Preventing Attackers from Getting What They Want
|
|
- Myrtle King
- 7 years ago
- Views:
Transcription
1 Preventing Attackers from Getting What They Want A Case for Context-Based Authentication Written by Keith Graham, CTO, SecureAuth November 2014 Whitepaper
2 Executive Overview Attacks on organizations are in the news every day. How can your organization keep from becoming tomorrow s headline? This white paper can help. We ll explore the anatomy of an attack how attackers gain a foothold and move laterally inside your organization to achieve their goal of stealing valuable information. Then we ll see why government and military organizations, including the NSA, accept that preventive measures inevitably fail, and choose to focus instead on limiting attackers ability to do damage and responding to incidents when they occur. We ll see how two-factor authentication can help and why traditional twofactor alone may be insufficient. Finally, we ll explore a powerful strategy that can supplement two-factor authentication: context-based authentication. Assert Your Identity 2
3 Table Of Contents Whitepaper 1 Executive Overview 2 Introduction 4 Uncovering Attacks and Responding Appropriately 4 The Benefits and Realities of Two-Factor Authentication 6 Context-based Authentication 7 Techniques for Context-based Authentication 8 Conclusion 11 Assert Your Identity 3
4 Introduction How Attackers Compromise Organizations Attackers commonly use a combination of social engineering and malware to penetrate an organization, often in the form of an phishing attack. They target an organization using information harvested via social engineering, social media, and open source data, and then lure unsuspecting users into downloading malware onto their computers. Once the malware is deployed and the attackers have established an initial foothold, they often try to obtain legitimate credentials (often with a privileged level of access) or create new credentials, so that they can move laterally and perform reconnaissance within the organization. Figure 1 details the anatomy of a typical attack. Attackers often remain present in the target organization for long periods of time, often hundreds of days, moving laterally to conduct reconnaissance and gain high levels of access. At this point, it s likely that the attacker is no longer using malware; rather, a human actor is using the legitimate credentials that have been obtained or created, and blending in with the legitimate activity in the environment. Once the attackers have found what they re looking for, they will complete their mission by staging the data they re after anything from intellectual property to financial data and complete the process of stealing what they ve found (sometimes called exfiltration or simply exfil ). Maintain Presence Attacker Penetrate Establish Foothold Escalate Privileges Move Laterally Complete Mission Figure 1: Once attackers penetrate an organization and establish a foothold, they often remain present for months until they find the data they re looking for. Uncovering Attacks and Responding Appropriately How Organizations Learn of Breaches An organization that has sufficient resources, mature security practices, and appropriate security products might be able detect forensic artifacts that indicate that an attacker is inside their environment. These artifacts could include evidence that malware has been used, evidence of lateral movement, or the discovery of staged data that is ready to be moved externally or already in the process of being stolen. Assert Your Identity 4
5 Most organizations, however, do not even realize they ve been breached until they are informed by a third party. Sometimes this is a law enforcement agency that is investigating another organization s breach and that has found evidence linking the two organizations; other times, the news comes from an investigating third party, such as a contracted incident response company who uncovers artifacts of an attack. Incident Response and Remediation When an organization learns in any of these ways that it has been breached, the next step is to conduct incident response: Starting with forensic analysis of the endpoints and servers initially known to be compromised, the incident responders attempt to determine the reach of the attack. They need to investigate to the point where they can no longer find further evidence of lateral movement. Once that investigatory boundary has been established, the next step is remediation. Remediation typically involves: + + Shutting down all external internet access to the organization (yes, all of it) + + Implementing two-factor authentication for access to sensitive data and applications + + Re-imaging compromised endpoints and servers + + Resetting all passwords + + Removing any user accounts and access compromised or created by the attackers Legal steps depend on the type of attack. The investigating body may vary depending on the type of organization that was penetrated, the nature of the attack, and the profile of the attacker. There are rarely legal repercussions in the case of attacks conducted by nation states or cyber criminal gangs operating offshore. While some international efforts have been successful at achieving penalties, we do not really see, for example, a company in the defense industrial base issuing charges against a nation state for launching an attack and stealing their intellectual property. The SANS Institute does publish best practices for responding to a breach that can provide some guidance in terms of process. However, a proper incident response and full forensics investigation requires extensive expertise. Preventive Measures Many technologies and approaches have been developed to help secure the perimeter of the organization. Organizations can and do try to detect the presence of malware on the network (by detecting its command-and-control communication), and the presence and execution of malware on the endpoints and servers. But hackers are both clever and highly motivated by the potential rewards, so it s inevitable that they will overcome any preventative method, sooner or later. Assert Your Identity 5
