Cybersecurity Module 2: Trends in Malware - Joshua McCloud Malware issues (00:24)
|
|
- Shona Lawrence
- 7 years ago
- Views:
Transcription
1 Cybersecurity Module 2: Trends in Malware - Joshua McCloud Malware issues (00:24) Historical malware examples (00:24) So I think a lot of you are here, undoubtedly, because you've been hearing about everything that's been going on with malware. We, every week practically, hear something in the news about somebody who was attacked, somebody who's lost money, somebody whose reputation has been compromised, and some very sophisticated piece of malware is behind it. I'd like to review some of the most recent high-level events that we've seen in these terms. So if we go back a couple of years, not even that far back, you probably remember one of the most significant attacks involving malware in probably recent history. This is incredibly sophisticated. This happened in Iran to their Natanz Nuclear Processing Facility where they take, you know, low-grade uranium fuel, enrich it into high-grade, and they were attacked by a virus, which came to be known as Stuxnet. This was something that was developed by the U.S. government and Israel, as it was later attributed, but they've never formally admitted to it, but all the evidence seems to point in that direction. And this was extremely sophisticated, because this malware was customized for that specific environment in the nuclear processing facility in Iran, and how they got it into that environment certainly required more than just computer hacking. It required a lot of human intelligence, perhaps compromising people, espionage agents, and malware was just one part of it that was ultimately used to destroy some of the centrifuges there. If we fast-forward a little bit, look at more of a corporate example, the offices of RSA, a security company, were compromised not too long ago. A lot of you may know RSA. They're a company that develops various security products, one of them being these one-time secure password tokens. So if you use it-- if you have a bank where you have to enter a one-time PIN before you log in, that all comes from RSA, and one of the things that happened to RSA is, one of their employees received an with an Excel document attached to it, and that Excel document had a piece of malware attached to it. The malware infected the computer, spread into the network, and eventually compromised the proprietary algorithm that RSA uses for these one-time PIN generations. Now, the consequences of this attack are pretty far-reaching, and we don't know everything that may have come out of it. One thing that is thought is that the compromise of these PINs allowed people to get into Lockheed Martin's infrastructure and steal blueprints for some military projects. So the consequences here can be incredibly serious Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Page 1 of 15
2 Even more recently, the Saudi Arabian oil industry was compromised. You may have heard of this attack known as Shamoon, and this is a virus that infected around 30,000 workstations inside Aramco and did a range of things, from stealing information, providing remote backdoor access to the computers. It was a pretty comprehensive penetration, and we're not exactly sure, though there is speculation, what the ultimate goal of this attack was. Was it simply to disrupt their operations, or is there something larger at stake? And that feeds into one of the most recent high-profile attacks that we've seen within the past couple of weeks. A company known as Telvent, based in Canada, was attacked by an unknown virus, an unknown piece of malware. They believe that some Chinese hackers were behind it, a group known as the Comment Group, but all of this is fairly vague. What they do know is that the malware was able to steal some blueprints to software that they use for controlling systems, industrial control systems known as SCADA, and what the ultimate aim of this attack is is unknown. It could be that the information will be used in a subsequent attack. And all of this is a growing problem, not just in its severity but in our ability to deal with it. Scope of malware issue (03:57) If we look at some of the statistics, we're only capturing about 50%-- 53% of the malware out there, so of all the downloads that we're doing, only about 53% of it is being caught by our antivirus, our firewall, our intrusion protection systems. 47%, roughly, is going unnoticed. On average, every day, we're seeing two new pieces of malware appear. That means something that has never been seen before. Now, there are a number of statistics on this that you sometimes see out there. You will hear very often the antivirus industry saying, "We're seeing thousands and thousands, like, 12,000 new pieces of malware a day." That's--that's a slightly misleading statistic, because, in fact, what they're mostly seeing is modifications to existing malware, maybe something that is changed slightly in the code or some functionality that's been augmented, but if we look at actual brand-new pieces of malware, we're getting about two per day, but that's still a lot. That's over 700 per year. And these are doing things that haven't been done before, and it's dangerous, because when we look at the breaches, security breaches out there, so, like, 49% of those security breaches involve some form of malware, so they're-- they're crucial to the attacks. And it's just growing exponentially. A statistic I recently saw: over the past year, the number of domains issuing malware has grown by over 200%. So we're not catching it. It's a significant threat. We're not catching as much as we need to be, and it's a problem that's very much growing. So we haven't really properly defined malware yet. There are a lot of definitions out there Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Page 2 of 15
3 What is malware? (05:39) Definition (05:39) I pulled this one up from Wikipedia, and I think it does a pretty good job of capturing what this is about. Malware is short for malicious software. It's an agglutination of those two words there, and critically, what it's used to do is disrupt computer operations, gather sensitive information, or gain access to some private infrastructure. Now, when we think about malware, there are a number of key characteristics that can define its behavior. Key characteristics (06:04) It's software that is designed to infect a system. That means to find some vulnerabilities inside that system, get inside, and establish a foothold that allows it to do something, usually nefarious. Malware's designed to conceal itself. The longer it can stay on the system and hide itself from detection, the more effectively it can do its job. It obviously proliferates, and in more modern circumstances, we're seeing it proliferate in a lot more effective ways. That means it gets inside a machine, it infects it, it hides itself, and then it copies itself to another machine, spreading and looking for information and other things that it can compromise. And compromising is ultimately what the malware is all about. It's trying to get in there and understand what secrets you might have, what information it can exfiltrate, and get that out. And who knows, again, what the end goal is for this malware? Some people use it to steal passwords. Some people use it to steal blueprints. Other people use it as a way of stealing money. There are many angles, and those angles are growing because of the nature of malware. As I say, you know, malware is designed to do a number of different things, but there are actually various subcategories of malware. Subcategories (07:20) Malware is a general, broad term, but if we look more specifically, there are terms within that describe particular behavior of malware. Here you have a list of general types of malware. So viruses, viruses are malware that attach themselves to other things. So it may attach itself to a spreadsheet or to an application and uses that as a vehicle to infect a system. A worm is a type of malware that is capable of doing the infection and the spreading all on its own, so it is a self-sustaining program that's written to get into a system and propagate itself. Trojan horse is a type of malware that usually masquerades as something else. So somebody may try to convince you that your system has a virus on it, and in order to inoculate yourself, you need to download a software package, when it turns out that, in fact, that software that you downloaded to get rid of the virus actually contains malware. And this is something we see a lot about out there, 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Page 3 of 15
