CSEC Cyber Threat Capabilities

Size: px
Start display at page:

Download "CSEC Cyber Threat Capabilities"

Transcription

1 1*1 Communications Security Centre de la sécurité T 0 P SECRET//COMINT//REL TO FVEY CSEC Cyber Threat Capabilities SIGINT and ITS: an end-to-end approach Préserver la sécurité du Canada par la supériorité de l'information Canada

2 T O p Communications Security Centre de la sécurité SECRET//COMINT//REL TO FVEY " ~ 'jii'wwbmmmmml^m '''' iihliih WB'il'm" IBIIIi'l Cyber Security What do we mean by Cyber? - Detection / Discovery and Tracking of State-Sponsored Hacking - Counter-intelligence Reporting / Mitigation Advice and Defence against Cyber Threats SIGINT Detects Cyber Activity - Access Canadian and Allied collection to discover and track covert networks (counter-intelligence) IT Security Defends against Cyber Activity - Sensors Government of Canada networks to identify malicious activity and enhance defences Préserver la sécurité du Canada par la supériorité de l'information Canada

3 I ^ I Communications Security Centre de la sécurité TOP SECRET//COMINT//REL TO FVEY Comprehensive Cyber Capabilities Processing and Enrichment Protocol Analysis Crypt Attack Selection and Filtering Data Repositories Intelligence Canada Internet 0 Network Analysis Cyber Analysis Counter Intelligence Knowledge Transfer Threat Evaluation Canada

4 I ^ I Communications Security Centre de la sécurité TOP SECRET//COMINT//REL TO FVEY H.. ~~~ ' The Grand Challenge - Detection EONBLUE is the cyber threat detection sensor developed and deployed in SIGINT and ITS - Cyber threat tracking (signature-based detection) - Cyber threat discovery (anomaly-based detection) A 6+ year effort that incorporates the best of breed detection algorithms/technology in collaboration with our 5-eyes partners - Based on classified knowledge - Scales to major ISP network speeds (10G) - Enables rapid prototyping to adapt to ever changing threats Préserver la sécurité du Canada par la supériorité de l'information Canada

5 ^ Communications Security Centre de la sécurité SECRET//COMINT//REL TO FVEY T 0 P The Cyber Landscape Adversaries and Targets - Operate globally - Varying degrees of sophistication - Constantly changing tools and techniques Detection / Discovery - Tools must operate at all network speeds - Deep Packet Inspection at scale - Targeting tradecraft / protocols vs. individuals - We must live' in cyber space Préserver la sécurité du Canada par la supériorité de l'information Canada 5

6 1*1 Communications Security Centre de la sécurité SECRET//COMINT//REL TO FVEY T 0 P Vhihí Why is Cyber Critical? «Nodong Missile Range: 1300km fi Type: Ballistic h Korea Taepodong Missile Range: 2900km Type: Multistage Pay load: Nuclear Desktop PC Range: Type: IBM Pay load: DDoS Cost: 500$

7 ^ Communications Security Centre de la sécurité SECRET//COMINT//REL TO FVEY T O P Working in Cyber Space Tools must adapt constantly / quickly - Signature based targeting - Metadata analytics - Custom tradecraft for discovery Would I do a better job from my PC at home? - Enhance / Enable collaboration - Adopt Internet technologies on our Classified networks SKYPE / Web 2.0 / Video Chat / Google Apps / etc - Centralize our 'cyber' analytics CyberDMZ Préserver la sécurité du Canada par la supériorité de l'information Canada

8 ^ Communications Security Centre de la sécurité TOP SECRET//COMINT//REL TO FVEY m u i : WÊÊÊÊÊÊÊÊÊÊaËgB^rnnr rri " SEEDSPHERE - Discovery EONBLUE anomaly detection utilities isolate network anomalies - Discover network beacons in Warranted full-take collection Knowledge developed is shared with CNE - During CNE activities, implant is found to be cohabitating - Implant is copied to CSEC HQ for reverse engineering IT Security detects SEEDSPHERE attacks against Government of Canada weekly Préserver la sécurité du Canada par la supériorité de l'information Canada

9 ^ Communications Security Centre de la sécurité SECRET//COMINT//REL TO FVEY T O P Repositories - At Collection Site Global Access is pushing tradecraft to the front-end of access - 50 terabytes of high speed storage - Processing over 125GB/hour of HTTP metadata Cluster throughput (File system) 400 Mb& 06/11 06/14 06/16 06/18 06/ /26 Inbound Outbound 09/1? 08/14 06/15 06/16 06/17 06/14 06/19 06/20 08/21 06/22 08/23 06/24 06/25 Black Line: Total data into the Cluster "Blue Line: Data Outbound from SAN 08/11 06/14 06/16 06/ /23 06/25 Data deduplication at sight results in much > system. u S er Total better use of limited bandwidth Préserver la sécurité du Canada par la supériorité de l'information Data into the cluster is balanced across multiple nodes. Each color denotes a separate node, automatically dividing the load amongst all systems Canada

10 Communications Security Centre de la sécurité TOP SECRET//COMINT//REL TO FVEY Cyber Repositories In 2009 an average of 112,794 IP traffic items related to cyber threat collected each day from Canadian and Allied sources Traditional SIGINT sources prove invaluable in cyber threat analysis - Travel Tracking Databases used to attribute CNE activity along with SMS collection IT Security domestic sensors store 300TB of full-take - Equivalent to 'months' of traffic - Enables historical analysis and anomaly detection In 2009 IT Security domestic sensors enable 95 mitigation actions Préserver la sécurité du Canada par la supériorité de l'information Canada 10

11 1 * 1 Communications Security Centre de la sécurité SECRET//COMINT//REL TO FVEY T 0 P WÊÊÊmm F: Network Analysis I497j IIJ Internet Initiative Japan Inc. NRCNET-AS -NätiDnä- ResearchCouncil ofcanada SAWIS - Sawis NAP-THREE -RA-NflP DNDCFNEÎ'2 Department of NationalDefence/DISEM

12 1 * 1 Communications Security Establishment Canada T 0 P Centre de la sécurité SECRET//COMINT//REL TO FVEY des télécommunications Canada Cyber Analysis Préserver la sécurité du Canada par la supériorité de l'information Canada

