Belgacom Security Convention. Tuesday 15 October 2013, Aula Magna, Louvain-la-Neuve

Size: px
Start display at page:

Download "Belgacom Security Convention. Tuesday 15 October 2013, Aula Magna, Louvain-la-Neuve"

Transcription

1 Belgacom Security Convention Tuesday 15 October 2013, Aula Magna, Louvain-la-Neuve

2 Belgacom Security Convention Introduction Geert Degezelle, Director Belgacom Security Solutions 10/17/2013 Slide 2

3 Intro The elephant in the room

4 Intro: is there an elephant in the room? Some words on the digital Belgacom 14-15/09: Belgacom launches clean-up operation after digital intrusion detected in the internal IT system 16/09: Belgacom communicates proactively about the incident Many speculations in the media about the perpetrators & their motives Belgacom sticks to the facts and continues to collaborate with judicial investigation No indications whatsoever that customers or their data have been impacted Belgacom further strengthens prevention with intensive and continuous monitoring No new elements at this stage, despite some rumours & wrong information leaked in the press Belgacom has chosen to communicate transparently about this incident and will continue to do so in the future whenever needed Bottom line, we were able to detect a highly sophisticated attack and we performed a successful clean-up Moving forward, resisting this kind of intrusion will be a joined challenge for all stakeholders involved, both private and public, on a national & international level

5 Belgacom Security Solutions 300+ Security Professionals in Belgacom Group, 100+ in Belgium 24/7 NOC Incident Management & Security Analysis : 400M events/d Belgacom Computer and Security Incident Response Team (CSIRT) Pro-Active benchmarking of the ICT Security landscape JCA Training Institute for ICT = student days/year in security Multiple delivery models: Cloud, On Site and Hybrid Corporate responsibility: kids Safer Internet (together with Child Focus & Microsoft) Peer Intelligence Exchange (eg Etis, Cert, Febelfin, LSEC, Etis, Beltug)

6 ICT Security Today 400B$ malware/d 334 BE attacks/m Outgrowing traditional crime figures vs Q % increase +300% for Android Malware vs 165 in in 2011 Slide 6

7 Hacker Industrialisation is a fact The Underground Embraces the Cloud Business Model Hacker Consumerisation Digital Currencies Anonymous Payment Exploit-as-a-Service, Malware-as-a-Service, Botnet as a Service,

8 4 major ICT Market Trends Impacting today s ICT security architecture IDC 2013: 31% of organisation has no mobile security management solution Mobile Cloud Security is the #1 cloud inhibitor Manage virtualised security Context and degree of trust will be very important ICT Security decision criteria Big Data Social Networks Privacy leakage Social Media Attacks Social Engineering Slide 8

9 Detection & Rapid Response will become a priority Prevention, the traditional approach to ICT Security, is being augmented with detection and response Focus on proactive monitoring to detect and contain attacks earlier in their lifecycle Speed of detection & response Simple infection Upgrade to more complex capabilities Distribute across the network Await Command & Control Center instructions Exfiltrate data By 2020, 75% of enterprises' information security budgets will be allocated for rapid detection and response approaches, up from less than 10% in Source: Gartner Security 2020, July 2013

10 Belgacom Security Convention Agenda Plenary Sessions The evolving Cyber Threats Landscape Ulrich Seldeslachts, CEO, LSEC Cyber Security Incident Response at Belgacom Andy De Petter, Information Security Manager, Belgacom CERT of the European Institutions : Activities and lessons learned Freddy Dezeure, Head of CERT-EU 10/17/2013 Slide 10

11 Belgacom Security Convention The program continues Trends, case studies, live demos, legal aspects and technical update Cloud and Security Mobility and Security Data and Security 13:30 14:30 Protect your Business from external threats and cyber criminality Beyond BYOD, IT Consumerization & Mobile Enterprise Meet the Data Privacy Requirements 15:00 16:00 Secure your move to cloud computing Integrate successfully mobile device in your ICT The New, Continuous Security Model Do not forget the contest 10/17/2013 the winners will be communicated at 16.30! Win The last tickets for Belgium-Wales! or a free hacking training