4 people using what we describe as social engineering techniques, compromising people's naiveté or uncertainty about the information they receive in an and getting them to click a link that takes them to a bad location, and they ultimately download something malicious. Rootkit is a type of malware that very specifically focuses on opening up access to a machine so that somebody remotely can control it or take information off there, and spyware is a little bit of a variant of that where it's a type of malware designed to spy on the system, to monitor it, to see what type of activities are going on. And adware is not necessarily the most nefarious thing out there. It's usually a piece of malware that gets onto a system and displays advertisements, whether you want them or not. All of these are types of malware. They perform specific functions, but oftentimes, they're used in conjunction with each other. In fact, one piece of malware can incorporate a number of these different functions. One of the challenges in malware is understanding, as I've talked before, what is the purpose? Players/purpose/goal (09:25) What is the goal behind this malware? And that very much depends on who's using it. In the past, I think we would largely think of malware in terms of some hacker or super intelligent person who's written this software to go out there and crack into super secret sites. Certainly that still goes on out there, but malware, in many ways, is increasingly a means to an end. When we talk about the Stuxnet example that was very sophisticated, advanced malware pre-created by a wellfunded government, the United States and the Israeli government. What was their purpose? Was their purpose just to hack in to the Iran facilities and see what was going on? Or did they have a more strategic aim, to prevent, perhaps, Iran from getting nuclear weapons? So malware, in that case, was a means to an end, and governments see this as a form of warfare. In fact, they describe it as the fifth dimension of warfare. You have land, sea, air, space, and now cyberspace, the cyber dimension. Organized crime is getting very big behind malware. When it comes to organized crime, you know, generally, they don't care how they make money. They just care that they do make money. So organized crime will get into drugs, human trafficking, prostitution, arms distribution, all of these things. Well, if there's money to be made someplace, they will go into that as well, and increasingly, organized crime is involved in malware activities. And they've got a range of very sophisticated businesses around this. One, for example, is that if you have a piece of malware that you've written, but you, perhaps, don't have the wherewithal to get it distributed-- you want somebody else who has a network or who has ideas on how to distribute it to do it for you-- you can approach certain companies which will take your malware, and for a fee, for every, you know, X number of workstations it gets installed on, 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Page 4 of 15
5 you pay them. And you can pay them more if they get it installed on workstations, let's say, in high-security areas or in countries like the U.S. versus China versus Russia, et cetera. Terrorists are also leveraging malware. It may not just be for direct attacks. They oftentimes will use malware to gain funds in order to conduct their operations, and not too long ago, this was revealed with an Indonesian terrorist organization known as, I believe, Islamic-- Jemaah Islamiyah, where it was revealed that they were using malware and hacking techniques to get money by compromising AT&T's network, which was then funneled into terrorist activities. And we certainly see a lot of activists who develop and use malware. In fact, many activists are really doing it to draw attention to a cause. And then, of course, there's a catchall category we might call opportunists, people who are unscrupulous, who just want to find a way to make a quick buck, who want to test out their skills. But these-- this broader landscape of actors has complicated the creation of malware and what it's ultimately being used for. What are the end goals? And the work that each of these different communities is doing on malware feeds into other people. So if an activist creates a piece of malware for one purpose, there's nothing to stop an organized crime organization for using that malware for their purposes or even the government using the networks built by organized crime for their purpose. There's an example that I think is really interesting that stands out in this case. In 2007, the Estonian government decided to relocate a Russian war memorial, and that was followed by several days of riots and protests. And then after that, they came under a large and sustained Denial of Service attack, which is an attack where a lot of computers which are under the control of somebody-- this is known as a botnet-- was used to send traffic to the various government websites, then caused that website to come down. It is thought that this network of botnets was developed by an organized crime organization, and then the Russian government borrowed it temporarily in order to use it for this particular type of attack. So you can see, there's a very complex interrelationship growing between the people behind the malware and how they're developing that malware out there. But malware is not necessarily something new. It's something that's been around for a while. It's-- from the earliest days, I think one of the earliest pieces of malware, at least that's widely known, is the Morris worm. That came out in 1998, and it was very sophisticated for its time. It was a piece of software as a worm that was designed to probe a computer system for vulnerabilities-- a port that's open-- using some things known as Remote Procedure Calls and then get itself onto that system. And then after it infects that system, it would start to overwrite the memory of the system, getting the system essentially to run the code that the worm has contained in itself. And from that, that system would then become infected and further propagate the worm Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Page 5 of 15
6 Flash forward to 2001, a pretty popular virus known as Nimda started to use a more sophisticated technique for infecting machines. It would use scams, things known as phishing, where you try to convince somebody that what they've got is a legitimate sent to them by a legitimate person, and attached to that is something they want you to click on. And so Nimda would use those vectors, and it would download itself onto a PC, overwrite system files, and open up the system for administrative control to somebody outside the network. Going forward, in 2005, we saw an interesting case of malware, and this is one that I don't think started out initially as malware, but it really turned into a type of malware. In 2005, Sony, trying to deal with copy protection for their CDs, put some software on their music CDs such that when a person installed that CD in a computer, this software would be copied onto the computer, and the purpose of the software was to keep people from copying the music, but what it did is, it opened up certain vulnerabilities on the system. And as hackers out there found out about this software and what it did, it gave them the ability to hack into the system and take a degree of control of it. So this was not necessarily designed to be malware, but because of the vulnerabilities it created, it ended up, in a sense, becoming a type of malware. And these are just a few of the examples. Literally, you could spend days and days talking about high-profile attacks, different types of malware. What's clear, as you can see from the graph, is that over time, the complexity and the consequences of malware have gotten more significant. So when we look at today, modern malware, it's off the charts how complex and how focused it is. Modern malware (16:24) Let's just take a look inside modern malware, and we can see some really interesting, sophisticated characteristics. One thing about modern malware is that it's become extremely targeted. If we think back to Stuxnet, that piece of malware, that was very specifically targeted to a particular environment. If that malware was able to get inside a particular type of network and knew what it was looking for, something called a programmable logic control built by Siemens-- so a specific device by a specific manufacturer in a specific configuration-- and if it found that, it would go into attack mode, but if it didn't, it wouldn't. So it obviously takes a lot for somebody to write that, but increasingly, instead of just writing a general piece of malware and throwing it out there, people are spending the time to figure out what it is they want to go after and then write the malware to specifically go after that. Another thing we see in malware today, which is pretty baffling-- it's something known as-- they've become polymorphic. Now, this is just a fancy name, because, you know, in the industry, we sometimes like to have fancy names to make it seem like what we're doing is complicated or difficult. "Polymorphic" really just means "better." Something changes itself-- that it changed itself on the outside or the inside, that over time, this is something that has the ability to selfchange. And that's one of the things we're seeing with modern malware, that 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Page 6 of 15