6 Many U.S. military and government organizations have already adopted the position that preventative security will always fail, and the only way to truly be secure is to constantly look for evidence of a breach and then respond appropriately with an incident response. For example, Reuters reports that the director of the U.S. National Security Agency (NSA) Information Assurance Directorate, Debora Plunkett, told a cyber security forum, We have to build our systems on the assumption that adversaries will get in. The UK and other European intelligence agencies have a similar mindset. This advanced perspective has not yet been broadly accepted, but it should be. Being prepared to perform a thorough incident response when breached is the only surefire way of being secure. But exactly how can your organization tighten the net around attackers? The Benefits and Realities of Two-Factor Authentication Where Two-Factor Authentication Can Help As noted above, one common recommendation during an incident response is to implement two-factor authentication to protect critical data and infrastructure, as well as the actual incident response tools and infrastructure. Attackers often use legitimate credentials to log back in via VPN to an organization that they ve compromised (again, blending in with the legitimate, day-to-day network activity). By requiring something you have (such as a hardware security token or a biometric identifier like a fingerprint) as well as something you know (a password), two-factor authentication limits the usefulness of any credentials that attackers may have acquired or created, thereby restricting their ability to move laterally within the organization (see Figure 2). Maintain Presence Attacker Penetrate Establish Foothold Escalate Privileges Move Laterally Complete Mission 2-Factor Authentication Figure 2: Two-factor authentication can help during the later stages of an attack by limiting the usefulness of any acquired credentials. Limitations of Two-Factor Authentication However, two-factor authentication isn t cheap. It can be costly to implement, and it can also be costly in terms of the user experience, adding a layer of complexity that disrupts legitimate user activity, increasing frustration and hurting productivity. Assert Your Identity 6
7 Moreover, two-factor authentication isn t infallible, as we now know thanks to the reports on the Operation Emmental attacks on Swiss and German banks, which enabled attackers to scrape SMS one-time passwords (OTPs) off customers Android phones. Context-based Authentication Understanding Context-based Authentication What options do organizations have in trying to stop or at least slow down an attacker who is moving laterally or trying to circumvent two-factor authentication? Context-based authentication. Context-based authentication enables an organization to create rules that determine whether and how a given authentication process should proceed based on context. Context can include: + + Verifying characteristics of the user s device (the device fingerprint ) + + Checking the reputation of the IP address of the user s machine against black lists + + Comparing the user s group membership information to identities in a directory or user store + + Comparing the user s current physical location against known good or bad locations (geo-fencing) + + Analyzing the user s current physical location against the location of the previous logon (geo-velocity) + + Comparing the user s measurable behaviors against an established baseline While each of these techniques on its own could be circumvented, combining several or all of them offers a promising solution. Security is about layers, and context-based authentication does exactly that it uses layers. Using multiple contextual factors pre-authorization, it builds a risk profile that can be used to determine whether to allow the user to proceed to actual authentication. Maintain Presence Attacker Penetrate Establish Foothold Escalate Privileges Move Laterally Complete Mission Context Based Authentication Figure 3: Like two-factor authentication, context-based authentication can thwart an attacker s ability to move laterally and escalate privileges inside the organization. Assert Your Identity 7
8 An Alternative or a Complement to Two-Factor Authentication Context-based authentication can be implemented either as an alternative to two-factor authentication, or as a complement to it: + + Some forms of context-based authentication, such as device fingerprinting, actually can constitute two-factor authentication, although this is a debatable point. + + Context-based authentication can be used in conjunction with two-factor authentication, reducing the burden on users by requiring two-factor only when a login is deemed to involve a certain level of risk. For example, in such a step-up approach, if geo-fencing data together with behavioral analysis raises sufficient suspicion about a particular authentication request, rather than simply denying the request outright, the system can require two-factor authentication. Techniques for Context-based Authentication Organizations can tailor context-based authentication to achieve the level of security they deem appropriate by combining some or all of the techniques mentioned earlier. Let s explore each one in further detail. Device Registration and Fingerprinting Device fingerprinting is typically a two-stage process: on first-time authentication, the solution registers an endpoint, and on subsequent authentications, it validates the endpoint against the stored device fingerprint. The device fingerprint comprises a set of characteristics about that endpoint, such as: + + Web browser configuration + + Language + + Installed fonts +Browser + plug-ins + + Device IP address +Screen + resolution + + Browser cookie settings + + Time zone Assert Your Identity 8
