Breaking the Cyber Attack Lifecycle Palo Alto Networks: Reinventing Enterprise Operations and Defense March 2015 Palo Alto Networks 4301 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com
More informationCyber - Security and Investigations. Ingrid Beierly August 18, 2008
Cyber - Security and Investigations Ingrid Beierly August 18, 2008 Agenda Visa Cyber - Security and Investigations Today s Targets Recent Attack Patterns Hacking Statistics (removed) Top Merchant Vulnerabilities
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More informationCyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.
Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control
More informationCYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS
CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS PREPARING FOR ADVANCED CYBER THREATS Cyber attacks are evolving faster than organizations
More informationAdvanced Threats: The New World Order
Advanced Threats: The New World Order Gary Lau Technology Consulting Manager Greater China gary.lau@rsa.com 1 Agenda Change of Threat Landscape and Business Impact Case Sharing Korean Incidents EMC CIRC
More informationZak Khan Director, Advanced Cyber Defence
Securing your data, intellectual property and intangible assets from cybercrime Zak Khan Director, Advanced Cyber Defence Agenda (16 + optional video) Introduction (2) Context Global Trends Strategic Impacts
More informationIMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE
IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE Solution Brief SUMMARY New security threats demand a new approach to security management. Security teams need a security analytics architecture that can handle
More informationCyberArk Privileged Threat Analytics. Solution Brief
CyberArk Privileged Threat Analytics Solution Brief Table of Contents The New Security Battleground: Inside Your Network...3 Privileged Account Security...3 CyberArk Privileged Threat Analytics : Detect
More informationAgenda. 3 2012, Palo Alto Networks. Confidential and Proprietary.
Agenda Evolution of the cyber threat How the cyber threat develops Why traditional systems are failing Need move to application controls Need for automation 3 2012, Palo Alto Networks. Confidential and
More informationAddressing Cyber Risk Building robust cyber governance
Addressing Cyber Risk Building robust cyber governance Mike Maddison Partner Head of Cyber Risk Services The future of security The business environment is changing The IT environment is changing The cyber
More informationTargeted Intrusion Remediation: Lessons From The Front Lines. Jim Aldridge
Targeted Intrusion Remediation: Lessons From The Front Lines Jim Aldridge All information is derived from MANDIANT observations in non-classified environments. Information has beensanitized where necessary
More informationCyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats
Cyber4sight TM Threat Intelligence Services Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats Preparing for Advanced Cyber Threats Cyber attacks are evolving faster than organizations
More informationAccenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges
Accenture Intelligent Security for the Digital Enterprise Archer s important role in solving today's pressing security challenges The opportunity to improve cyber security has never been greater 229 2,287
More informationCybersecurity and internal audit. August 15, 2014
Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices
More informationManaged Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint?
Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint? Why? Focused on Managed Intrusion Security Superior-Architected Hardened Technology Security
More informationIBM Security re-defines enterprise endpoint protection against advanced malware
IBM Security re-defines enterprise endpoint protection against advanced malware Break the cyber attack chain to stop advanced persistent threats and targeted attacks Highlights IBM Security Trusteer Apex
More informationInformation Security Services
Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual
More informationAfter the Attack. The Transformation of EMC Security Operations
After the Attack The Transformation of EMC Security Operations Thomas Wood Senior Systems Engineer, GSNA CISSP RSA, The Security Division of EMC Thomas.WoodJr@rsa.com 1 Agenda Review 2011 Attack on RSA
More information7 Things All CFOs Should Know About Cyber Security
Insero & Company s Accounting & Finance Education Series Presents 7 Things All CFOs Should Know About Cyber Security September 23, 2014 Michael Montagliano Chief Technologist, IV4. Inc. CERTIFIED PUBLIC
More informationDeveloping Secure Software in the Age of Advanced Persistent Threats
Developing Secure Software in the Age of Advanced Persistent Threats ERIC BAIZE EMC Corporation DAVE MARTIN EMC Corporation Session ID: ASEC-201 Session Classification: Intermediate Our Job: Keep our Employer