12 The Market place is open Thank you

13 LSEC - Leaders in Security dinsdag 15 oktober 2013 LSEC The Evolving Cyber Threats Landscape Ulrich Seldeslachts, LLN, Aula Magna, October 15th, 2013 Welcome in the European Cyber Security Month : ECSM Leaders in Security LSEC, 2013, Private & Confidential, p 2 Source : ECSM, October Private & Confidential 1

14 LSEC - Leaders in Security dinsdag 15 oktober 2013 Welcome in the European Cyber Security Month : ECSM In Belgium, capital of Europe, you re on your own today Leaders in Security LSEC, 2013, Private & Confidential, p 3 Source : ECSM, October A masterpiece of marketing? Source : Leaders in Security LSEC, 2013, Private & Confidential, p 4 4 Private & Confidential 2

15 LSEC - Leaders in Security dinsdag 15 oktober 2013 Infected machines vs subscribers per ISP (spam) <5> Leaders in Security LSEC, 2013, for ACDC public, p 5 Source : Botnet mitigation and the role of ISPs, TU Delft, March 2013 Global Threat Map Today Luckily Luxemburg is smaller Leaders in Security LSEC, 2013, Private & Confidential, p 6 Source : Hostexploit, September 2013 Private & Confidential 3

16 LSEC - Leaders in Security dinsdag 15 oktober 2013 Global Threat Map Today Highest observed concentrations of malicious activity Leaders in Security LSEC, 2013, Private & Confidential, p 7 Source : Hostexploit, September 2013 Evolution : a decade of cyber threats Leaders in Security LSEC, 2013, Private & Confidential, p 8 Source : LSEC, ehealth, PWC - 02/ Private & Confidential 4

17 LSEC - Leaders in Security dinsdag 15 oktober 2013 Unique Samples added That was then : AV-Test.org's Sample Collection Growth All quiet on the western front Growth 3 Month Median Forecast Leaders in Security LSEC, 2013, Private & Confidential, p 9 Source : LSEC, Malware, McAfee September This is now How the west was won Leaders in Security LSEC, 2013, Private & Confidential, p 10 Source : LSEC, Security Innovations, IBM X-Force 09/ Private & Confidential 5

18 LSEC - Leaders in Security dinsdag 15 oktober 2013 That was then : End of 2007 End of Q Vulnerabilities ,700 31,600 Password Stealers ( Main variants ) Potentially Unwanted Programs Malware (families) (Families - DAT related) Malware Zoo (Collection) , , ,000 24,900 17, , ,000 30,000 (?) 8,600,000 13,000,000 Leaders in Security LSEC, 2013, Private & Confidential, p 11 Source : LSEC, Malware, McAfee September This is now Leaders in Security LSEC, 2013, Private & Confidential, p 12 Source : LSEC, Security Innovations, Websense 09/ Private & Confidential 6

19 LSEC - Leaders in Security dinsdag 15 oktober 2013 That was then Leaders in Security LSEC, 2013, Private & Confidential, p 13 Source : LSEC, Malware, McAfee September Evolution : this is today Leaders in Security LSEC, 2013, Private & Confidential, p 14 Private & Confidential 7

20 LSEC - Leaders in Security dinsdag 15 oktober 2013 This is now Leaders in Security LSEC, 2013, Private & Confidential, p 15 Source : PWC, March 2013 That was then Protection gap of hours with current solutions t0 Malware in the wild t1 t2 t3 Protection is available Malware discovered Protection is downloaded t4 Protection is deployed Leaders in Security LSEC, 2013, Private & Confidential, p 16 Source : LSEC, Malware, McAfee September Private & Confidential 8

21 LSEC - Leaders in Security dinsdag 15 oktober 2013 This is now Leaders in Security LSEC, 2013, Private & Confidential, p 17 Source : LSEC, Security Innovations, Websense 09/ That was then Leaders in Security LSEC, 2013, Private & Confidential, p Private & Confidential 9

22 LSEC - Leaders in Security dinsdag 15 oktober 2013 This is now Leaders in Security LSEC, 2013, Private & Confidential, p This is now Leaders in Security LSEC, 2013, Private & Confidential, p 20 Source : LSEC, Innovations, Websense, 09/13 Private & Confidential 10