9 Source IP Reputation Data Context-based authentication uses IP reputation data, or blacklists of IP addresses, to deny or step up authentication. For example, your organization can deny authentication if the IP address of a user s machine is part of the Tor anonymity network or a known botnet, or an IP/subnet associated with known bad actors. LOCATION IP Changsha, China Unknown, Mil/Gov Changsha, Hong Kong Chicago, United States Mnster, Germany Hafei, China Unknown, Netherlands Unknown, Mil/Gov Figure 4: Context-based authentication can deny access based on source IP reputation data. Identity Store Lookup Once attackers have access to your network, in addition to stealing existing credentials, they often create new ones. However, they often fail to create users correctly, with appropriate group membership and attributes. Therefore, by comparing a user s current information with the corresponding information kept in a directory or user store, you can thwart attackers attempting to use credentials they have created. Geo-location Context-based authentication can compare a user s current geographical location (a meaningful, physical location) against known good or bad locations and act accordingly. For example, users on a campus location can be approved while users attempting to authenticate from outside of the campus can be denied. Assert Your Identity 9
10 Geo-fencing Context-based authentication can also base decisions on a geographical area or a virtual barrier if the user s location is outside of a certain proximity, then assign additional risk or deny the authentication attempt. Figure 5: Using geo-fencing as part of context-based authentication Geo-velocity Using a user s geo-location and login history together can also help prevent malicious access. For example, if a user logged in at 2 p.m. PST in California, it is reasonable to deny that user s logon attempt at 7 p.m. EST from the East Coast. User Logs in at 2pm PST User Logs in at 7pm EST Figure 6: Using a user s geo-location and login history together (geo-velocity), context-based authentication can deny access based on an improbable travel event. Assert Your Identity 10
11 Behavioral Analysis Over time, a solution can gather information about the way that a given user interacts with the device, such as: + + Keystroke dynamics + + Mouse movements + + Gesture and touch + + Motion patterns Obviously the type of interaction depends on the device; however, there are approaches for analyzing these measurable behaviors that are accurate enough now to help identify individuals, so later authentication attempts that fall outside established behavior patterns can be denied or forced through a stepped-up authentication. Conclusion As even the NSA itself has acknowledged, organizations cannot rely on preventative methods to keep attackers out. But you can tighten the net around attackers. Context-based authentication is a powerful, layered approach that limits the ability of attackers to move laterally within your organization and use any credentials they compromise or create to steal valuable intellectual property, financial data, or other sensitive information. Context-based authentication can be tailored to your organization s risk tolerance, enabling you to balance security with a better user experience. You can use several or all of the techniques detailed in this paper in concert to build a risk profile that determines how to handle an authentication request: allow, deny, or step up. Users are unaware of the context-based authentication processes and are not burdened by two-factor authentication unless it is deemed necessary. Assert Your Identity 11
12 ABOUT KEITH GRAHAM Keith Graham is Chief Technology Officer at SecureAuth Corporation. His expertise comes from 15 years in security, product management, product development, and consulting at companies such as Mandiant, FireEye and Quest Software. As CTO, Graham leads product development and plays a major role in the creation and development of innovative features and upgrades for all of SecureAuth s enterprise security solutions. ABOUT SECUREAUTH Based in Irvine, California, SecureAuth offers identity and information security solutions that deliver innovative access control for cloud, mobile, web and VPN systems to over 5 million users worldwide. SecureAuth IdP provides multi-factor authentication and single sign-on (SSO) in one solution. Its unique architecture enables organizations to leverage legacy infrastructures while also embracing next-generation technologies, so you can preserve your existing investments while also meeting today s security challenges. For the latest insights on secure access control, follow the SecureAuth blog, on Twitter, or visit Assert Your Identity 12
13 8965 Research Drive Irvine, CA p: f: secureauth.com
White Paper. Defending Against Advanced Threats at the Identity Perimeter
White Paper Defending Against Advanced Threats at the Identity Perimeter Written by Keith Graham, Chief Technology Officer, SecureAuth Stephen Cox, Chief Security Architect, SecureAuth May 2015 Introduction
More informationWhite Paper. FFIEC Authentication Compliance Using SecureAuth IdP
White Paper FFIEC Authentication Compliance Using SecureAuth IdP September 2015 Introduction Financial institutions today face an important challenge: They need to comply with guidelines established by
More informationWhite Paper. What is an Identity Provider, and Why Should My Organization Become One?