13 1 * 1 Communications Security Centre de la sécurité SECRET//COMINT//REL TO FVEY T 0 P Mitigation Direct protection of GC systems and information M Government of Canada Cleanup / Strengthen - Prevention and response activity 4 u c <D o - Leverage SIGINT and 5 Eyes intelligence, complemented by our own GC domestic sensor capabilities Systems of Importance - Report: Actionable technical mitigation reports provided to client's IPC Cyber threat situational awareness reports provided to departments - CSEC review of incidents against systems of importance - CSEC analysts deployed to capture technical evidence to develop/support mitigation activity - CSEC information is merged with all-source cyber threat activities to create complete picture of cyber threats Préserver la sécurité du Canada par la supériorité de l'information Canada

14 I ^ I Communications Security Centre de la sécurité TOP SECRET//COMINT//REL TO FVEY Positioning for the future Today from RESPONSE to ACTION Tommorrow Préserver la sécurité du Canada par la supériorité de l'information V_ydX lcxcld,

15 1 ^ 1 Communications Security Centre de la sécurité SECRET//COMINT//REL TO FVEY T 0 P I Synchronized SIGINT / ITS Mission Space

16 1 * 1 Communications Security Establishment Canada Centre de la sécurité T0P SECRET//COMINT//RELTOFVEY TOP SECRET//COMINT//REL TO FVEY des télécommunications Canada Situational Awareness ZZZZ3 SA is: - The perception of environmental elements within a volume of space and time The comprehension of their meaning Projection of their status in the near future Insight - the capacity to understand hidden truths In the Cyber Context: - Gathering and enabling access to cyber information Event Metadata / Event Content / Near Real-Time Exchange - Data mining of cyber information to create understanding in broader context - Predict our adversaries actions based on this knowledge " oo, ; vsi ii^v&v^ OO! 1 oo -- ' V^'oÎVIÎ.^»" 1 -'*» N. 1 oni ~ ~,* "rp.vlîsf ÏJ # i-* VùWiMÊn / i ir* w y v * Préserver la sécurité du Canada par la supériorité de l'information Canada

17 1 * 1 Communications Security Centre de la sécurité TOP SECRET//COWHNT//REL TO FVEY Cyber Session Collection : Victim Computer CNE Actor Canada

18 m.m Communications Security Centre de la sécurité TOP SECRET//COMINT//REL TO FVEY H H M H I I M ' ^ Enabled by Sydney Resolution ITS Event Store f ITS Analyst ; \, Photonic Prism y EONBLUE NRT Alerting Engine Decision Logic SIGINT Analyst SIGINT Store Préserver la sécurité du Canada par la supériorité de l'information Canada 18

19 ZLTZZ Tipping and Cueing (Why) SIGINT - data volumes/network speeds impose severe temporal restrictions on collection (use it or lose it) - ability to extend cyber target tracking across all 5-Eyes accesses and/or analytic event stores instead of just domestic - global aperture - ability to uncover covert overlay networks - cyber session collection? Uncover tradecraft/binaries/exploit vectors... CND - network edge vs. network core (microscope vs. telescope) - enable mitigation of cyber exploitation and/or attack (dynamic defence) - facilitate indications and warning - can SIGINT provide me with the true threat picture in NRT? Could we detect "test firing" of new tools/techniques? - collaborative defence - can my partners see malicious activity in SIGINT against networks I need to protect? Can they tell me in NRT? Préserver la sécurité du Canada par la supériorité de l'information Canada 19

20 ^ Communications Security Centre de la sécurité TOP SECRET//COMINT//REL TO FVEY SIGINT -> ITS Tipping Sample of CNO tips provided to ITS from SIGINT SSO on May 05, DS800 SEEDSPHERE DS800 SEEDSPHERE DS800 SEEDSPHERE DS800 SEEDSPHERE DS800 SEEDSPHERE DS800 SEEDSPHERE DS800 SUPERDRAKE DS800 SEEDSPHERE DS800 SUPERDRAKE DS800I SEEDSPHERE The Network Name is: The Network Name is: The Network Name is: The Network Name is: The Network Name is: Canadian house of commons environment Canada federal office of regional development (quebec) forestry Canada public works and government services Canada Préserver la sécurité du Canada par la supériorité de l'information

21 ^ Communications Security Centre de la sécurité SECRET//COMINT//REL TO FVEY T O P Dynamic Defense All elements acting as one Defence at: - Network Edge (ITS) Localized/tailored mitigation (e.g. blocking, binary neutering, redirection) Focused response to ongoing and potential threats - Network Core (SIGINT) Global mitigation possible (e.g. redirection, null routing, filtering) Large scale (but still focused!) response to ongoing and potential threats - Adversary Space (CNE) Reconnaissance - probe/explore/learn adversarial network space Co-habitate covert network infrastructure for info gathering, tool extraction, etc Préserver la sécurité du Canada par la supériorité de l'information Canada

22 1*1 Communications Security Centre de la sécurité SECRET//COMINT//REL TO FVEY T 0 P CNE/CNA Cyber Activity Spectrum SECRET//COMINT CNE Implant OPSEC Monitoring CNE Pursuit - Recover Binarles / etc - CNE Pursuit - implant Adversary Infrastructure - CNE Insertion CNE Disruption - Control Adversary Infrastructure - CNE Disruption - Disable Adversary Infrastructure - CNA - Destroy Adversary infrastructure - Deception Techniques DARKSPACE Leverage SSO for I&W - Honey Token - Deploy In GoC / Track In SIGINT - Honeypot - Deploy in GoC / Track in SIGINT - Honey net - Deploy in GoC / Track in SIGINT - False Flag Operations - create unrest - Effects - Alter adversary perception - Passive SIGINT Techniques Network Monitoring (Tracking Known) - international - Network Monitoring (Discovery) - international No 2-End CDN Rlter Network Monitoring (Tracking Known) - domestic - Network Monitoring (Discovery) - domestic - O o 3 Dynamic Defence Technologies In-line IP Blacklisting Domain Name System Control (redirection / disruption / etc) Traffic Alteration (inbound i.e. Neuter malware) Traffic Redirection (Inbound I.e. quarantine traffic) Traffic Alteration (outbound i.e. insert malware) Host Based Defence O Red Teaming Defensive Implant (OPSEC Monitoring) Network Monitoring Techniques Network Monitoring (Tracking Known) Network Monitoring (Discovery) QRC (Lightweight Network Sensor) Commercial / Industry / Relationships Dept Resp Commercial Defence (Anti-Virus / Firewall / ETC) Influence Technology (provide Signature to AV) Supply Chain Political Demarche Defensive Operation Passive Operation Active Operation

23 1*1 Communications Security Centre de la sécurité T 0 P SECRET//COMINT//REL TO FVEY : HHBHI Dynamic Defense Scenarios Rules Engine Canada