23 LSEC - Leaders in Security dinsdag 15 oktober 2013 Evolution : botnet that was then 21 Coreflood Trojan 500Gb of Data since ,000 bot IDs covering 16 months 8,485 bank accounts 740 accounts for one bank They had examined 79 accounts had total balances of $281,000 3,233 credit card accounts 151,000 accounts 58,391 social networking site accounts 4,237 online retailer accounts 416 stock trading accounts 869 payment processor accounts 413 mortgage accounts 422 finance company accounts Top botnets control 1M hijacked computers They can dump more than 100B spam messages on users daily Botnet # of bots Spam capability 1 Srizbi 315,000 60B/day 2 Bobax 185,000 9B/day 3 Rustock 150,000 30B/day 4 Cutwail 125,000 16B/day 5 Storm 85,000 3B/day 6 Grum 50,000 2B/day 7 Onewordsub 40,000 Unknown 8 Ozdok 35,000 10B/day 9 Nucrypt 20,000 5B/day 10 Wopla 20, M/day 11 Spamthru 12, M/day Leaders in Security LSEC, 2013, Private & Confidential, p 21 Source : LSEC, Malware, McAfee September 2008 Evolution : botnet this is now Leaders in Security LSEC, 2013, Private & Confidential, p 22 Source : LSEC ACDC, Cyberdefcon March Private & Confidential 11

24 LSEC - Leaders in Security dinsdag 15 oktober 2013 Carna Botnet : bots a research project Leaders in Security LSEC, 2013, Private & Confidential, p 23 Source : LSEC, ACDC, Cyberdefcon 03/ The point? Leaders in Security LSEC, 2013, Private & Confidential, p 24 Source : LSEC, ACDC, Cyberdefcon 03/ Private & Confidential 12

25 LSEC - Leaders in Security dinsdag 15 oktober 2013 How do we know? Leaders in Security LSEC, 2013, Private & Confidential, p 25 Source : LSEC, ACDC, Cyberdefcon 03/ Leaders in Security LSEC, 2013, Private & Confidential, p 26 Source : LSEC, ACDC, Cyberdefcon 03/2013 Private & Confidential 13

26 LSEC - Leaders in Security dinsdag 15 oktober 2013 Leaders in Security LSEC, 2013, Private & Confidential, p 27 ACDC & The European Commission's Cyber Security Strategy Trust and Security DG CONNECT - European Commission Private & Confidential 14

27 LSEC - Leaders in Security dinsdag 15 oktober 2013 Fragmented response Source : ENISA, 2012 : DG INFSO CIP PSP Leaders in Security LSEC, 2013, for ACDC public, p Pan European Approach Leaders in Security LSEC, 2013, for ACDC public, p Private & Confidential 15

28 LSEC - Leaders in Security dinsdag 15 oktober 2013 What Botnets do Leaders in Security LSEC, 2013, for ACDC public, p 31 Source : PCWorld, IBM WP2 Pilot Components & Technology Development Tools : (1) Sensors and detection tools for networks (2) Systems Infections infected websites analysis (3) Device Detection and mitigation multi-purpose tools for end users (4) Centralized Data Clearing House and (5) Pan-European Support Centre, T2.1: Establishing and Management of Pilot Governance Group. (LSEC) [M01-M27] T2.2 : Developing Technology Framework (ATOS) [M01-M06] T2.3 : Developing Pilot Component Task Forces (LSEC) [M01-M21] T.2.4 : Pilot Component Developments (LSEC, TID) [M03-M23] T2.5 : Change management (LSEC) [M06-M27] T2.6 : Component Development Quality control management (LSEC) [M06-M27] Leaders in Security LSEC, 2013, Private & Confidential, p 32 Leaders in Security LSEC, 2013, for ACDC public, p 32 Private & Confidential 16

29 LSEC - Leaders in Security dinsdag 15 oktober 2013 Leaders in Security LSEC, 2013, Private & Confidential, p 33 Source : LSEC, ACDC, Cyberdefcon 03/ This was yesterday Leaders in Security LSEC, 2013, Private & Confidential, p 34 Source : The Economist, 2012 Private & Confidential 17