White Paper What is an Identity Provider, and Why Should My Organization Become One? May 2015 Executive Overview Tame Access Control Security Risks: Become an Identity Provider (IdP) Organizations today
More informationTop 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath
ebook Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath Protecting against downstream fraud attacks in the wake of large-scale security breaches. Digital companies can no longer trust static login
More informationdefending against advanced persistent threats: strategies for a new era of attacks agility made possible
defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been
More informationUser Behavior Analytics: A New Approach to Detection and Response
User Behavior Analytics: A New Approach to Detection and Response The Typical CEO Data Breach Letter Attackers gained unauthorized access I personally apologize to each of you. Information accessed may
More informationStrong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment
Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment IIIIII Best Practices www.gemalto.com IIIIII Table of Contents Strong Authentication and Cybercrime... 1
More informationIntroduction to SAML
Introduction to THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY Introduction to Introduction In today s world of rapidly expanding and growing software development; organizations, enterprises and governments
More informationAddressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave
More informationWhite Paper. Revolutionizing Remote Secure Access: Strong, Adaptive Authentication for Healthcare
White Paper Revolutionizing Remote Secure Access: Strong, Adaptive Authentication for Healthcare June 2015 Introduction The primacy of healthcare cyber security is accompanied by challenges unique to the
More informationSPEAR-PHISHING ATTACKS
SPEAR-PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM WHITE PAPER RECENTLY, THERE HAS BEEN A RAPID AND DRAMATIC SHIFT FROM BROAD SPAM ATTACKS TO TARGETED EMAIL-BASED-PHISHING CAMPAIGNS THAT
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationBeyond passwords: Protect the mobile enterprise with smarter security solutions
IBM Software Thought Leadership White Paper September 2013 Beyond passwords: Protect the mobile enterprise with smarter security solutions Prevent fraud and improve the user experience with an adaptive
More informationProtecting Your Data From The Inside Out UBA, Insider Threats and Least Privilege in only 10 minutes!
We protect your most sensitive information from insider threats. Protecting Your Data From The Inside Out UBA, Insider Threats and Least Privilege in only 10 minutes! VARONIS SYSTEMS About Me Dietrich
More informationONLINE AND MOBILE BANKING, YOUR RISKS COVERED
ONLINE AND MOBILE BANKING, YOUR RISKS COVERED WITH KASPERSKY FRAUD PREVENTION ONLINE AND MOBILE BANKING, YOUR RISKS COVERED WITH KASPERSKY FRAUD PREVENTION Financial fraud is a serious risk with damaging
More informationTeradata and Protegrity High-Value Protection for High-Value Data
Teradata and Protegrity High-Value Protection for High-Value Data 03.16 EB7178 DATA SECURITY Table of Contents 2 Data-Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:
More informationAdvanced Threat Protection with Dell SecureWorks Security Services
Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5
More informationMedia Shuttle s Defense-in- Depth Security Strategy
Media Shuttle s Defense-in- Depth Security Strategy Introduction When you are in the midst of the creative flow and tedious editorial process of a big project, the security of your files as they pass among
More informationWhitepaper on AuthShield Two Factor Authentication and Access integration with Microsoft outlook using any Mail Exchange Servers
Whitepaper on AuthShield Two Factor Authentication and Access integration with Microsoft outlook using any Mail Exchange Servers By INNEFU Labs Pvt. Ltd Table of Contents 1. Overview... 3 2. Threats to
More informationDevice Fingerprinting and Fraud Protection Whitepaper
Device Fingerprinting and Fraud Protection Whitepaper 1 of 6 Table Of Contents 1 Overview... 3 2 What is Device Fingerprinting?... 3 3 Why is Device fingerprinting necessary?... 3 4 How can Device Fingerprinting
More informationClosing the Biggest Security Hole in Web Application Delivery
WHITE PAPER DECEMBER 2014 Closing the Biggest Security Hole in Web Application Delivery Addressing Session Hijacking with CA Single Sign-On Enhanced Session Assurance with DeviceDNA Martin Yam CA Security
More informationWhat Do You Mean My Cloud Data Isn t Secure?
Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there
More informationYour Network Has Been Compromised. Is It Time To Reevaluate Your Traditional Cybersecurity Paradigms?
SOLUTION BRIEF Identity and Access Management Solutions from CA Technologies for Government Agencies Your Network Has Been Compromised. Is It Time To Reevaluate Your Traditional Cybersecurity Paradigms?
More informationWHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS
WHITEPAPER SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS EXECUTIVE OVERVIEW 2-Factor as a Service (2FaaS) is a 100% cloud-hosted authentication solution that offers flexible security without compromising user
More informationWHITEPAPER SAML ALONE IS NOT SECURE - HERE S HOW TO FIX IT
WHITEPAPER SAML ALONE IS NOT SECURE - HERE S HOW TO FIX IT Executive Overview SAML (Security Assertion Markup Language) is a standard that facilitates the exchange of security information. Developed by
More informationA brief on Two-Factor Authentication
Application Note A brief on Two-Factor Authentication Summary This document provides a technology brief on two-factor authentication and how it is used on Netgear SSL312, VPN Firewall, and other UTM products.
More informationInformation Security Services
Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual
More informationStrengthen security with intelligent identity and access management
Strengthen security with intelligent identity and access management IBM Security solutions help safeguard user access, boost compliance and mitigate insider threats Highlights Enable business managers
More informationSECUREAUTH IDP AND OFFICE 365
WHITEPAPER SECUREAUTH IDP AND OFFICE 365 STRONG AUTHENTICATION AND SINGLE SIGN-ON FOR THE CLOUD-BASED OFFICE SUITE EXECUTIVE OVERVIEW As more and more enterprises move to the cloud, it makes sense that
More informationIMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE
IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE Solution Brief SUMMARY New security threats demand a new approach to security management. Security teams need a security analytics architecture that can handle
More informationWRITTEN TESTIMONY OF
WRITTEN TESTIMONY OF KEVIN MANDIA CHIEF EXECUTIVE OFFICER MANDIANT CORPORATION BEFORE THE SUBCOMMITTEE ON CRIME AND TERRORISM JUDICIARY COMMITTEE UNITED STATES SENATE May 8, 2013 Introduction Thank you
More informationADAPTIVE USER AUTHENTICATION
ADAPTIVE USER AUTHENTICATION SMS PASSCODE is the leading technology in adaptive multi-factor authentication, improving enterprise security and productivity through an easy to use and intelligent solution
More informationModern two-factor authentication: Easy. Affordable. Secure.
Modern two-factor authentication: Easy. Affordable. Secure. www.duosecurity.com Your systems and users are under attack like never before The last few years have seen an unprecedented number of attacks
More informationKASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
More informationWHITEPAPER SECUREAUTH IDP DEVICE FINGERPRINTING LOW-FRICTION, BYOD AUTHENTICATION
WHITEPAPER SECUREAUTH IDP DEVICE FINGERPRINTING LOW-FRICTION, BYOD AUTHENTICATION Executive Overview The explosion of devices laptops, desktops and now the plethora of mobile devices has left enterprises
More informationSecurity Best Practices for Mobile Devices
Security Best Practices for Mobile Devices Background & Introduction The following document is intended to assist your business in taking the necessary steps needed to utilize the best security practices
More informationThe Hillstone and Trend Micro Joint Solution
The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry
More informationMalicious Websites uncover vulnerabilities (browser, plugins, webapp, server), initiate attack steal sensitive information, install malware, compromise victim s machine Malicious Websites uncover vulnerabilities
More informationThe Advanced Cyber Attack Landscape
The Advanced Cyber Attack Landscape FireEye, Inc. The Advanced Cyber Attack Landscape 1 Contents Executive Summary 3 Introduction 4 The Data Source for this Report 5 Finding 1 5 Malware has become a multinational
More informationAgenda. 3 2012, Palo Alto Networks. Confidential and Proprietary.
Agenda Evolution of the cyber threat How the cyber threat develops Why traditional systems are failing Need move to application controls Need for automation 3 2012, Palo Alto Networks. Confidential and
More informationSeven Things To Consider When Evaluating Privileged Account Security Solutions
Seven Things To Consider When Evaluating Privileged Account Security Solutions Contents Introduction 1 Seven questions to ask every privileged account security provider 4 1. Is the solution really secure?