24 ^ Communications Security Centre de la sécurité TOP SECRET//COMINT//REL TO FVEY Next Steps. Synchronize SIGINTand ITS Mission Alignment with Cyber Strategy Funding Joint Approach for Domestic Partners Recruitment and Staffing for Growth Joint Capabilities Development (Sensors and Analytics) Consider Legislative Amendments Develop Career Framework International Tipping and Cueing Interoperability Policy Coordination S-Eyes Interoperability and Policy Préserver la sécurité du Canada par la supériorité de l'information Canada

25 ^ Communications Security Centre de la sécurité SECRET//COMINT//REL TO FVEY T O P If you build it... thev will come y * % K ^ M i M 1 Rather Than Préserver la sécurité du Canada par la supériorité de l'information

26 1+1 Communications Security Centre de la sécurité T 0 P SECRET//COMINT//REL TO FVEY CSEC Cyber Threat Capabilities SIGINT and ITS: an end-to-end approach Safeguarding Canada s security through information superiority Préserver la sécurité du Canada par la supériorité de l'information Canada

27 ^ Communications Security Centre de la sécurité T ^ T 0 P SECRET//COMINT//REL TO FVEY S Cyber Security What do we mean by Cyber? - Detection / Discovery and Tracking of State-Sponsored Hacking - Counter-intelligence Reporting / Mitigation Advice and Defence against Cyber Threats SIGINT Detects Cyber Activity - Access Canadian and Allied collection to discover and track covert networks (counter-intelligence) IT Security Defends against Cyber Activity - Sensors Government of Canada networks to identify malicious activity and enhance defences Préserver la sécurité du Canada par la supériorité de l'information Canada

28 JÉU Communications Security Centre de la sécurité SECRET//COMINT//REL TO FVEY T 0 P T Comprehensive Cyber Capabilities / ^ f t l Selection.and Filtering e! y «Processing h o Ch x ^. and Ennchment Protocol Analysis Crypl Attack O r V, Intelligence Network Analysis Cyber Analysis t Counterintelligence Knowledge Transfer Threat Evalualion Canada Speak: (GA4) - Added output to the 5-Eyes which is labelled as Knowledge Transfer (mention the sharing of tradecraft / techniques / tools / etc) - Mention how analytic work load is split among parnters

29 ^ Communications Security Centre de la sécurité SECRET//COMINT//REL TO FVEY T 0 P The Grand Challenge - Detection EONBLUE is the cyber threat detection sensor developed and deployed in SIGINT and ITS - Cyber threat tracking (signature-based detection) - Cyber threat discovery (anomaly-based detection) * A 6+ year effort that incorporates the best of breed detection algorithms/technology in collaboration with our 5-eyes partners - Based on classified knowledge - Scales to major ISP network speeds (10G) - Enables rapid prototyping to adapt to ever changing threats Safeguarding Canada s security through informationsuperiority C^' 1 n ' 1 r i o Préserver la sécurité du Canada par la supériorité de l'information V_/ci.I lci.vj.ci_ Speaker: - Message is commercial is not enough 4

30 Communications Security Centre de la sécurité T 0 P SECRET//COMINT//REL TO FVEY The Cyber Landscape Adversaries and Targets - Operate globally - Varying degrees of sophistication - Constantly changing tools and techniques Detection / Discovery - Tools must operate at all network speeds - Deep Packet Inspection at scale - Targeting tradecraft / protocols vs. individuals - We must 'live' in cyber space Préseiver la sécurité du Canada par la supériorité de l'information Canada

31 JÉU Communications Security Centre de la sécurité T 0 P SECRET//COMINT//REL TO FVEY T Why is Cyber Critical? Nodong Missile Range: 1300km Type: Ballistic th Korea Taepodong Missile Range: 2900km Type: Multistage Payload: Nuclear Desktop PC Range: Type: IBM Payload: DDoS Cost: 500$ Hi

32 1 ^ 1 Communications Securitv Centre de la séniirila T 0 P SECRET//COMINT//REL TO FVEY Working in Cyber Space Tools must adapt constantly / quickly - Signature based targeting - Metadata analytics - Custom tradecraft for discovery Would I do a better job from my PC at home? - Enhance / Enable collaboration - Adopt Internet technologies on our Classified networks SKYPE / Web 2.0 / Video Chat / Google Apps / etc - Centralize our 'cyber' analytics CyberDMZ Safeguarding Canada 's security through information superiority Préserver la sécurité du Canada par la supériorité de l'information Canada

33 ^ Communications Security Centre de la sécurité T 0 P SECRET//COMINT//REL TO FVEY SEEDSPHERE - Discovery EONBLUE anomaly detection utilities isolate network anomalies - Discover network beacons in Warranted full-take collection Knowledge developed is shared with CNE - During CNE activities, implant is found to be cohabitating - Implant is copied to CSEC HQ for reverse engineering IT Security detects SEEDSPHERE attacks against Government of Canada weekly Préserver la sécurité du Canada pat la supériorité de l'information Canada Speaker: -Major point: How it is an all-source collection effort to get the data -Explain the value of COVENANT to seed new discovery -How CNE is now seeding new discovery -How ITS detects attacks into GC 8

34 ^ Communications Security Centre de la sécurité SECRET//COMINT//REL TO FVEY T 0 P Repositories - At Collection Site Global Access is pushing tradecraft to the front-end of access - 50 terabytes of high speed storage - Processing over 125GB/hour of HTTP metadata Black Line: Total data into the Cluster Line: Data Outbound from SAN Data deduplication al si «lit results in much srtum».rem belter use of limited bandwidth Préserver la sécurité du Canada par la supériorité de l'information Data into the cluster is balanced across multiple nodes. I iacli color denotes a separate node, automatically dividing the load amongst all systems Canada Speaker: I We are talking about the massive volumes (Reference to earlier SSO brief ng). There is so much traff c we keep it at the front-end and do advanced datamining / new tradecraft development 50TB = Library of Congress 3 times over 125GB of data = 14 Hours of High Def nition Video SIGINT Keep stuff online 9