30 LSEC - Leaders in Security dinsdag 15 oktober 2013 This is today Work with YOUR OWN tools 3/4 Leaders in Security LSEC, 2013, Private & Confidential, p 35 Source : Mobco, March 2013 This is tomorrow Leaders in Security LSEC, 2013, Private & Confidential, p 36 Source : Ericsson, January 2013 Private & Confidential 18

31 LSEC - Leaders in Security dinsdag 15 oktober 2013 This is today : key lessons! 1.It s about the data 2.Attribution 3.(Industrial) Espionage 4.Don t forget the insider 5.Your website next? 6.Going Social 7.Be innovative 8.Offensive defense 9.The truth is out there in the data 10.You re not alone Leaders in Security LSEC, 2013, Private & Confidential, p 37 It s about data Leaders in Security LSEC, 2013, Private & Confidential, p 38 Private & Confidential 19

32 LSEC - Leaders in Security dinsdag 15 oktober 2013 Attribution Leaders in Security LSEC, 2013, Private & Confidential, p 39 Source : PWC, March 2013 Attribution Leaders in Security LSEC, 2013, Private & Confidential, p 40 Source : LSEC, Security Innovations, Websense 09/2013 Private & Confidential 20

33 LSEC - Leaders in Security dinsdag 15 oktober 2013 (industrial) espionage PLa unit 61398, Datong Leaders in Security LSEC, 2013, Private & Confidential, p 41 Also consider insider threat Major threats perceived Leaders in Security LSEC, 2013, Private & Confidential, p 42 Source : IDC Energy insights, Security Survey, 2011 Private & Confidential 21

34 LSEC - Leaders in Security dinsdag 15 oktober 2013 Your website next? 14% increase in web application vulnerabilities Cross-site scripting represented 53% Leaders in Security LSEC, 2013, Private & Confidential, p 43 Source : LSEC, Security Innovations, IBM X-Force 09/2013 Going Social Leaders in Security LSEC, 2013, Private & Confidential, p 44 Source : LSEC, Security Innovations, IBM X-Force 09/2013 Private & Confidential 22

35 LSEC - Leaders in Security dinsdag 15 oktober 2013 Key threats 2012 Leaders in Security LSEC, 2013, Private & Confidential, p 45 be innovative think like a hacker Leaders in Security LSEC, 2013, Private & Confidential, p 46 Source : LSEC Big Data 2013, Splunk Private & Confidential 23

36 LSEC - Leaders in Security dinsdag 15 oktober 2013 (Think) Offensive Defense Leaders in Security LSEC, 2013, Private & Confidential, p The truth is out there in the data Leaders in Security LSEC, 2013, for ACDC public, p 48 Source : LSEC, Security Innovations, IBM X-Force 09/ Private & Confidential 24

37 LSEC - Leaders in Security dinsdag 15 oktober 2013 The truth is out there in the data Source : Symantec, Deepsight EWS, 2012 Leaders in Security LSEC, 2013, Private & Confidential, p 49 Source : LSEC, ACDC - Palo Alto, Wildfire, March 2013 You re not alone : basics Leaders in Security LSEC, 2013, Public, p 50 Private & Confidential 25

38 LSEC - Leaders in Security dinsdag 15 oktober 2013 About Information Sharing? https://www.gov.uk/government/news/government-launchesinformation-sharing-partnership-on-cyber-security Leaders in Security LSEC, 2013, Public, p 51 You re not alone : Start Sharing Effective Cyber Threat Intelligence and Information Sharing Leaders in Security LSEC, 2013, for ACDC public, p 52 Private & Confidential 26

39 LSEC - Leaders in Security dinsdag 15 oktober 2013 Information Sharing? Information Sharing Leaders in Security LSEC, 2013, Public, p 53 ers/wp_verizon-incident-sharing-metricsframework_en_xg.pdf You re not alone : share facts Leaders in Security LSEC, 2013, Public, p 54 https://github.com/vz-risk/vcdb/issues Private & Confidential 27