7 every time malware gets installed and propagates, it changes. It does this sometimes by changing how it's encrypted. A lot of modern malware will encrypt itself so that people can't figure out what's going on with it. Oh, was there a note there? Okay, sorry to keep-- sorry. Somebody just passed me a note, and I'm trying to juggle a couple things. So, you know, as it gets into a system, it will oftentimes encrypt itself so that people can't-- reverse engineering it-- reverse engineer it and figure out what's going on. And then when it gets copied to another machine, it will re-encrypt itself in a different way so that each time the essential functionality of the malware remains the same, but to outside appearances, it looks the same. I'm sorry. It looks different. It looks like a completely new piece of malware. So ultimately, we have to really be concerned about that, because that is doing a good job of evading what, you know, we're trying to do in terms of defending it. Modern malware is also very persistent. It has a way of not only copying itself to a lot of different systems but also getting itself on there-- Looks like my camera angle has just been changed here, so I'm going to try to deal with this. It's different here, so I apologize for that. So one of the things is that modern malware has a good way of obscuring its presence on infrastructure. It will oftentimes obscure the fact that it's running by fooling the system into thinking that it's actually not running. If you look at the processes on the system, you won't see that there's this extra piece of software there. It will cloak itself by using standard file naming conventions, hiding itself, and then take what's called a low and slow approach to propagation, which means that it won't send out a burst of network activity. It will send little bits of traffic out, trying to find weaknesses in the environment, and copy itself in a way that won't, hopefully, you know, on its case, raise itself to the level of detection. And the other thing is that modern malware is increasingly part of what's known as a botnet, meaning it's under some type of remote control. And this means that somebody has installed malware on a number of different machines out there. Those machines have become bots or slaves, and they report back to and communicate with a centralized command and control server. And this is incredibly powerful. It gives people the ability to direct the activities of a whole fleet of systems out there. It gives them the ability to update the malware itself. So, you know, if somebody's written a signature to discover it out there, they can say, "Uh-oh, I need to make changes to this malware here, so let me push out an update." So with all of these changes in malware, the other thing that we have to think about is that malware is not just necessarily used alone for a particular purpose. Increasingly, we are seeing malware used with other activities to form a wider integrated attack. We can very often characterize an attack by a series of steps, and in each of these steps, malware may or may not be used Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Page 7 of 15
8 First step, very often, is that somebody will scout a particular environment. They also call this fingerprinting. This is trying to find out what systems are inside that environment. What's going on? What are the potential avenues of attack or vulnerability? Malware may or may not be used in this, but this can just be one part of attack, not the attack itself. And then the next step is often some type of infiltration. So once the malware has figured out the environment out there, it tries to find a way in. And there are some really clever ways that people have found to get around traditional security systems. Why sit there and try to hack through a firewall or some type of other security system when you can get inside their network in a completely different way? One way that we've heard about is at conferences. We all sometimes go to IT conferences, and we visit vendors' booths, and a lot of times, those vendors will have giveaways, like USB sticks. Well, some people have gone up to those vendors' booths and left behind some USB sticks. So somebody comes along. They pick it up. They connect it to their laptop, and unbeknownst to them, a malicious piece of software got copied to their hard drive. And the next time they go into the office, that malware has an open door into the infrastructure. No complicated hacking going on. Of course, then once it gets into the environment, the malware needs to spread. It needs to spread both from a resilience perspective but also because it needs to be able to find vulnerabilities. Depending on what the end goal of the malware is, it's looking for high-value targets, maybe internal servers with proprietary information, financial details. And then ultimately, somewhere out of that is the attack. And as I say, ultimately, it's hard to know what the actual attack is. It could be to disrupt a nuclear power plant or a control facility. It could be to exfiltrate information. But the important thing is, we don't just need to focus on the attack itself. Increasingly, we need to look at the pattern that constitutes the integrated attack, because all along this chain, malware may or may not be used, and it's not necessarily the attack that we're seeing out there. Defense against malware (23:14) So this may seem pretty grim, you know, when we talk about the sophistication of malware and this kind of cat-and-mouse game, each trying to stay ahead of each other, the security researchers trying to get ahead of malware, and the virus and malware writers finding a new way around it. It can be quite a difficult task for how to deal with this, but what's important is not just the technology that we have in place. Certainly, we do need things like antivirus software, firewalls, intrusion protection devices, and new generation devices that do some pretty nifty things. What's important is to have a more modern approach to how we deal with the malware problem, recognizing that it's not simply a technology issue. One of the first key fundamental things to approaching how we can secure ourselves in our-- in this environment is to take what we describe as an architectural perspective Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Page 8 of 15
9 Now, I'm not gonna go into much detail, but I will give you an understanding of what this is. But, you know, from a quick sense, architecture is about taking a broader view of the challenge that you're faced with, not simply looking at things in terms of a technology problem that requires a technology solution but thinking from the business as well. What are you trying to achieve, and what are the different ways, including technology, you can about achieving it? Another key thing is to begin to look differently at how we approach the threat. I'm gonna talk about this in just a bit, but increasingly, intelligence is becoming a key asset for addressing the malware problem and also having greater context on the information about the threats out there. And then finally, we need to be able to protect the infrastructure as it serves the purposes of the business, because the infrastructure is out there for businesses to conduct their activities. People need to access information and access their , and we need to be able to keep that secure, and increasingly, that security requires automation and needs to be policy-based. So let's look at each of these approaches in turn. And one thing I want to emphasize here: I'm not gonna talk about any specific technology or product. That's not the purpose of the session. The purposes of this is really to help you understand what malware is, the challenge it poses, and then how we can address it through approaches. There are products and solutions out there, and we will certainly go over those in subsequent sessions, but I want you to understand the bigger picture. Part of that bigger picture is taking the architectural view. Architectural perspective (25:34) An architecture really defines an approach. It's about how you look at a problem from a broader perspective and a higher-level view. When we think about security, protecting ourselves from malware, what is the purpose of what we're doing out there? I think some people may have looked at this and said, "Well, the goal of our security is to eliminate vulnerability inside of our network." Now, that sounds like a good goal, but does that goal necessarily guarantee security? Because you may find out that you've eliminated all the vulnerabilities in your network, but yet somebody's found a backdoor way to do it. So are you secure? Have you achieved your goal? With an architectural approach, one of the most important starting places is by defining, what is your goal? What are you trying to do? Are you just trying to eliminate vulnerabilities, or are you trying to keep sensitive information from being compromised? Are you trying to protect valuable assets? Are you trying to prevent the disruption of a nuclear power facility? You really have to start with thinking of security in terms of your end goals before you start to go down the road of, "What products, what solutions, and what processes do I need to undertake?" From goals, then we need to look at how we can realize and implement those goals in a particular environment. Hold on a second. Sorry. My laptop just froze for a second. And this is the area of policy 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Page 9 of 15