More informationSpear Phishing Attacks Why They are Successful and How to Stop Them
White Paper Spear Phishing Attacks Why They are Successful and How to Stop Them Combating the Attack of Choice for Cybercriminals White Paper Contents Executive Summary 3 Introduction: The Rise of Spear
More informationThings To Do After You ve Been Hacked
Problem: You ve been hacked! Now what? Solution: Proactive, automated incident response from inside the network Things To Do After You ve Been Hacked Tube web share It only takes one click to compromise
More informationAddressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense
A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical
More informationTargeted Intrusion Remediation: Lessons From The Front Lines. Jim Aldridge
Targeted Intrusion Remediation: Lessons From The Front Lines Jim Aldridge All information is derived from MANDIANT observations in non-classified environments. Information has beensanitized where necessary
More informationSound Business Practices for Businesses to Mitigate Corporate Account Takeover
Sound Business Practices for Businesses to Mitigate Corporate Account Takeover This white paper provides sound business practices for companies to implement to safeguard against Corporate Account Takeover.
More informationIdentity and Access Management in the Commonwealth
Identity and Access Management in the Commonwealth Erik Avakian, CISSP, CISA, CISM, CGCIO Chief Information Security Officer Commonwealth of Pennsylvania eavakian@pa.gov William (Bill) Harrod, CISSP Cyber-Security
More informationSIEM is only as good as the data it consumes
SIEM is only as good as the data it consumes Key Themes The traditional Kill Chain model needs to be updated due to the new cyber landscape A new Kill Chain for detection of The Insider Threat needs to
More informationWhy Device Fingerprinting Provides Better Network Security than IP Blocking. How to transform the economics of hacking in your favor
Why Device Fingerprinting Provides Better Network Security than IP Blocking How to transform the economics of hacking in your favor Why Device Fingerprinting Provides Better Network Security than IP Blocking
More informationCompliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.
ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationCybersecurity and internal audit. August 15, 2014
Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices
More informationMulti-factor authentication
CYBER SECURITY OPERATIONS CENTRE (UPDATED) 201 (U) LEGAL NOTICE: THIS PUBLICATION HAS BEEN PRODUCED BY THE DEFENCE SIGNALS DIRECTORATE (DSD), ALSO KNOWN AS THE AUSTRALIAN SIGNALS DIRECTORATE (ASD). ALL
More informationIDENTITY SOLUTIONS: Security Beyond the Perimeter
IDENTITY SOLUTIONS: Security Beyond the Perimeter 2016 Cloud Security Alliance All Rights Reserved All rights reserved. You may download, store, display on your computer, view, print, and link to the Cloud
More informationThe FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED
The FBI Cyber Program Bauer Advising Symposium October 11, 2012 Today s Agenda What is the threat? Who are the adversaries? How are they attacking you? What can the FBI do to help? What can you do to stop
More informationDETECTING THE ENEMY INSIDE THE NETWORK. How Tough Is It to Deal with APTs?
A Special Primer on APTs DETECTING THE ENEMY INSIDE THE NETWORK How Tough Is It to Deal with APTs? What are APTs or targeted attacks? Human weaknesses include the susceptibility of employees to social
More informationWHITE PAPER Moving Beyond the FFIEC Guidelines
WHITE PAPER Moving Beyond the FFIEC Guidelines How Device Reputation Offers Protection Against Future Security Threats Table of Contents Introduction 1 The FFIEC Guidelines 2 Why Move Beyond Complex Device
More informationSECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal
WHITE PAPER SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM Why Automated Analysis Tools are not Created Equal SECURITY REIMAGINED CONTENTS Executive Summary...3 Introduction: The Rise
More informationDoyourwebsitebot defensesaddressthe changingthreat landscape?
WHITEPAPER Doyourwebsitebot defensesaddressthe changingthreat landscape? Don tletbotsturnaminorincident intoamegasecuritybreach 1.866.423.0606 Executive Summary The website security threat landscape has
More informationActive Response: Automated Risk Reduction or Manual Action?