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationCovert Operations: Kill Chain Actions using Security Analytics
Covert Operations: Kill Chain Actions using Security Analytics Written by Aman Diwakar Twitter: https://twitter.com/ddos LinkedIn: http://www.linkedin.com/pub/aman-diwakar-ccie-cissp/5/217/4b7 In Special
More informationASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES
ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming
More informationCybersecurity Awareness. Part 1
Part 1 Objectives Discuss the Evolution of Data Security Define and Discuss Cybersecurity Review Threat Environment Part 1 Discuss Information Security Programs s Enhancements for Cybersecurity Risks Threat
More informationAddressing the Full Attack Continuum: Before, During, and After an Attack. It s Time for a New Security Model
White Paper Addressing the Full Attack Continuum: Before, During, and After an Attack It s Time for a New Security Model Today s threat landscape is nothing like that of just 10 years ago. Simple attacks
More informationData Breach Lessons Learned. June 11, 2015
Data Breach Lessons Learned June 11, 2015 Introduction John Adams, CISM, CISA, CISSP Associate Director Security & Privacy 410.707.2829 john.adams@protiviti.com Powerful Insights. Proven Delivery. Kevin
More informationTop 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath
ebook Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath Protecting against downstream fraud attacks in the wake of large-scale security breaches. Digital companies can no longer trust static login
More informationRetail Security: Enabling Retail Business Innovation with Threat-Centric Security.
Retail Security: Enabling Retail Business Innovation with Threat-Centric Security. 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco public information. (1110R) 1 In the past
More informationSolution Path: Threats and Vulnerabilities
Solution Path: Threats and Vulnerabilities Published: 24 January 2012 Burton IT1 Research G00226331 Analyst(s): Dan Blum This solution path helps Gartner clients develop a strategy and program for managing
More informationA BUSINESS CASE FOR BEHAVIORAL ANALYTICS. White Paper
A BUSINESS CASE FOR BEHAVIORAL ANALYTICS White Paper Introduction What is Behavioral 1 In a world in which web applications and websites are becoming ever more diverse and complicated, running them effectively
More informationKey Cyber Risks at the ERP Level
Key Cyber Risks at the ERP Level Process & Industrial Products (P&IP) Sector December, 2014 Today s presenters Bhavin Barot, Sr. Manager Deloitte & Touche LLP Goran Ristovski, Manager Deloitte & Touche
More informationSecurity Architecture: From Start to Sustainment. Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013
Security Architecture: From Start to Sustainment Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013 Security Architecture Topics Introduction Reverse Engineering the Threat Operational
More informationBREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT
BREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT Rashmi Knowles RSA, The Security Division of EMC Session ID: Session Classification: SPO-W07 Intermediate APT1 maintained access to
More informationIntelligence Driven Security
Intelligence Driven Security RSA Advanced Cyber Defense Workshop Shane Harsch Senior Solutions Principal, RSA 1 Agenda Approach & Activities Operations Intelligence Infrastructure Reporting & Top Findings
More informationInformation Security Threats and Strategies. Ted Ericson Product Marketing - ASI
Information Security Threats and Strategies Ted Ericson Product Marketing - ASI Agenda Security breaches today Attack vector mitigation Secure web implementation Penetration testing ASI Corporate Security
More informationSession 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness
Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness Wayne A. Wheeler The Aerospace Corporation GSAW 2015, Los Angeles, CA, March 2015 Agenda Emerging cyber
More informationWhite Paper. Advantage FireEye. Debunking the Myth of Sandbox Security
White Paper Advantage FireEye Debunking the Myth of Sandbox Security White Paper Contents The Myth of Sandbox Security 3 Commercial sandbox evasion 3 Lack of multi-flow analysis and exploit detection 3
More informationIBM SECURITY QRADAR INCIDENT FORENSICS
IBM SECURITY QRADAR INCIDENT FORENSICS DELIVERING CLARITY TO CYBER SECURITY INVESTIGATIONS Gyenese Péter Channel Sales Leader, CEE IBM Security Systems 12014 IBM Corporation Harsh realities for many enterprise
More informationCombatting the Biggest Cyber Threats to the Financial Services Industry. A White Paper Presented by: Lockheed Martin Corporation
Combatting the Biggest Cyber Threats to the Financial Services Industry A White Paper Presented by: Lockheed Martin Corporation Combatting the Biggest Cyber Threats to the Financial Services Industry Combatting
More informationWHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.
WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY. A guide for IT security from BIOS The Problem SME s, Enterprises and government agencies are under virtually constant attack today. There
More informationAn New Approach to Security. Chris Ellis McAfee Senior System Engineer Chris_Ellis@McAfee.com
An New Approach to Security Chris Ellis McAfee Senior System Engineer Chris_Ellis@McAfee.com Advanced Targeted Attack Challenges Criminal Theft Sabotage Espionage After the Fact Expensive Public Uncertainty
More informationEnterprise Cybersecurity: Building an Effective Defense
: Building an Effective Defense Chris Williams Scott Donaldson Abdul Aslam 1 About the Presenters Co Authors of Enterprise Cybersecurity: How to Implement a Successful Cyberdefense Program Against Advanced
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationSeven Things To Consider When Evaluating Privileged Account Security Solutions
Seven Things To Consider When Evaluating Privileged Account Security Solutions Contents Introduction 1 Seven questions to ask every privileged account security provider 4 1. Is the solution really secure?
More informationAttack Intelligence: Why It Matters
Attack Intelligence: Why It Matters WHITE PAPER Core Security +1 617.399-6980 info@coresecurity.com www.coresecurity.com A Proactive Strategy Attacks against your organization are more prevalent than ever,
More informationKASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
More informationEnterprise Cybersecurity: Building an Effective Defense
Enterprise Cybersecurity: Building an Effective Defense Chris Williams Oct 29, 2015 14 Leidos 0224 1135 About the Presenter Chris Williams is an Enterprise Cybersecurity Architect at Leidos, Inc. He has
More informationProtecting Your Data, Intellectual Property, and Brand from Cyber Attacks
White Paper Protecting Your Data, Intellectual Property, and Brand from Cyber Attacks A Guide for CIOs, CFOs, and CISOs White Paper Contents The Problem 3 Why You Should Care 4 What You Can Do About It
More informationRETHINKING CYBER SECURITY
RETHINKING CYBER SECURITY CHANGING THE BUSINESS CONVERSATION INTRODUCTION Advanced Persistent Threats (APTs) and advanced malware have been plaguing IT professionals for over a decade. During that time,
More informationWHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform
WHITE PAPER Cloud-Based, Automated Breach Detection The Seculert Platform Table of Contents Introduction 3 Automatic Traffic Log Analysis 4 Elastic Sandbox 5 Botnet Interception 7 Speed and Precision 9
More informationTechnical Testing. Network Testing DATA SHEET
DATA SHEET Technical Testing Network Testing The Dell SecureWorks Technical Testing services deliver the independent expertise, experience and perspective you need to enhance your security posture, reduce
More informationUnderstanding and Responding to the Five Phases of Web Application Abuse
Understanding and Responding to the Five Phases of Web Application Abuse Al Huizenga Director of Product Management Kyle Adams Chief Architect Mykonos Software Mykonos Software Copyright 2012 The Problem
More informationCan We Become Resilient to Cyber Attacks?
Can We Become Resilient to Cyber Attacks? Nick Coleman, Global Head Cyber Security Intelligence Services December 2014 Can we become resilient National Security, Economic Espionage Nation-state actors,
More informationNetwork Security Redefined Vectra s cybersecurity thinking machine detects and anticipates attacks in real time
White Paper Network Security Redefined Vectra s cybersecurity thinking machine detects and anticipates attacks in real time Executive Overview All organizations have infected hosts inside their networks.