10 and governance. This is, again, more at the business level, but this is how we translate our goals into something that functions within the business. So policy is really the rules of the business. What are you allowed to do, and what are you not allowed to do? And governance is about how you put those into place and make sure that they're being implemented effectively. So if we try to achieve our security goals, we certainly have to have policies, things that define how people are allowed to use the infrastructure, what they're allowed to do when they're inside of the network, and then ways to check that that behavior is being honored and respected. And, of course, we need operations, because technology alone does not make us secure. People, processes, technology, and other things together need to be combined in an operational way that allows people to implement the policy and the governance rule that ultimately achieve our goal. And at the end of it, then ultimately, we will have some sort of underlying infrastructure, and that infrastructure that we really need has to be a platform. And when we talk about a platform, what we mean is an end-to-end capability, not a collection of individual devices but something that is connected, that has the ability to share information, that provides a feel of trust, meaning that this device does what it's supposed to do, and you have a high degree of confidence in that, that it's resilient, because it's not just a question of blocking attacks. We get attacked, and we will get attacked in the future. The question is, can we withstand the attack? And how does the platform play a role in ensuring that level of resiliency? And then increasingly, having visibility throughout our infrastructure-- we need to be able to see what's going on in all locations and all times in order to really understand if our network is being used for the purpose-- network and infrastructure-- is being used for the purpose it intended and if we're achieving our security goals. Now, I recognize this is a little bit high-level, and some of you may not be familiar with architecture or the concept and the various ways of going about doing it, but conceptually, it's really just about taking a broader view of the picture and not thinking solely in terms of technology and product as the way to solve this challenge. Intelligence-led and contextual (29:16) Now, the next issue has to do with one of the innovative ways we can approach this challenge. So we've got architecture, which helps to guide what we do, but we also need some advanced tools and capabilities, given the complexity and sophistication of modern malware. One of the things that, you know, has historically been the approach to dealing with security threats, whether it's malware, viruses, all sorts of things, is to look 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Page 10 of 15
11 for what we know about, right? If you know about a virus, you write a signature that will then look for that virus in your environment. That works great if you know what you're looking for, but as we mentioned, modern malware is very sneaky. It changes itself. It hides itself. So we can't necessarily rely solely on these signature-based methods. What we need is a way of trying to get ahead of the problem, because once we find something in our environment, in many ways, it may be too late. We've already been attacked. How do we prevent this from happening? How do we, you know, close the barn doors, essentially, before the horse gets out, if you're familiar with that inspection-- the expression. And this is where the role of intelligence comes in. What I'd like to show you here is a graph that a colleague of mine came up with, and I think it's a great way of illustrating the value of intelligence and what it means to dealing with modern malware. Here we see two lines in this graph. The vertical line is capacity, which describes our capacity to deal with certain situations. And the normality line, the horizontal line, describes, you know, how normal things are on a day-to-day basis. So we wake up. We have our breakfast. We go to the office. We have lunch. We come home, dinner, go to bed. All of those things are normal activities. But when an event happens, suddenly we're thrown out of this normal environment. And let's say that this event is some type of catastrophic attack on a power facility. Somebody's used malware to attack the power facility, brought it down, and the consequence is-- is that, let's say, at the hottest time of year, there's no electricity or cooling for residents in a city. That will take us away from the normality line, and it will also impact our capacity in two ways. In one way, it will require us to increase the amount of resources we use to address the situation. So suddenly, we're going to involve law enforcement. We're going to involve emergency responders. We're gonna be throwing a lot of resources at the problem as this event occurs. And then, of course, as the problem is addressed and things start to return to normality, then we'll see a reduction in the amount of resources we deploy. But conversely, at the same time that we're hit by this event, our capacity to respond and deal with emergency situations is reduced, because if our resources are deployed in one place, then we can't address another situation. Everything that we talk about on this side of the line of the normality curve describes essentially how we approach security today. It's about responding to it, finding that virus, and recovering from it, cleaning it and disinfecting it, and this is obviously not enough. What we need to try to do is get ahead of this curve, and everything ahead of this curve is what we generally describe as intelligence. And that's about anticipating the attack or tackling it far upstream before we get hit. And all of these activities are why intelligence agencies exist Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Page 11 of 15
12 And what they do is, they plan. They try to think about, "What are the consequences if somebody took a power facility off-line?" They analyze situations. Who could be behind this? What could they possibly be trying to do? And what can we do to perhaps prevent that from happening? And they monitor. They look for things that are telltale signs that an attack may be coming. Everything on this side of the normality line can be described as the stages of preventing and preparing for an attack. And I would say we now increasingly need to balance between the two sides. In our security approach, we focus largely on impact reduction, trying to keep something from happening. When it happens, we deal with it, and then we clean up afterwards, but more and more, we need to focus on the left side, risk reduction where we leverage intelligence, which is collecting information about the outside environment, about what other people are seeing, analyzing it, and it's using it in a way that gives us some indication of what might be coming so we can tackle it far upstream, which means that we don't have to deal with the cost and the degradation of capacity when this event happens. Now, context plays into this as well. As you notice, I mention two things, intelligence and context. Now, this is in a way that I like to talk about context. You see before you a split screen, and on either side of the screen, you see two figures. Some of you may look at these two figures and say, "Well, what I'm seeing on both sides is a letter." Some of you may look at it and say, "What I'm seeing on both sides is a number." Well, you may be right. You may not. There's really no way to be certain just by looking at these two things, but when we bring in context, suddenly, we've shed some light on what's going on. We can now make a better determination of what we're seeing, so that it turns out what's on the left side of the screen is actually a letter, the letter B, and what's on the right side of the screen is actually a number, the number 13. And this is where context comes in into the role of intelligence in a modern approach. Just looking at the signatures or the core piece of malware out there is no longer enough, because malware hides itself. We need to look at the context of it, and that means looking at, what workstation is this malware getting installed on potentially? Who is using this workstation? What do they have access to? And what is the broader behavior surrounding this malware? Since the malware is increasingly operating across the network, we can see certain behaviors that we might describe as anomaly, and increasingly, by finding these anomalous behaviors, these things that are outside of the normal scope of things, we can develop a level of context that tells us if we're really finding malware. So this is one of the key approaches. We need to be able to bring together intelligence, which is information outside of the traditional scope of what we're trying to protect so that we can get ahead of the problem, and then context, which is all sorts of information in our-- in our infrastructure that can maybe give 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Page 12 of 15