35 Communications Security Centre de la sécurité TOP SECRET//COMINT//REL TO FVEY I t 11 fr"*"* Cyber Repositories In 2009 an average of 112,794 IP traffic items related to cyber threat collected each day from Canadian and Allied sources Traditional SIGINT sources prove invaluable in cyber threat analysis - Travel Tracking Databases used to attribute CNE activity along with SMS collection IT Security domestic sensors store 300TB of full-take - Equivalent to 'months' of traffic - Enables historical analysis and anomaly detection In 2009 IT Security domestic sensors enable 95 mitigation actions Préserver la sécurité du Canada pat la supériorité de l'information v>dl ld.vj.cl. Speaker:! Major Point (Traff c breakdown is 70/30 for SIGINT) Canadian Collect is almost all actionable Canadian Collect is more precise because of EONBLUE IT Security generates Mass quantity of valuable information on attacks (Linked to their fulltake capability) 10

36 T 0 P JÉU Communications Security Centre de la sécurité SECRET//COMINT//REL TO FVEY T F: Network Analysis Expand on how ANT provides best point of access (TBD)

37 ^ Communications Security Centre de la sécurité SECRET//COMINT//REL TO FVEY T 0 P Cyber Analysis ^mtmimiimm Hi Préserver la sécurité du Canada par la supériorité de l'information Canada 12 Speaker: Major Points - A lot goes into a Cyber Threat Report We must stay on top of Tasking, Traff c Analysis / Reverse Engineering, Network Analysis all feed into a Cyber Report. We do this quickly because of tradecraft 12

38 * Communications Security Centre de la sécurité I Eslablishment Canada des télécommunicatio TOP SECRET//COMINT//REL TO FVEY Mitigation Direct protection of GC systems and information Cleanup / Strengthen - Prevention and response activity - Leverage SIGINT and 5 Eyes intelligence, complemented by our own GC domestic sensor capabilities - Report: Actionable technical mitigation reports provided to client's IPC Cyber threat situational awareness reports provided to departments - CSEC review of incidents against systems of importance - CSEC analysts deployed to capture technical evidence to develop/support mitigation activity - CSEC information is merged with all-source cyber threat activities to create complete picture of cyber threats Préserver la sécurité du Canada par la supériorité de l'information Canada 13 Speaker: I3

39 JÉU Communications Security Centre de la sécurité SECRET//COMINT//REL TO FVEY T 0 P T wmmêêêêêêmgri Positioning for the future DETECT ( Discover and Track) DESCRIBE / DEFEND (Hvaluation) / (Protect Government) enable by ACCESS CYBER THREAT PURSUIT from RESPONSE to ACTION Préserver la sécurité du Canada par la supériorité de l'information Canada 14

40 T 0 P JÉU Communications Security Centre de la sécurité SECRET//COMINT//REL TO FVEY T Synchronized SIGINT / ITS Mission Space

41 JÉU Communications Security Centre de la sécurité T 0 P SECRET//COMINT//REL TO FVEY T SAis: Situational Awareness - The perception of environmental elements within a volume of space and time The comprehension of their meaning Projection of their status in the near future Insight - the capacity to understand hidden truths In the Cyber Context: - Gathering and enabling access to cyber information Event Metadata / Event Content / Near Real-Time Exchange - Data mining of cyber information to create understanding in broader context - Predict our adversaries actions based on this knowledge Préserver la sécurité du Canada par la supériorité de l'information Canada

42 JÉU Communications Security Centre de la sécurité T 0 P SECRET//COMINT//REL TO FVEY T Cyber Session Collection Canada

43 1+1 Communications Security Centre de la sécurité T 0 P SECRET//COMINT//REL TO FVEY Enabled by Sydney Resolution NRT Alerting Engine» M V Decision Logic IP # SIGINT Analyst SIGINT Event Store Préserver la sécurité du Canada pai la supériorité de l'information Canada

44 ^ Communications Security Centre de la sécurité SECRET//COMINT//REL TO FVEY T 0 P T Tipping and Cueing (Why) SIGINT - data volumes/network speeds impose severe temporal restrictions on collection (use it or lose it) - ability to extend cyber target tracking across all 5-Eyes accesses and/or analytic event stores instead of just domestic - global aperture - ability to uncover covert overlay networks - cyber session collection? Uncover tradecraft/binaries/exploit vectors... CND - network edge vs. network core (microscope vs. telescope) - enable mitigation of cyber exploitation and/or attack (dynamic defence) - facilitate indications and warning - can SIGINT provide me with the true threat picture in NRT? Could we detect "test firing" of new tools/techniques? - collaborative defence - can my partners see malicious activity in SIGINT against networks I need to protect? Can they tell me in NRT? Préserver la sécurité du Canada par la supériorité de l'information Canada

45 1*1 Communications Security Centre de la sécurité TOP SECRET//COMINT//REL TO FVEY SIGINT -> ITS Tipping Sample of CNO tips provided to ITS from SIGINT SSO on May 05, DS800 SEEDSPHERE DS800 SEEDSPHERE DS800 SEEDSPHERE DS800 SEEDSPHERE DS800 SEEDSPHERE DS800 SEEDSPHERE DS800 SUPERDRAKE DS800 SEEDSPHERE DS800 SUPERDRAKE DS800 SEEDSPHERE The Network Name is: The Network Name is: The Network Name is: The Network Name is: The Network Name is: Canadian house of commons environment Canada federal office of regional development (quebec) forestry Canada public works and government services Canada Préserver la sécurité du Canada par la supériorité de t'infoi nation Canada

46 Communications Security Centre de la söcuritd SECRET//COMINT//REL TO FVEY T 0 P t Establishment Canada des telöcommumcations Canada Dynamic Defense i ""THilig"'! All elements acting as one Defence at: - Network Edge (ITS) Localized/tailored mitigation (e.g. blocking, binary neutering, redirection) Focused response to ongoing and potential threats - Network Core (SIGINT) Global mitigation possible (e.g. redirection, null routing, filtering) Large scale (but still focused!) response to ongoing and potential threats - Adversary Space (CNE) Reconnaissance - probe/explore/learn adversarial network space Co-habitate covert network infrastructure for info gathering, tool extraction, etc Préserver la sécurité du Canada par la supériorité de l'information Canada

CLASSIFICATION: TOP SECRET // COMINT // REL FVEY

CLASSIFICATION: TOP SECRET // COMINT // REL FVEY CLASSIFICATION: erview 36 Project Overview 36 Current Status 36 Proposed Architecture 36 Towards 2015 36 Alignment of passive cyber sensor capabilities and architecture in the SIGINT and ITS missions 36

More information

Advanced Threat Protection with Dell SecureWorks Security Services

Advanced Threat Protection with Dell SecureWorks Security Services Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5