SESSION ID: CRWD-01 Active Response: Automated Risk Reduction or Manual Action? sec ops dream Monzy Merza Chief Security Evangelist Splunk @monzymerza Agenda Active Response Drivers Facets of Active Response
More informationSecuring corporate assets with two factor authentication
WHITEPAPER Securing corporate assets with two factor authentication Published July 2012 Contents Introduction Why static passwords are insufficient Introducing two-factor authentication Form Factors for
More informationContent Security: Protect Your Network with Five Must-Haves
White Paper Content Security: Protect Your Network with Five Must-Haves What You Will Learn The continually evolving threat landscape is what makes the discovery of threats more relevant than defense as
More informationWHITEPAPER. How a DNS Firewall Helps in the Battle against Advanced Persistent Threat and Similar Malware
WHITEPAPER How a DNS Firewall Helps in the Battle against Advanced Persistent Threat and Similar Malware How a DNS Firewall Helps in the Battle against Advanced As more and more information becomes available
More informationEndpoint Threat Detection without the Pain
WHITEPAPER Endpoint Threat Detection without the Pain Contents Motivated Adversaries, Too Many Alerts, Not Enough Actionable Information: Incident Response is Getting Harder... 1 A New Solution, with a
More informationGaining the upper hand in today s cyber security battle
IBM Global Technology Services Managed Security Services Gaining the upper hand in today s cyber security battle How threat intelligence can help you stop attackers in their tracks 2 Gaining the upper
More informationVidder PrecisionAccess
Vidder PrecisionAccess Security Architecture February 2016 910 E HAMILTON AVENUE. SUITE 410 CAMPBELL, CA 95008 P: 408.418.0440 F: 408.706.5590 WWW.VIDDER.COM Table of Contents I. Overview... 3 II. Components...
More informationData Breach Lessons Learned. June 11, 2015
Data Breach Lessons Learned June 11, 2015 Introduction John Adams, CISM, CISA, CISSP Associate Director Security & Privacy 410.707.2829 john.adams@protiviti.com Powerful Insights. Proven Delivery. Kevin
More informationTake the cost, complexity and frustration out of two-factor authentication
Take the cost, complexity and frustration out of two-factor authentication Combine physical and logical access control on a single card to address the challenges of strong authentication in network security
More informationUnknown threats in Sweden. Study publication August 27, 2014
Unknown threats in Sweden Study publication August 27, 2014 Executive summary To many international organisations today, cyber attacks are no longer a matter of if but when. Recent cyber breaches at large
More informationRetail Security: Enabling Retail Business Innovation with Threat-Centric Security.
Retail Security: Enabling Retail Business Innovation with Threat-Centric Security. 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco public information. (1110R) 1 In the past
More informationTrends in Malware DRAFT OUTLINE. Wednesday, October 10, 12
Trends in Malware DRAFT OUTLINE Presentation Synopsis Security is often a game of cat and mouse as security professionals and attackers each vie to stay one step ahead of the other. In this race for dominance,
More informationIDENTITY MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region
IDENTITY MANAGEMENT February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationCisco Advanced Malware Protection for Endpoints
Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview With today s sophisticated malware, you have to protect endpoints before, during, and after attacks. Cisco Advanced Malware Protection
More informationEnterprise Cybersecurity: Building an Effective Defense
: Building an Effective Defense Chris Williams Scott Donaldson Abdul Aslam 1 About the Presenters Co Authors of Enterprise Cybersecurity: How to Implement a Successful Cyberdefense Program Against Advanced
More informationA Love Affair: Cyber Security, Big-data and Risk
A Love Affair: Cyber Security, Big-data and Risk Mark Seward, Senior Director Security and Compliance, Splunk Inc. Professional Techniques - Session 31 Security what s at stake On average, organizations
More informationKEY STEPS FOLLOWING A DATA BREACH
KEY STEPS FOLLOWING A DATA BREACH Introduction This document provides key recommended steps to be taken following the discovery of a data breach. The document does not constitute an exhaustive guideline,
More informationThe Global Attacker Security Intelligence Service Explained
White Paper How Junos Spotlight Secure Works The Global Attacker Security Intelligence Service Explained Copyright 2013, Juniper Networks, Inc. 1 Table of Contents Executive Summary...3 Introduction...3
More informationDRIVE-BY DOWNLOAD WHAT IS DRIVE-BY DOWNLOAD? A Typical Attack Scenario
DRIVE-BY DOWNLOAD WHAT IS DRIVE-BY DOWNLOAD? Drive-by Downloads are a common technique used by attackers to silently install malware on a victim s computer. Once a target website has been weaponized with
More informationIntelligent Security Design, Development and Acquisition
PAGE 1 Intelligent Security Design, Development and Acquisition Presented by Kashif Dhatwani Security Practice Director BIAS Corporation Agenda PAGE 2 Introduction Security Challenges Securing the New
More informationADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief
ADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS Adaptive Authentication in Juniper SSL VPN Environments Solution Brief RSA Adaptive Authentication is a comprehensive authentication platform providing
More informationGetting real about cyber threats: where are you headed?