13 us a clue as to what we're seeing and whether or not that is something that's anomalous. When you bring these things together, we develop a new level of insight that is beyond simply looking for what we already know. It's about looking for things before they happen to us and finding things that are unknown but perhaps are anomalous and out of context in our environment. And this brings us to the third core. Automated and policy-based (36:04) We've talked about a high-level approach based on architecture, looking at the broader goals and the operations around how you secure yourself, looking at the role of intelligence and context and how that can help us prevent and uncover malware, but ultimately, the business still needs to function. It--the infrastructure is out there for a purpose, for people to conduct their day-to-day activity. Now, when we think about traditional security, it's been very much about building static perimeters. People put things in place, security controlled, and then they fit people into little boxes or devices into little boxes. So, for example, we determine that only certain users are allowed access to the infrastructure. We say that they can only use certain devices on that infrastructure. There are only certain ways that they can connect to that infrastructure, maybe only through the office headquarters. And then the resources that they're allowed to access are limited as well. This maybe has served us well for a period of time, but the problem is, this doesn't reflect the reality of modern business. The reality is that all of these things have left the perimeter. They're, in many ways, outside the static perimeter that we built. So users are no longer just the users who work at the company. Sometimes they are partners. Sometimes they are contractors. Sometimes they are guests visiting your network, and they want to get access to the network. Devices are no longer just the thing that IT issues you. If you've heard of bring-- the Bring Your Own Device movement or Bring Your Own Application, now everybody, in many cases, is using whatever kind of device they want to use, an Apple laptop, an Intel PC, an iphone, an ipad, et cetera. IT doesn't necessarily have control over what you use. And they have less control over how you access the infrastructure. It's not just about connecting from the headquarters location. You may be on the road. You may be at a Starbucks. You may be someplace that IT wouldn't normally expect you to connect from, but you still need to get access to that information. And information itself, the resources you want to access, that's also moved outside of the static perimeter. With the advent of virtualization and cloud computing, we now see our information being pushed into new locations running on public clouds or community clouds. So in all of these cases, the idea of having a static perimeter not only doesn't work in protecting us. It doesn't serve the business. So what we need to do is, in many ways, refix the perimeter, and this is where automation and a policy-based approach come in Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Page 13 of 15
14 In many ways, we could say the modern perimeter is not a static perimeter. It's not just firewalled computers and devices. In modern circumstances, the modern perimeter is identity and policy. And what that means is the ability to know what's on your network, what, who is connecting to your network, and how it's being used across all of the different devices in your infrastructure and at all the different layers, the application layer, the network layer, the device layer. Identity and policy is about being able to know, first of all, who is connecting to your infrastructure? Being able to literally identify that to a person and know, is this person somebody who belongs on our network? And what resources and rights do they have? What permissions and access do they have on the infrastructure? What kind of device is being used? How are they accessing the infrastructures? We need to know if it's an Android-based device, an ios-based device, a PC, a Macintosh, what have you, and what type of hardware is it running on. And again, policy gives us a level of control over permitting or denying that use. Also, where are people connecting from, and when are they connecting? Are they connecting from the office or from a remote location, during business hours or outside of business hours? And then ultimately, what are they trying to get access to? The information about being able to identify each of these, know what they are, and associate them with a policy is what is the modern perimeter, because this is what allows us to draw dynamic boundaries over interactions so that you can say, "This person is allowed to access the infrastructure "using this device in this location to get access to that resource." Monitor it, and control it. So we very much now rely on identity and policy as the modern boundary or the perimeter rather than simply locking everything down and ensuring that our security controls are very static. So we've covered a lot of territory here, and, of course, there's a lot more that we can go into, but the key thing I want to impress upon you is that though malware is a growing problem-- it's growing in sophistication; it's becoming more complicated, more targeted; the actors behind it are becoming broader in their goals, perhaps more undeterminable-- even though it's a growing problem out there, we don't need to lose hope. What we need to do is adjust our approach to how we deal with this situation, and as I've mentioned, it's not just about technology. In fact, technology, in many ways, is the final thing we bring in after we have done a lot of other things, and that means taking an architectural approach where we start with, what are the goals? What are we trying to achieve? How are we gonna put those goals, if there's a goal, in an achievable way into practice in the business? How are we gonna run the operations to make sure we're doing secure things? And then ultimately, of course, use the correct infrastructure to secure ourselves. One thing I want to make clear: I'm in no way saying that we're getting rid of old security infrastructure, antivirus, firewall, intrusion protection. These all serve a 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Page 14 of 15
15 very important, crucial piece in the overall security puzzle. What we need to do is augment it by adding certain capability such as leveraging intelligence and context so that we start looking for information that helps us get ahead of the problem, that gives us a risk mitigation approach rather than simply a vulnerability capture or elimination, that allows us to look at the problem not solely as one individual thing but how that thing appears in context in a way that will tell us whether or not we actually have a problem. And then, of course, drawing perimeters that support the business, that allow the business to be secure, but support the way people work in the modern world, and identity and policy are the bases. So with all of this said, you know, what I really want to emphasize is that it's not just about modern technology and modern network infrastructure, modern design. It's about a modern approach and using all of these capabilities and this new perspective to really deal with the challenge we see in malware. With that, I'd like to thank you very much, and I will turn it back over to my colleague Emma for wrap-up Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Page 15 of 15
Trends in Malware DRAFT OUTLINE. Wednesday, October 10, 12
Trends in Malware DRAFT OUTLINE Presentation Synopsis Security is often a game of cat and mouse as security professionals and attackers each vie to stay one step ahead of the other. In this race for dominance,
More informationTop Ten Cyber Threats
Top Ten Cyber Threats Margaret M. McMahon, Ph.D. ICCRTS 2014 Introduction 2 Motivation Outline How malware affects a system Top Ten (Simple to complex) Brief description Explain impacts Main takeaways
More informationDesktop and Laptop Security Policy
Desktop and Laptop Security Policy Appendix A Examples of Desktop and Laptop standards and guidelines 1. Implement anti-virus software An anti-virus program is necessary to protect your computer from malicious
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationWhy a Network-based Security Solution is Better than Using Point Solutions Architectures
Why a Network-based Security Solution is Better than Using Point Solutions Architectures In This Paper Many threats today rely on newly discovered vulnerabilities or exploits CPE-based solutions alone
More informationTop 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath
ebook Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath Protecting against downstream fraud attacks in the wake of large-scale security breaches. Digital companies can no longer trust static login
More informationBeyond the Hype: Advanced Persistent Threats
Advanced Persistent Threats and Real-Time Threat Management The Essentials Series Beyond the Hype: Advanced Persistent Threats sponsored by Dan Sullivan Introduction to Realtime Publishers by Don Jones,
More informationFighting Advanced Threats
Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.