More information

Bio-inspired cyber security for your enterprise

Bio-inspired cyber security for your enterprise Bio-inspired cyber security for your enterprise Delivering global protection Perception is a network security service that protects your organisation from threats that existing security solutions can t

More information

CSEC SIGINT Cyber Discovery Summary of the current effort

CSEC SIGINT Cyber Discovery Summary of the current effort l + l Communications Security CSEC SIGINT Cyber Discovery Summary of the current effort Communications Security Covert Network Threats Cyber-Counterintelligence Discovery Conference GCHQ - November 2010

More information

The Comprehensive National Cybersecurity Initiative

The Comprehensive National Cybersecurity Initiative The Comprehensive National Cybersecurity Initiative President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we

More information

Cyber Watch. Written by Peter Buxbaum

Cyber Watch. Written by Peter Buxbaum Cyber Watch Written by Peter Buxbaum Security is a challenge for every agency, said Stanley Tyliszczak, vice president for technology integration at General Dynamics Information Technology. There needs

More information

Next Generation IPS and Reputation Services

Next Generation IPS and Reputation Services Next Generation IPS and Reputation Services Richard Stiennon Chief Research Analyst IT-Harvest 2011 IT-Harvest 1 IPS and Reputation Services REPUTATION IS REQUIRED FOR EFFECTIVE IPS Reputation has become

More information

Applying Internal Traffic Models to Improve Identification of High Fidelity Cyber Security Events

Applying Internal Traffic Models to Improve Identification of High Fidelity Cyber Security Events Applying Internal Traffic Models to Improve Identification of High Fidelity Cyber Security Events Abstract Effective Security Operations throughout both DoD and industry are requiring and consuming unprecedented

More information

Defending Against Cyber Attacks with SessionLevel Network Security

Defending Against Cyber Attacks with SessionLevel Network Security Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive

More information

DYNAMIC DNS: DATA EXFILTRATION

DYNAMIC DNS: DATA EXFILTRATION DYNAMIC DNS: DATA EXFILTRATION RSA Visibility Reconnaissance Weaponization Delivery Exploitation Installation C2 Action WHAT IS DATA EXFILTRATION? One of the most common goals of malicious actors is to

More information

Covert Operations: Kill Chain Actions using Security Analytics

Covert Operations: Kill Chain Actions using Security Analytics Covert Operations: Kill Chain Actions using Security Analytics Written by Aman Diwakar Twitter: https://twitter.com/ddos LinkedIn: http://www.linkedin.com/pub/aman-diwakar-ccie-cissp/5/217/4b7 In Special

More information

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA Advanced Visibility Moving Beyond a Log Centric View Matthew Gardiner, RSA & Richard Nichols, RSA 1 Security is getting measurability worse Percent of breaches where time to compromise (red)/time to Discovery

More information

1 2013 Solera Networks, A Blue Coat Company SOLERA NETWORKS BIG DATA SECURITY ANALYTICS

1 2013 Solera Networks, A Blue Coat Company SOLERA NETWORKS BIG DATA SECURITY ANALYTICS 1 2013 Solera Networks, A Blue Coat Company SOLERA NETWORKS BIG DATA SECURITY ANALYTICS $32.8B 100,000 Cyber Criminals State-Sponsored Spies Hactivists We live in a POST-PREVENTION Amount enterprises are

More information

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management INTRODUCTION Traditional perimeter defense solutions fail against sophisticated adversaries who target their

More information

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved. Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control

More information

Comprehensive Advanced Threat Defense

Comprehensive Advanced Threat Defense 1 Comprehensive Advanced Threat Defense June 2014 PAGE 1 PAGE 1 1 INTRODUCTION The hot topic in the information security industry these days is Advanced Threat Defense (ATD). There are many definitions,

More information

Network Based Intrusion Detection Using Honey pot Deception

Network Based Intrusion Detection Using Honey pot Deception Network Based Intrusion Detection Using Honey pot Deception Dr.K.V.Kulhalli, S.R.Khot Department of Electronics and Communication Engineering D.Y.Patil College of Engg.& technology, Kolhapur,Maharashtra,India.

More information

McAfee Network Security Platform

McAfee Network Security Platform McAfee Network Security Platform Next Generation Network Security Youssef AGHARMINE, Network Security, McAfee Network is THE Security Battleground Who is behind the data breaches? 81% some form of hacking

More information

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection White Paper: Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection Prepared by: Northrop Grumman Corporation Information Systems Sector Cyber Solutions Division

More information

Unified Security, ATP and more

Unified Security, ATP and more SYMANTEC Unified Security, ATP and more TAKE THE NEXT STEP Martin Werner PreSales Consultant, Symantec Switzerland AG MEET SWISS INFOSEC! 27.01.2016 Unified Security 2 Symantec Enterprise Security Users

More information

Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst

Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst ESG Brief Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: Large organizations have spent millions of dollars on security

More information

SECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal

SECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal WHITE PAPER SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM Why Automated Analysis Tools are not Created Equal SECURITY REIMAGINED CONTENTS Executive Summary...3 Introduction: The Rise

More information

Network Security Deployment (NSD)

Network Security Deployment (NSD) Network Security Deployment (NSD) National Cybersecurity Protection System (NCPS) 11 July 2012 What is the NCPS? National Cybersecurity Protection System (NCPS) is the program of record within the Department

More information

POLIWALL: AHEAD OF THE FIREWALL

POLIWALL: AHEAD OF THE FIREWALL POLIWALL: AHEAD OF THE FIREWALL FIREWALL HISTORY Since the earliest days of the Internet, when hackers sat in their darkened basements dialing into networks with dial-up modems, both network threats and

More information

POLIWALL: AHEAD OF THE FIREWALL

POLIWALL: AHEAD OF THE FIREWALL POLIWALL: AHEAD OF THE FIREWALL FIREWALL HISTORY Since the earliest days of the Internet, when hackers sat in their darkened basements dialing into networks with dial-up modems, both network threats and

More information

www.obrela.com Swordfish

www.obrela.com Swordfish Swordfish Web Application Firewall Web Application Security as a Service Swordfish Web Application Security provides an innovative model to help businesses protect their brand and online information, incorporating

More information

(U) Appendix D: Evaluation of the Comprehensive National Cybersecurity Initiative

(U) Appendix D: Evaluation of the Comprehensive National Cybersecurity Initiative (U) Appendix D: Evaluation of the Comprehensive National Cybersecurity Initiative (U) Presidential Directive NSPD 54/HSPD 23, Cybersecurity Policy, established United States policy, strategy, guidelines,

More information

RETHINK SECURITY FOR UNKNOWN ATTACKS

RETHINK SECURITY FOR UNKNOWN ATTACKS 1 Copyright 2012 Juniper Networks, Inc. www.juniper.net RETHINK SECURITY FOR UNKNOWN ATTACKS John McCreary Security Specialist, Juniper Networks AGENDA 1 2 3 Introduction 5 minutes Security Trends 5 minutes

More information

Fighting Advanced Threats

Fighting Advanced Threats Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.