40 LSEC - Leaders in Security dinsdag 15 oktober 2013 You re not alone : https://github.com/vz-risk/vcdb/issues/371 Leaders in Security LSEC, 2013, Public, p 55 Preliminary ACDC Results - impact Leaders in Security LSEC, 2013, for ACDC public, p 56 https://www.check-and-secure.com/completion/_de/index.html Private & Confidential 28

41 LSEC - Leaders in Security dinsdag 15 oktober 2013 Preliminary ACDC Results impact https://www.initiative-s.de/de/index.html Leaders in Security LSEC, 2013, for ACDC public, p 57 https://www.initiative-s.de/de/index.html Information Sharing ISACs : Sector approach Eg FS-ISAC, ISACs in NL Trusted entities established by CI/KR owners and operators. Comprehensive sector analysis Reach-within their sectors, with other sectors, and with government to share critical information All-hazards approach Threat level determination for sector Or CERT.BE Leaders in Security LSEC, 2013, Public, p 58 Private & Confidential 29

42 LSEC - Leaders in Security dinsdag 15 oktober 2013 FS-ISACS Model starting in Belgium Cyber & Physical alerts from 24/7 Security Ops Center Briefings/white papers Risk Mitigation Toolkit Document Repository Anonymous Submissions Committee Listservs Member surveys Bi-weekly Threat calls Special info sharing member conference calls Crisis Management process CMLT, CINS Semi-annual conferences Webinars Regional Program Viewpoints Leaders in Security LSEC, 2013, Public, p 59 Interested in finding out more? Cyber Security, challenging for ICT Security Industry & Research 2013, Monday October 21 st 2013 Prof. Jos Dumortier, ICRI : challenges related to the legal system and cyber crime Business Forensics : Real time monitoring & Adaptive Cyber Intelligence Reinder Wolthuis, TNO : Establishing an effective cyber security strategy Raj Samani, McAfee : evolutions of cyber threats from an ict industry perspective Prof. Bart Preneel, COSIC : challenges for engineering state of the art solutions Prof. Maire O Neil, CSIT : research experiences from the Centre of Information Technologies Agoria, Diamant, Reyerslaan 80 - Brussels Leaders in Security LSEC, 2013, Public, p 60 Private & Confidential 30

43 LSEC - Leaders in Security dinsdag 15 oktober 2013 About LSEC 1. Leaders In Security : a non-profit Flemish (vzw) association that aims to inform organizations and government on the evolutions and challenges of information security : 1. Data protection : protection of data, users, information and systems, 2. Security management : standards, legal, good practices 3. Tools and technologies : networking, encryption, virtualization 2. Over 120 members, e-security companies in Belgium, reaching out to more than ict professionals and security professionals 3. Coordinating and partnering in 8 international industry & research projects 4. More than 40 thought leading activities per year : 1. Seminars, discussions, trade shows, 2. with over 2000 documents (white papers, business cases, presentations, on information security related matters) 3. Regular news letters, invitations, discussion for a Visit for more information and documenation Leaders in Security LSEC, 2013, Private & Confidential, p 61 Creating Security Awareness 1. Publications 2. Seminars, Conferences, Workshops 3. International representation Leaders in Security LSEC, 2013, Private & Confidential, p 62 Private & Confidential 31

44 LSEC - Leaders in Security dinsdag 15 oktober 2013 Thought Leadership Leaders in Security LSEC, 2013, Private & Confidential, p Private & Confidential 32

45 LSEC - Leaders in Security dinsdag 15 oktober 2013 LSEC, Sirris & Agoria ICT : SaaSification support Leaders in Security LSEC, 2013, Private & Confidential Best practices, advisory and bootcamps to facilitate migration to cloud for companies with software related products and services Guidance on cloud providers, developments towards cloud, security mechanisms, strategic benefit Self-assessment for cloud readiness Formaling User Requirements, Defining Research Agenda Leaders in Security LSEC, 2013, Private & Confidential, p 66 Private & Confidential 33

46 LSEC - Leaders in Security dinsdag 15 oktober 2013 Cybersecurity, Privacy & Trustworthy ICT Innovations Innovation framework for security solutions & services Best practices on ICT security innovation development Guidance for ICT Security companies on new product & service development Leaders in Security LSEC, 2013, Private & Confidential NOT THE END More information, registration and follow-up Q or C Ulrich Seldeslachts Leaders in Security LSEC, 2013, Private & Confidential, p 68 Private & Confidential 34