More informationMalware & Botnets. Botnets
- 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationDefending Against Cyber Attacks with SessionLevel Network Security
Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive
More informationIMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE
IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE Solution Brief SUMMARY New security threats demand a new approach to security management. Security teams need a security analytics architecture that can handle
More informationAddressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave
More informationSecurity Architecture: From Start to Sustainment. Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013
Security Architecture: From Start to Sustainment Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013 Security Architecture Topics Introduction Reverse Engineering the Threat Operational
More informationCisco Advanced Malware Protection for Endpoints
Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview With today s sophisticated malware, you have to protect endpoints before, during, and after attacks. Cisco Advanced Malware Protection
More informationFORBIDDEN - Ethical Hacking Workshop Duration
Workshop Course Module FORBIDDEN - Ethical Hacking Workshop Duration Lecture and Demonstration : 15 Hours Security Challenge : 01 Hours Introduction Security can't be guaranteed. As Clint Eastwood once
More informationSecure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines
Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines 1. Implement anti-virus software An anti-virus program is necessary to protect your computer from malicious programs,
More informationContact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:
Malicious software About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for
More informationOPC & Security Agenda
OPC & Security Agenda Cyber Security Today Cyber Security for SCADA/IS OPC Security Overview OPC Security Products Questions & Answers 1 Introduction CYBER SECURITY TODAY The Need for Reliable Information
More informationSymantec Advanced Threat Protection: Network
Symantec Advanced Threat Protection: Network DR150218C April 2015 Miercom www.miercom.com Contents 1.0 Executive Summary... 3 2.0 Overview... 4 2.1 Products Tested... 4 2.2. Malware Samples... 5 3.0 How
More informationInternet threats: steps to security for your small business
Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential
More informationBoston University Security Awareness. What you need to know to keep information safe and secure
What you need to know to keep information safe and secure Introduction Welcome to Boston University s Security Awareness training. Depending on your reading speed, this presentation will take approximately
More informationModule 5: Security Intelligence: Tracking a Global Threat (45 min) - Rush Carskadden Diversity of Attacks (0:15)
Module 5: Security Intelligence: Tracking a Global Threat (45 min) - Rush Carskadden Diversity of Attacks (0:15) So again, starting off, just a little bit of background on Security Intelligence Operations
More informationHow to build and use a Honeypot. Ralph Edward Sutton, Jr. DTEC 6873 Section 01
How to build and use a Honeypot By Ralph Edward Sutton, Jr DTEC 6873 Section 01 Abstract Everybody has gotten hacked one way or another when dealing with computers. When I ran across the idea of a honeypot
More informationIntrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks
Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323
More informationCisco Advanced Malware Protection. Ross Shehov Security Virtual Systems Engineer March 2016
Cisco Advanced Malware Protection Ross Shehov Security Virtual Systems Engineer March 2016 The Reality Organizations Are Under Attack and Malware Is Getting in 95% of large companies targeted by malicious
More informationMobile Devices and Malicious Code Attack Prevention
Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com WHITE PAPER Malicious Code and Mobile Devices: Best Practices for Securing Mobile Environments Sponsored
More informationIncident Response. Six Best Practices for Managing Cyber Breaches. www.encase.com
Incident Response Six Best Practices for Managing Cyber Breaches www.encase.com What We ll Cover Your Challenges in Incident Response Six Best Practices for Managing a Cyber Breach In Depth: Best Practices
More information2012 Bit9 Cyber Security Research Report
2012 Bit9 Cyber Security Research Report Table of Contents Executive Summary Survey Participants Conclusion Appendix 3 4 10 11 Executive Summary According to the results of a recent survey conducted by
More informationUnknown threats in Sweden. Study publication August 27, 2014
Unknown threats in Sweden Study publication August 27, 2014 Executive summary To many international organisations today, cyber attacks are no longer a matter of if but when. Recent cyber breaches at large
More informationSecurity A to Z the most important terms
Security A to Z the most important terms Part 1: A to D UNDERSTAND THE OFFICIAL TERMINOLOGY. This is F-Secure Labs. Learn more about the most important security terms with our official explanations from
More informationCarbon Black and Palo Alto Networks
Carbon Black and Palo Alto Networks Bring Together Next-Generation Endpoint and Network Security Solutions Endpoints and Servers in the Crosshairs of According to a 2013 study, 70 percent of businesses
More informationBBBT Podcast Transcript
BBBT Podcast Transcript About the BBBT Vendor: The Boulder Brain Trust, or BBBT, was founded in 2006 by Claudia Imhoff. Its mission is to leverage business intelligence for industry vendors, for its members,
More informationA Case for Managed Security
A Case for Managed Security By Christopher Harper Managing Director, Security Superior Managed IT & Security Services 1. INTRODUCTION Most firms believe security breaches happen because of one key malfunction
More informationSymantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team
Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................
More informationCompliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's:
Security.01 Penetration Testing.02 Compliance Review.03 Application Security Audit.04 Social Engineering.05 Security Outsourcing.06 Security Consulting.07 Security Policy and Program.08 Training Services
More informationCisco Advanced Malware Protection
Solution Overview Cisco Advanced Malware Protection Breach Prevention, Detection, Response, and Remediation for the Real World BENEFITS Gain unmatched global threat intelligence to strengthen front-line
More informationTLP WHITE. Denial of service attacks: what you need to know
Denial of service attacks: what you need to know Contents Introduction... 2 What is DOS and how does it work?... 2 DDOS... 4 Why are they used?... 5 Take action... 6 Firewalls, antivirus and updates...
More informationWhat is Really Needed to Secure the Internet of Things?
What is Really Needed to Secure the Internet of Things? By Alan Grau, Icon Labs alan.grau@iconlabs.com The Internet of Things (IoT) has become a ubiquitous term to describe the tens of billions of devices
More informationTeradata and Protegrity High-Value Protection for High-Value Data
Teradata and Protegrity High-Value Protection for High-Value Data 03.16 EB7178 DATA SECURITY Table of Contents 2 Data-Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:
More informationdefending against advanced persistent threats: strategies for a new era of attacks agility made possible
defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been
More informationEnergy Cybersecurity Regulatory Brief
Energy Understand the regulations that impact the energy industry and accelerate information security initiatives. Contents Overview 3 A Highly Vulnerable Energy Industry 4 Key Regulations to Consider
More informationScott Lucas: I m Scott Lucas. I m the Director of Product Marketing for the Branch Solutions Business Unit.