More information

IBM i2 Enterprise Insight Analysis for Cyber Analysis

IBM i2 Enterprise Insight Analysis for Cyber Analysis IBM i2 Enterprise Insight Analysis for Cyber Analysis Protect your organization with cyber intelligence Highlights Quickly identify threats, threat actors and hidden connections with multidimensional analytics

More information

Introducing IBM s Advanced Threat Protection Platform

Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM

More information

Cisco Security Intelligence Operations

Cisco Security Intelligence Operations Operations Operations of 1 Operations Operations of Today s organizations require security solutions that accurately detect threats, provide holistic protection, and continually adapt to a rapidly evolving,

More information

Persistence Mechanisms as Indicators of Compromise

Persistence Mechanisms as Indicators of Compromise Persistence Persistence Mechanisms as Indicators of Compromise An automated technology for identifying cyber attacks designed to survive indefinitely the reboot process on PCs White Paper Date: October

More information

REV: 0.1.1 (July 2011) McAfee Security: Intrusion Prevention System

REV: 0.1.1 (July 2011) McAfee Security: Intrusion Prevention System McAfee Security: Intrusion Prevention System REV: 0.1.1 (July 2011) 1 Contents 1. McAfee Network Security Platform...3 2. McAfee Host Intrusion Prevention for Server...4 2.1 Network IPS...4 2.2 Workload

More information

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave

More information

Introduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined.

Introduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined. Contents Introduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined. Technical OverView... Error! Bookmark not defined. Network Intrusion Detection

More information

Making sense out of the Security Operations

Making sense out of the Security Operations Gaweł Mikołajczyk gmikolaj@cisco.com Making sense out of the Security Operations Cisco Public 1 CONFidence 2012 https://www.youtube.com/watch?v=ebi1xlmg5xe Cisco Public 2 CONFidence 2016 Network Security

More information

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

GETTING REAL ABOUT SECURITY MANAGEMENT AND BIG DATA GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA" A Roadmap for "Big Data" in Security Analytics ESSENTIALS This paper examines: Escalating complexity of the security management environment, from threats

More information

BlackRidge Technology Transport Access Control: Overview

BlackRidge Technology Transport Access Control: Overview 2011 BlackRidge Technology Transport Access Control: Overview 1 Introduction Enterprises and government agencies are under repeated cyber attack. Attacks range in scope from distributed denial of service

More information

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud The Advanced Attack Challenge Creating a Government Private Threat Intelligence Cloud The Advanced Attack Challenge One of the most prominent and advanced threats to government networks is advanced delivery

More information

Content Security: Protect Your Network with Five Must-Haves

Content Security: Protect Your Network with Five Must-Haves White Paper Content Security: Protect Your Network with Five Must-Haves What You Will Learn The continually evolving threat landscape is what makes the discovery of threats more relevant than defense as

More information

Careers in Cyber Operations. Defence Signals Directorate

Careers in Cyber Operations. Defence Signals Directorate Careers in Cyber Operations Defence Signals Directorate 1 In a game where our adversaries operate with no rules and unknown boundary lines, you will be exploring the possibilities and inventing the seemingly

More information

AMPLIFYING SECURITY INTELLIGENCE

AMPLIFYING SECURITY INTELLIGENCE AMPLIFYING SECURITY INTELLIGENCE WITH BIG DATA AND ADVANCED ANALYTICS Chris Meenan Senior Product Manager, Security Intelligence 1 IBM Security Systems Welcome to a Not So Friendly Cyber World Biggest

More information

CALNET 3 Category 7 Network Based Management Security. Table of Contents

CALNET 3 Category 7 Network Based Management Security. Table of Contents State of California IFB STPD 12-001-B CALNET 3 Category 7 Network Based Security Table of Contents 7.2.1.4.a DDoS Detection and Mitigation Features... 1 7.2.2.3 Email Monitoring Service Features... 2 7.2.3.2

More information

[state of the internet] / SEO Attacks. Threat Advisory: Continuous Uptick in SEO Attacks

[state of the internet] / SEO Attacks. Threat Advisory: Continuous Uptick in SEO Attacks TLP: GREEN Issue Date: 1.12.16 Threat Advisory: Continuous Uptick in SEO Attacks Risk Factor High The Akamai Threat Research Team has identified a highly sophisticated Search Engine Optimization (SEO)

More information

SecurityDAM On-demand, Cloud-based DDoS Mitigation

SecurityDAM On-demand, Cloud-based DDoS Mitigation SecurityDAM On-demand, Cloud-based DDoS Mitigation Table of contents Introduction... 3 Why premise-based DDoS solutions are lacking... 3 The problem with ISP-based DDoS solutions... 4 On-demand cloud DDoS

More information

integrating cutting-edge security technologies the case for SIEM & PAM

integrating cutting-edge security technologies the case for SIEM & PAM integrating cutting-edge security technologies the case for SIEM & PAM Introduction A changing threat landscape The majority of organizations have basic security practices in place, such as firewalls,

More information

Advanced Threats: The New World Order

Advanced Threats: The New World Order Advanced Threats: The New World Order Gary Lau Technology Consulting Manager Greater China gary.lau@rsa.com 1 Agenda Change of Threat Landscape and Business Impact Case Sharing Korean Incidents EMC CIRC

More information

Spear Phishing Attacks Why They are Successful and How to Stop Them

Spear Phishing Attacks Why They are Successful and How to Stop Them White Paper Spear Phishing Attacks Why They are Successful and How to Stop Them Combating the Attack of Choice for Cybercriminals White Paper Contents Executive Summary 3 Introduction: The Rise of Spear

More information

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE Solution Brief SUMMARY New security threats demand a new approach to security management. Security teams need a security analytics architecture that can handle

More information

Cyber Situational Awareness for Enterprise Security

Cyber Situational Awareness for Enterprise Security Cyber Situational Awareness for Enterprise Security Tzvi Kasten AVP, Business Development Biju Varghese Director, Engineering Sudhir Garg Technical Architect The security world is changing as the nature