More informationDigital Evidence and Threat Intelligence
Digital Evidence and Threat Intelligence 09 November 2015 Mark Clancy CEO www.soltra.com @soltraedge External Threats Growing 117,339 incoming attacks every day The total number of security incidents detected
More informationSupplier Vigilance: A Critical Layer of Defense
Supplier Vigilance: A Critical Layer of Defense Lockheed Martin Information Security 1 Supply Chain Cyber Security Lockheed Martin October 23, 2013 Debbie Stuckey Waide Jones, CISSP 2 Synopsis Lockheed
More informationRETHINKING CYBER SECURITY
RETHINKING CYBER SECURITY Introduction Advanced Persistent Threats (APTs) and advanced malware have been plaguing IT professionals for over a decade. During that time, the traditional cyber security vendor
More informationWAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales
WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales The Cost of Cybercrime Sony $171m PlayStation 3 data breach (April 2011) $3 trillion
More informationThreat Intelligence: The More You Know the Less Damage They Can Do. Charles Kolodgy Research VP, Security Products
Threat Intelligence: The More You Know the Less Damage They Can Do Charles Kolodgy Research VP, Security Products IDC Visit us at IDC.com and follow us on Twitter: @IDC 2 Agenda Evolving Threat Environment
More informationCyber Intelligence Workforce
Cyber Intelligence Workforce Troy Townsend Melissa Kasan Ludwick September 17, 2013 Agenda Project Background Research Methodology Findings Training and Education Project Findings Workshop Results Objectives
More informationBig Data Analytics in Network Security: Computational Automation of Security Professionals
February 13, 2015 Big Data Analytics in Network Security: Computational Automation of Security Professionals Stratecast Analysis by Frank Dickson Stratecast Perspectives & Insight for Executives (SPIE)
More informationGetting Ahead of Malware
IT@Intel White Paper Intel Information Technology Security December 2009 Getting Ahead of Malware Executive Overview Since implementing our security event monitor and detection processes two years ago,
More informationConcierge SIEM Reporting Overview
Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts
More informationAdvanced Persistent Threats
Advanced Persistent Threats Craig Harwood Channel Manager SADC and Indian Ocean Islands 1 Agenda Introduction Today s Threat landscape What is an Advance persistent Threat How are these crimes perpetrated
More informationIncident Response. Proactive Incident Management. Sean Curran Director
Incident Response Proactive Incident Management Sean Curran Director Agenda Incident Response Overview 3 Drivers for Incident Response 5 Incident Response Approach 11 Proactive Incident Response 17 2 2013
More informationAnti-exploit tools: The next wave of enterprise security
Anti-exploit tools: The next wave of enterprise security Intro From malware and ransomware to increasingly common state-sponsored attacks, organizations across industries are struggling to stay ahead of
More informationBy John Pirc. THREAT DETECTION HAS moved beyond signature-based firewalls EDITOR S DESK SECURITY 7 AWARD WINNERS ENHANCED THREAT DETECTION
THE NEXT (FRONT) TIER IN SECURITY When conventional security falls short, breach detection systems and other tier 2 technologies can bolster your network s defenses. By John Pirc THREAT HAS moved beyond
More informationSPEAR-PHISHING ATTACKS
SPEAR-PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM WHITE PAPER RECENTLY, THERE HAS BEEN A RAPID AND DRAMATIC SHIFT FROM BROAD SPAM ATTACKS TO TARGETED EMAIL-BASED-PHISHING CAMPAIGNS THAT
More informationProtecting against cyber threats and security breaches
Protecting against cyber threats and security breaches IBM APT Survival Kit Alberto Benavente Martínez abenaventem@es.ibm.com IBM Security Services Jun 11, 2015 (Madrid, Spain) 12015 IBM Corporation So
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More informationwww.pwc.com/us/cyber Statement of Qualifications Cybercrime & data breach
www.pwc.com/us/cyber Statement of Qualifications Cybercrime & data breach Contents Countering cyber threats and fraud Cyber forensics and investigative services Cyber forensics and investigations Past
More informationwww.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14
www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit (4:30-5:30) Draft v8 2-25-14 Common Myths 1. You have not been hacked. 2. Cyber security is about keeping the
More informationIntroduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec
Introduction Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec More than 20 years of experience in cybersecurity specializing
More information