Juniper Networks Next Generation Security for a Cybercrime World Lior Cohen Principal Solutions Architect Scott Lucas Director of Product Marketing, Branch Solutions Service Layer Technologies Business
More informationProcess Solutions. Staying Ahead of Today s Cyber Threats. White Paper
Process Solutions White Paper Staying Ahead of Today s Cyber Threats Executive Summary In an age where ubiquitous flash drives can become precision-guided munitions and a serious security breach is a single,
More informationThe Leading Provider of Endpoint Security Solutions
The Leading Provider of Endpoint Security Solutions Innovative Policies to Defend Against Next-Generation Threats Conrad Herrmann CTO and Co-Founder Zone Labs, Inc. Network Security Is an Uphill Battle
More informationSymantec Protection Suite Enterprise Edition for Servers Complete and high performance protection where you need it
Complete and high performance protection where you need it Overview delivers high-performance protection against physical and virtual server downtime with policy based prevention, using multiple protection
More informationLoophole+ with Ethical Hacking and Penetration Testing
Loophole+ with Ethical Hacking and Penetration Testing Duration Lecture and Demonstration: 15 Hours Security Challenge: 01 Hours Introduction Security can't be guaranteed. As Clint Eastwood once said,
More informationProtecting Organizations from Cyber Attack
Protecting Organizations from Cyber Attack Cliff Glantz and Guy Landine Pacific Northwest National Laboratory (PNNL) PO Box 999 Richland, WA 99352 cliff.glantz@pnnl.gov guy.landine@pnnl.gov 1 Key Topics
More informationPENETRATION TESTING GUIDE. www.tbgsecurity.com 1
PENETRATION TESTING GUIDE www.tbgsecurity.com 1 Table of Contents What is a... 3 What is the difference between Ethical Hacking and other types of hackers and testing I ve heard about?... 3 How does a
More informationA New Layer of Security to Protect Critical Infrastructure from Advanced Cyber Attacks. Alex Leemon, Sr. Manager
A New Layer of Security to Protect Critical Infrastructure from Advanced Cyber Attacks Alex Leemon, Sr. Manager 1 The New Cyber Battleground: Inside Your Network Over 90% of organizations have been breached
More informationViruses, Worms, and Trojan Horses
Viruses, Worms, and Trojan Horses Be a Power Reader Make Personal Connections As you read this article, think to yourself, How can I apply this knowledge? How will what I m learning be useful to me? You
More informationWebsite Maintenance Information For My Clients Bob Spies, Flying Seal Systems, LLC Updated: 08- Nov- 2015
Website Maintenance Information For My Clients Bob Spies, Flying Seal Systems, LLC Updated: 08- Nov- 2015 This document has several purposes: To explain what website maintenance is and why it's critical
More informationSpear Phishing Attacks Why They are Successful and How to Stop Them
White Paper Spear Phishing Attacks Why They are Successful and How to Stop Them Combating the Attack of Choice for Cybercriminals White Paper Contents Executive Summary 3 Introduction: The Rise of Spear
More informationRecommended Practice Case Study: Cross-Site Scripting. February 2007
Recommended Practice Case Study: Cross-Site Scripting February 2007 iii ACKNOWLEDGEMENT This document was developed for the U.S. Department of Homeland Security to provide guidance for control system cyber
More informationThe FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED
The FBI Cyber Program Bauer Advising Symposium October 11, 2012 Today s Agenda What is the threat? Who are the adversaries? How are they attacking you? What can the FBI do to help? What can you do to stop
More informationSECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal
WHITE PAPER SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM Why Automated Analysis Tools are not Created Equal SECURITY REIMAGINED CONTENTS Executive Summary...3 Introduction: The Rise
More informationAdvanced & Persistent Threat Analysis - I
Advanced & Persistent Threat Analysis - I Burak Ekici ekcburak@hotmail.com Department of Computer Engineering, Yaşar University, Turkey. April 21, 2012 Burak Ekici (Dept. of Comp. Eng.) Advanced & Persistent
More informationTop tips for improved network security
Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a
More informationDRIVE-BY DOWNLOAD WHAT IS DRIVE-BY DOWNLOAD? A Typical Attack Scenario
DRIVE-BY DOWNLOAD WHAT IS DRIVE-BY DOWNLOAD? Drive-by Downloads are a common technique used by attackers to silently install malware on a victim s computer. Once a target website has been weaponized with
More informationWHITE PAPER. Understanding How File Size Affects Malware Detection
WHITE PAPER Understanding How File Size Affects Malware Detection FORTINET Understanding How File Size Affects Malware Detection PAGE 2 Summary Malware normally propagates to users and computers through
More informationPenetration Testing Walkthrough
Penetration Testing Walkthrough Table of Contents Penetration Testing Walkthrough... 3 Practical Walkthrough of Phases 2-5... 4 Chose Tool BackTrack (Armitage)... 5 Choose Target... 6 Phase 2 - Basic Scan...
More informationApplying machine learning techniques to achieve resilient, accurate, high-speed malware detection
White Paper: Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection Prepared by: Northrop Grumman Corporation Information Systems Sector Cyber Solutions Division
More informationCisco RSA Announcement Update
Cisco RSA Announcement Update May 7, 2009 Presented by: WWT and Cisco Agenda Cisco RSA Conference Announcements Collaborate with Confidence Overview Cisco s Security Technology Differentiation Review of
More informationComprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)
Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware
More informationBE SAFE ONLINE: Lesson Plan
BE SAFE ONLINE: Lesson Plan Overview Danger lurks online. Web access, social media, computers, tablets and smart phones expose users to the possibility of fraud and identity theft. Learn the steps to take
More informationCisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media
January 2012 Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media January 2012 All contents are Copyright 1992 2012 Cisco Systems, Inc. All rights reserved. This document
More informationPerspectives on Cyber Security Strategies & Tactics
Perspectives on Cyber Security Strategies & Tactics Joshua Schmookler, Passaic County NJ MIS Department Security Administrator Micah Hassinger, Bergen County NJ Communications Director of Information Technology
More informationCYBERSPACE SECURITY CONTINUUM
CYBERSPACE SECURITY CONTINUUM A People, Processes, and Technology Approach to Meeting Cyber Security Challenges in the 21 st Century 1 InterAgency Board 1550 Crystal Drive Suite 601, Arlington VA 22202
More informationLifecycle Solutions & Services. Managed Industrial Cyber Security Services
Lifecycle Solutions & Services Managed Industrial Cyber Security Services Around the world, industrial firms and critical infrastructure operators partner with Honeywell to address the unique requirements
More informationMalware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime
How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime sponsored by Introduction
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationAdvanced Persistent Threats
White Paper INTRODUCTION Although most business leaders and IT managers believe their security technologies adequately defend against low-level threats, instances of (APTs) have increased. APTs, which
More informationWHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform
WHITE PAPER Cloud-Based, Automated Breach Detection The Seculert Platform Table of Contents Introduction 3 Automatic Traffic Log Analysis 4 Elastic Sandbox 5 Botnet Interception 7 Speed and Precision 9
More informationNext Generation Tech-Talk. Cloud Based Business Collaboration with Cisco Spark
Next Generation Tech-Talk Cloud Based Business Collaboration with Cisco Spark 2 [music] 00:06 Phil Calzadilla: Hello, hello! Welcome. This is Phil Calzadilla founder and CEO of NextNet Partners, and I'd
More informationAddressing the Full Attack Continuum: Before, During, and After an Attack. It s Time for a New Security Model
White Paper Addressing the Full Attack Continuum: Before, During, and After an Attack It s Time for a New Security Model Today s threat landscape is nothing like that of just 10 years ago. Simple attacks
More informationPatrick Gray Principal Security Strategist DATA SECURITY CHALLENGES IN THE ALL TOO PUBLIC AND NOT SO PRIVATE SECTORS
Patrick Gray Principal Security Strategist DATA SECURITY CHALLENGES IN THE ALL TOO PUBLIC AND NOT SO PRIVATE SECTORS I want you to take home four points Understand Educate Collaborate Prepare It s a great
More informationPractical Steps To Securing Process Control Networks
Practical Steps To Securing Process Control Networks Villanova University Seminar Rich Mahler Director, Commercial Cyber Solutions Lockheed Martin Lockheed Martin Corporation 2014. All Rights Reserved.