Getting real about cyber threats: where are you headed? Energy, utilities and power generation companies that understand today s cyber threats will be in the best position to defeat them June 2011 At a
More informationTop 5 Reasons to Choose User-Friendly Strong Authentication
SOLUTION BRIEF: USER-FRIENDLY STRONG AUTHENTICATION........................................ Top 5 Reasons to Choose User-Friendly Strong Authentication Who should read this paper This executive brief asserts
More informationCyberArk Privileged Threat Analytics. Solution Brief
CyberArk Privileged Threat Analytics Solution Brief Table of Contents The New Security Battleground: Inside Your Network...3 Privileged Account Security...3 CyberArk Privileged Threat Analytics : Detect
More informationITAR Compliance Best Practices Guide
ITAR Compliance Best Practices Guide 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: International Traffic in Arms Regulations
More informationThe Top 7 Ways to Protect Your Data in the New World of
The Top 7 Ways to Protect Your Data in the New World of Shadow IT and Shadow Data Brought to you by Elastica and Centrify Introduction According to research conducted by Elastica, most companies use over
More informationPreparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE
More information900 Walt Whitman Road, Suite 304 Melville, NY 11747 Office: 631-230-5100
W E P R O V I D E Cyber Safe Solutions was designed and built from the ground up to help organizations across multiple verticals to defend against modern day attacks. Unlike other security vendors that
More informationSophistication of attacks will keep improving, especially APT and zero-day exploits
FAQ Isla Q&A General What is Isla? Isla is an innovative, enterprise-class web malware isolation system that prevents all browser-borne malware from penetrating corporate networks and infecting endpoint
More informationMODERN THREATS DRIVE DEMAND FOR NEW GENERATION MULTI-FACTOR AUTHENTICATION
Whitepaper MODERN THREATS DRIVE DEMAND FOR NEW GENERATION MULTI-FACTOR AUTHENTICATION A SURVEY SHOWS THAT 90% OF ALL COMPANIES HAD BEEN BREACHED IN THE LAST 12 MONTHS. THIS PAIRED WITH THE FACT THAT THREATS
More informationWho Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015
Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders
More informationSession 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness
Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness Wayne A. Wheeler The Aerospace Corporation GSAW 2015, Los Angeles, CA, March 2015 Agenda Emerging cyber
More informationTrustDefender Mobile Technical Brief
TrustDefender Mobile Technical Brief Fraud Protection for Native Mobile Applications TrustDefender Mobile from ThreatMetrix is a lightweight SDK library for Google Android and Apple ios mobile devices.
More informationModern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth
Modern Cyber Threats how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure Axel Wirth Healthcare Solutions Architect Distinguished Systems Engineer AAMI 2013 Conference
More informationAB 1149 Compliance: Data Security Best Practices
AB 1149 Compliance: Data Security Best Practices 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: AB 1149 is a new California
More informationWHITEPAPER. Fraud Protection for Native Mobile Applications Benefits for Business Owners and End Users
Fraud Protection for Native Mobile Applications Benefits for Business Owners and End Users Table of Contents How TrustDefender Mobile Works 4 Unique Capabilities and Technologies 5 Host Application Integrity
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationGOING BEYOND BLOCKING AN ATTACK
Websense Executive Summary GOING BEYOND BLOCKING AN ATTACK WEBSENSE TRITON VERSION 7.7 Introduction We recently announced several new advanced malware and data theft protection capabilities in version
More informationWhite Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES. By James Christiansen, VP, Information Risk Management
White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES By James Christiansen, VP, Information Risk Management Executive Summary Security breaches in the retail sector are becoming more
More informationWebsense Data Security Gateway and Citrix NetScaler SDX Platform Overview
Websense Data Security Gateway and Citrix NetScaler SDX Platform Overview 2 The next generation of SDX platform provides the foundation for further integration. Today, Citrix NetScaler SDX appliances enable
More informationIdentity Centric Security: Control Identity Sprawl to Remove a Growing Risk
Identity Centric Security: Control Identity Sprawl to Remove a Growing Risk John Hawley VP, Security CA Technologies September 2015 Today s Theme: Preparing for the Adversary How to Prepare Your Organization
More information