More information

ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst

ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst ESG Lab Spotlight ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst Abstract: This ESG Lab Spotlight examines the

More information

The Future of the Advanced SOC

The Future of the Advanced SOC The Future of the Advanced SOC Developing a platform for more effective security management and compliance Steven Van Ormer RSA Technical Security Consultant 1 Agenda Today s Security Landscape and Why

More information

Cybersecurity Delivering Confidence in the Cyber Domain

Cybersecurity Delivering Confidence in the Cyber Domain Cybersecurity Delivering Confidence in the Cyber Domain With decades of intelligence and cyber expertise, Raytheon offers unmatched, full-spectrum, end-to-end cyber solutions that help you secure your

More information

ADVANCED KILL CHAIN DISRUPTION. Enabling deception networks

ADVANCED KILL CHAIN DISRUPTION. Enabling deception networks ADVANCED KILL CHAIN DISRUPTION Enabling deception networks Enabling Deception Networks Agenda Introduction Overview of Active Defense Process Orchestration in Active Defense Introducing Deception Networks

More information

IBM SECURITY QRADAR INCIDENT FORENSICS

IBM SECURITY QRADAR INCIDENT FORENSICS IBM SECURITY QRADAR INCIDENT FORENSICS DELIVERING CLARITY TO CYBER SECURITY INVESTIGATIONS Gyenese Péter Channel Sales Leader, CEE IBM Security Systems 12014 IBM Corporation Harsh realities for many enterprise

More information

The Cyber Threat Profiler

The Cyber Threat Profiler Whitepaper The Cyber Threat Profiler Good Intelligence is essential to efficient system protection INTRODUCTION As the world becomes more dependent on cyber connectivity, the volume of cyber attacks are

More information

IBM QRadar Security Intelligence April 2013

IBM QRadar Security Intelligence April 2013 IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence

More information

CyberReady Solutions. Integrated Threat Intelligence and Cyber Operations MONTH DD, YYYY SEPTEMBER 8, 2014

CyberReady Solutions. Integrated Threat Intelligence and Cyber Operations MONTH DD, YYYY SEPTEMBER 8, 2014 CR CyberReady Solutions Actionable Insight for the Digital Enterprise Integrated Threat Intelligence and Cyber Operations MONTH DD, YYYY SEPTEMBER 8, 2014 INTELLIGENCE-DRIVEN OPERATIONS The Game Has Changed

More information

The Need for Intelligent Network Security: Adapting IPS for today s Threats

The Need for Intelligent Network Security: Adapting IPS for today s Threats The Need for Intelligent Network Security: Adapting IPS for today s Threats James Tucker Security Engineer Sourcefire Nordics A Bit of History It started with passive IDS. Burglar alarm for the network

More information

HOW LOOKOUT S PREDICTIVE SECURITY UNMASKED A MOBILE THREAT

HOW LOOKOUT S PREDICTIVE SECURITY UNMASKED A MOBILE THREAT Mobile Threats MalApp HOW LOOKOUT S PREDICTIVE SECURITY UNMASKED A MOBILE THREAT Introduction To detect advanced threats that can evade signatures and behavioral analyses, Lookout developed a platform

More information

Security strategies to stay off the Børsen front page

Security strategies to stay off the Børsen front page Security strategies to stay off the Børsen front page Steve Durkin, Channel Director for Europe, Q1 Labs, an IBM Company 1 2012 IBM Corporation Given the dynamic nature of the challenge, measuring the

More information

Analysis of Network Beaconing Activity for Incident Response

Analysis of Network Beaconing Activity for Incident Response Analysis of Network Beaconing Activity for Incident Response FloCon2008 Peter Balland, P. O. Box 808, Livermore, CA 94551 This work performed under the auspices of the U.S. Department of Energy by under

More information

Hunting for the Undefined Threat: Advanced Analytics & Visualization

Hunting for the Undefined Threat: Advanced Analytics & Visualization SESSION ID: ANF-W04 Hunting for the Undefined Threat: Advanced Analytics & Visualization Joshua Stevens Enterprise Security Architect Hewlett-Packard Cyber Security Technology Office Defining the Hunt

More information

White paper. TrusGuard DPX: Complete Protection against Evolving DDoS Threats. AhnLab, Inc.

White paper. TrusGuard DPX: Complete Protection against Evolving DDoS Threats. AhnLab, Inc. TrusGuard DPX: Complete Protection against Evolving DDoS Threats AhnLab, Inc. Table of Contents Introduction... 2 The Evolution of DDoS Attacks... 2 Typical Protection against DDoS Attacks... 3 Firewalls...

More information

IBM Advanced Threat Protection Solution

IBM Advanced Threat Protection Solution IBM Advanced Threat Protection Solution Fabio Panada IBM Security Tech Sales Leader 1 Advanced Threats is one of today s key mega-trends Advanced Threats Sophisticated, targeted attacks designed to gain

More information

A New Perspective on Protecting Critical Networks from Attack:

A New Perspective on Protecting Critical Networks from Attack: Whitepaper A New Perspective on Protecting Critical Networks from Attack: Why the DoD Uses Advanced Network-traffic Analytics to Secure its Network 2014: A Year of Mega Breaches A Ponemon Study published

More information

Carbon Black and Palo Alto Networks

Carbon Black and Palo Alto Networks Carbon Black and Palo Alto Networks Bring Together Next-Generation Endpoint and Network Security Solutions Endpoints and Servers in the Crosshairs of According to a 2013 study, 70 percent of businesses

More information

Manage the unexpected

Manage the unexpected Manage the unexpected Navigate risks and thrive Today s business world is threatened by a multitude of online security risks. But many organizations simply do not have the resources or expertise to combat

More information

White Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation

White Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation White Paper Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation Table of Contents Introduction... 3 Common DDoS Mitigation Measures...