More informationBig Data Analytics in Network Security: Computational Automation of Security Professionals
February 13, 2015 Big Data Analytics in Network Security: Computational Automation of Security Professionals Stratecast Analysis by Frank Dickson Stratecast Perspectives & Insight for Executives (SPIE)
More informationQUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY
QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY EXPLOIT KITS UP 75 PERCENT The Infoblox DNS Threat Index, powered by IID, stood at 122 in the third quarter of 2015, with exploit kits up 75 percent
More informationE-BUSINESS THREATS AND SOLUTIONS
E-BUSINESS THREATS AND SOLUTIONS E-BUSINESS THREATS AND SOLUTIONS E-business has forever revolutionized the way business is done. Retail has now a long way from the days of physical transactions that were
More informationAgenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka
Taxonomy of Botnet Threats Trend Micro Inc. Presented by Tushar Ranka Agenda Summary Background Taxonomy Attacking Behavior Command & Control Rallying Mechanisms Communication Protocols Evasion Techniques
More informationSeven Strategies to Defend ICSs
INTRODUCTION Cyber intrusions into US Critical Infrastructure systems are happening with increased frequency. For many industrial control systems (ICSs), it s not a matter of if an intrusion will take
More informationDEC. 2015. Next Generation Security with Endpoint Detection and Response WHITE PAPER
DEC. 2015 Next Generation Security with Endpoint Detection and Response WHITE PAPER Table of Contents Endpoint Compromise a Sad State of Reality... 3 Traditional Endpoint Anti-virus Isn t Getting It Done...
More informationWhat Do You Mean My Cloud Data Isn t Secure?
Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there
More informationWhatWorks in Detecting and Blocking Advanced Threats:
WhatWorks in Detecting and Blocking Advanced Threats: A Real Case Study at a Large Research Organization with WhatWorks is a user-to-user program in which security managers who have implemented effective
More informationWelcome To The L.R.F.H.S. Computer Group Wednesday 27 th November 2013
Welcome To The L.R.F.H.S. Computer Group Wednesday 27 th November 2013 BACKUP SECURITY AND THE CLOUD BACK UP ALWAYS BACK UP TO AN EXTERNAL DEVICE OR REMOVAL MEDIA- NEVER DIRECTLY ON TO YOUR COMPUTER IF
More informationTop five strategies for combating modern threats Is anti-virus dead?
Top five strategies for combating modern threats Is anti-virus dead? Today s fast, targeted, silent threats take advantage of the open network and new technologies that support an increasingly mobile workforce.
More informationCovert Operations: Kill Chain Actions using Security Analytics
Covert Operations: Kill Chain Actions using Security Analytics Written by Aman Diwakar Twitter: https://twitter.com/ddos LinkedIn: http://www.linkedin.com/pub/aman-diwakar-ccie-cissp/5/217/4b7 In Special
More information1. Any email requesting personal information, or asking you to verify an account, is usually a scam... even if it looks authentic.
Your identity is one of the most valuable things you own. It s important to keep your identity from being stolen by someone who can potentially harm your good name and financial well-being. Identity theft
More informationEndpoint protection for physical and virtual desktops
datasheet Trend Micro officescan Endpoint protection for physical and virtual desktops In the bring-your-own-device (BYOD) environment, protecting your endpoints against ever-evolving threats has become
More informationWhat's the difference between spyware and a virus? What is Scareware?
What's the difference between spyware and a virus? What is Scareware? Spyware and viruses are both forms of unwanted or malicious software, sometimes called "malware." You can use Microsoft Security Essentials
More informationIntroducing IBM s Advanced Threat Protection Platform
Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM
More information+GAMES. Information Security Advisor. Be a Human Firewall! The Human Firewall' s Top Concerns in the Cyber, People & Physical Domains
Information Security Advisor December 2015 Be a Human Firewall! The Human Firewall' s Top Concerns in the Cyber, People & Physical Domains +GAMES Spot the insider & Human firewall Filtering EXerCISE Good
More information3 Email Marketing Security Risks. How to combat the threats to the security of your Email Marketing Database
3 Email Marketing Security Risks How to combat the threats to the security of your Email Marketing Database Email Marketing Guide June 2013 Security Threats PROTECTING YOUR EMAIL DATABASE FROM HACKERS
More informationCyber Security: Beginners Guide to Firewalls
Cyber Security: Beginners Guide to Firewalls A Non-Technical Guide Essential for Business Managers Office Managers Operations Managers This appendix is a supplement to the Cyber Security: Getting Started
More informationSECURING YOUR SMALL BUSINESS. Principles of information security and risk management
SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and
More informationContent Security: Protect Your Network with Five Must-Haves
White Paper Content Security: Protect Your Network with Five Must-Haves What You Will Learn The continually evolving threat landscape is what makes the discovery of threats more relevant than defense as
More informationThe Four-Step Guide to Understanding Cyber Risk
Lifecycle Solutions & Services The Four-Step Guide to Understanding Cyber Risk Identifying Cyber Risks and Addressing the Cyber Security Gap TABLE OF CONTENTS Introduction: A Real Danger It is estimated
More information24/7 Visibility into Advanced Malware on Networks and Endpoints
WHITEPAPER DATA SHEET 24/7 Visibility into Advanced Malware on Networks and Endpoints Leveraging threat intelligence to detect malware and exploitable vulnerabilities Oct. 24, 2014 Table of Contents Introduction
More informationTaking a Proactive Approach to Patch Management. B e s t P r a c t i c e s G u i d e
B e s t P r a c t i c e s G u i d e It s a fact of business today: because of the economy, most organizations are asking everyone, including the IT staff, to do more with less. But tight budgets and the
More information