More information

REVOLUTIONIZING ADVANCED THREAT PROTECTION

REVOLUTIONIZING ADVANCED THREAT PROTECTION REVOLUTIONIZING ADVANCED THREAT PROTECTION A NEW, MODERN APPROACH Blue Coat Advanced Threat Protection Group GRANT ASPLUND Senior Technology Evangelist 1 WHY DO I STAND ON MY DESK? "...I stand upon my

More information

Providing Secure IT Management & Partnering Solution for Bendigo South East College

Providing Secure IT Management & Partnering Solution for Bendigo South East College Providing Secure IT Management & Partnering Solution for Bendigo South East College Why did Bendigo South East College engage alltasksit & DELL? BSEC is in the midst of school population growth in 2015,

More information

Threat Intelligence: What is it, and How Can it Protect You from Today s Advanced Cyber-Attacks A Webroot publication featuring analyst research

Threat Intelligence: What is it, and How Can it Protect You from Today s Advanced Cyber-Attacks A Webroot publication featuring analyst research Threat Intelligence: What is it, and How Can it Protect You from Today s Advanced Cyber-Attacks A Webroot publication featuring analyst research 2 3 6 7 9 9 Issue 1 Welcome From the Gartner Files Definition:

More information

Network Security Monitoring: Looking Beyond the Network

Network Security Monitoring: Looking Beyond the Network 1 Network Security Monitoring: Looking Beyond the Network Ian R. J. Burke: GCIH, GCFA, EC/SA, CEH, LPT iburke@headwallsecurity.com iburke@middlebury.edu February 8, 2011 2 Abstract Network security monitoring

More information

Hillstone Intelligent Next Generation Firewall

Hillstone Intelligent Next Generation Firewall Hillstone Intelligent Next Generation Firewall Kris Nawani Solution Manager (Thailand) 12 th March 2015 1 About Hillstone Networks Founded 2006 by Netscreen visionaries World class team with security,

More information

Denial of Service Attacks and Resilient Overlay Networks

Denial of Service Attacks and Resilient Overlay Networks Denial of Service Attacks and Resilient Overlay Networks Angelos D. Keromytis Network Security Lab Computer Science Department, Columbia University Motivation: Network Service Availability Motivation:

More information

Open Source Software for Cyber Operations:

Open Source Software for Cyber Operations: W H I T E P A P E R Open Source Software for Cyber Operations: Delivering Network Security, Flexibility and Interoperability Introduction For the last decade, the use of open source software (OSS) in corporate

More information

Actionable Intelligence Hides Within Social Media Data

Actionable Intelligence Hides Within Social Media Data Actionable Intelligence Hides Within Social Media Data Leverage Real-Time Social Media Data to Improve Security, Stop Information Leaks, Identify Problems, Neutralize Threats Twitter. Facebook. Email.

More information

Using SIEM for Real- Time Threat Detection

Using SIEM for Real- Time Threat Detection Using SIEM for Real- Time Threat Detection Presentation to ISSA Baltimore See and secure what matters Joe Magee CTO and Co-Founder March, 27 2013 About us Vigilant helps clients build and operate dynamic,

More information

White Paper: Leveraging Web Intelligence to Enhance Cyber Security

White Paper: Leveraging Web Intelligence to Enhance Cyber Security White Paper: Leveraging Web Intelligence to Enhance Cyber Security October 2013 Inside: New context on Web Intelligence The need for external data in enterprise context Making better use of web intelligence

More information

Anti-Malware Technologies

Anti-Malware Technologies : Trend of Network Security Technologies Anti-Malware Technologies Mitsutaka Itoh, Takeo Hariu, Naoto Tanimoto, Makoto Iwamura, Takeshi Yagi, Yuhei Kawakoya, Kazufumi Aoki, Mitsuaki Akiyama, and Shinta

More information

Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention

Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention Your Security Challenges Defending the Dynamic Network! Dynamic threats 䕬 䕬 䕬 䕬 Many threats

More information

Chapter 9 Firewalls and Intrusion Prevention Systems

Chapter 9 Firewalls and Intrusion Prevention Systems Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish

More information

Cyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen. 14th Annual Risk Management Convention

Cyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen. 14th Annual Risk Management Convention Cyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen 14th Annual Risk Management Convention New York, New York March 13, 2013 Today s Presentation 1)

More information

SPEAR PHISHING UNDERSTANDING THE THREAT

SPEAR PHISHING UNDERSTANDING THE THREAT SPEAR PHISHING UNDERSTANDING THE THREAT SEPTEMBER 2013 Due to an organisation s reliance on email and internet connectivity, there is no guaranteed way to stop a determined intruder from accessing a business

More information

White Paper. Advantage FireEye. Debunking the Myth of Sandbox Security

White Paper. Advantage FireEye. Debunking the Myth of Sandbox Security White Paper Advantage FireEye Debunking the Myth of Sandbox Security White Paper Contents The Myth of Sandbox Security 3 Commercial sandbox evasion 3 Lack of multi-flow analysis and exploit detection 3

More information

WhatWorks in Detecting and Blocking Advanced Threats:

WhatWorks in Detecting and Blocking Advanced Threats: WhatWorks in Detecting and Blocking Advanced Threats: A Real Case Study at a Large Research Organization with WhatWorks is a user-to-user program in which security managers who have implemented effective

More information

Country Case Study on Incident Management Capabilities CERT-TCC, Tunisia

Country Case Study on Incident Management Capabilities CERT-TCC, Tunisia Country Case Study on Incident Management Capabilities CERT-TCC, Tunisia Helmi Rais CERT-TCC Team Manager National Agency for Computer Security, Tunisia helmi.rais@ansi.tn helmi.rais@gmail.com Framework

More information

Intrusion Detection in AlienVault

Intrusion Detection in AlienVault Complete. Simple. Affordable Copyright 2014 AlienVault. All rights reserved. AlienVault, AlienVault Unified Security Management, AlienVault USM, AlienVault Open Threat Exchange, AlienVault OTX, Open Threat

More information

Click to edit Master title style

Click to edit Master title style Click to edit Master title style UNCLASSIFIED//FOR OFFICIAL USE ONLY Dr. Russell D. Richardson, G2/INSCOM Science Advisor UNCLASSIFIED//FOR OFFICIAL USE ONLY 1 UNCLASSIFIED Semantic Enrichment of the Data

More information

Rethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council

Rethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council Rethinking Information Security for Advanced Threats CEB Information Risk Leadership Council Advanced threats differ from conventional security threats along many dimensions, making them much more difficult

More information

Six Days in the Network Security Trenches at SC14. A Cray Graph Analytics Case Study

Six Days in the Network Security Trenches at SC14. A Cray Graph Analytics Case Study Six Days in the Network Security Trenches at SC14 A Cray Graph Analytics Case Study WP-NetworkSecurity-0315 www.cray.com Table of Contents Introduction... 3 Analytics Mission and Source Data... 3 Analytics

More information

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................

More information

DPI and Metadata for Cybersecurity Applications

DPI and Metadata for Cybersecurity Applications White Paper DPI and Metadata for Cybersecurity Applications How vendors can improve solutions for new market demands by filling the gap between COTS cybersecurity and raw data analysis Executive Summary

More information