47 Belgacom Cyber Security Incident Response October 2013 overview version 2.2 Belgacom CSIRT - confidential

48 cyber security incident response team agenda SDE&W 2012 Introduction CSIRT Mission CSIRT a closer look Organization Service objectives Incident types Examples CSIRT a standalone initiative? Timespan of events during a breach Sharing knowledge is strength ETIS EU CERT Network Q&A Belgacom CSIRT - confidential Slide 2

49 cyber security incident response team CERT activities in Europe SDE&W 2012 Belgacom CSIRT - confidential Slide 3

50 cyber security incident response team mission statement SDE&W 2012 The Belgacom CSIRT (BGC-CSIRT) provides information and assistance to reduce the risks of computer security incidents as well as responding effectively to such incidents when they occur. Belgacom CSIRT - confidential Slide 4

51 cyber security incident response team service objectives SDE&W Initial impact assessment & analysis of an information security incident (remote or on-site) 2. Contain (public) exposure in case of an information security incident 3. Provide technical support to the Belgacom Emergency Response Team (BERT) during the handling of an information security incident Belgacom CSIRT - confidential Slide 5

52 cyber security incident response team management support SDE&W 2012 A Group Information Security Steering Committee has been established in January Its purpose is to provide leadership in the protection of the Belgacom Group assets and technology. Committee membership includes representation of all business units: Products & Solutions Management Legal Customer ICT Customer Operations ICT Internal Audit Risk & Insurance Architecture, Programs & Project Office Network Engineering & Operations Group Strategy Group Human Resources A full authority is granted to the BGC-CSIRT to immediately mitigate the impact of an information security incident. Belgacom CSIRT - confidential Slide 6

53 cyber security incident response team incident categories SDE&W 2012 Belgacom CSIRT - confidential Slide 7

54 cyber security incident response team incident definitions severity 1 SDE&W 2012 Successful compromise with potentially elevated privileges. Successful compromise of multiple customer accounts (>20). Service attacks with significant impact on Belgacom operations. Vulnerabilities detected that are externally exploitable, without any in-depth knowledge. Massive disclosure of proprietary information. Widespread instances of malicious code on corporate assets. Active public impersonation of Belgacom or any of its brands. Detection of impairment of any security safeguard (high risk of exposure) Successful abuse of compromised customer equipment. Incident affecting critical systems or information with potential to be revenue or customer impacting. Severity 1 incident means that higher management (Permanent members of GISSC), Legal department, and External Communications get notified and updated on the incident. Belgacom CSIRT - confidential Slide 8

55 cyber security incident response team incidents by category overview 2012 SDE&W 2012 Belgacom CSIRT - confidential Slide 9

56

57 cyber security incident response team anonymous threat 15/06 SDE&W 2012 Anonymous threat to liberate the Belgian Internet on the 15 th of June Initial risk assessment made by Belgacom Cyber Security Incident Response Team in close collaboration with operational teams. Assessment got confirmed by the Belgian Federal Police (Computer Crime Unit). Operational readiness prepared on Internet backbone to detect and resist possible attacks towards critical infrastructure. Communications within Network Operations Center and Call Centers in case of any major event during the 15 th of June. Alarming configured and distributed throughout BGC-CSIRT core team and operational onduty personnel. Belgacom CSIRT - confidential Slide 11

58 cyber security incident response team anonymous unvealed? SDE&W 2012 Belgacom CSIRT - confidential Slide 12

59 cyber security incident response team it s not only banks SDE&W 2012 Belgacom CSIRT - confidential Slide 13

60 cyber security incident response team it s not always easy SDE&W 2012 belgacomfon.com belgacomfrance.com belacom.com belgacom-skynet.nl belgacomcloud.be belgacomnet.com belgacomskinet.net belgacomskynet.nl usersbelgacom.net belgacom.info belgacom.hu belgacombedanktu.com proximus.info wwwbelgacom.net proximus.nl wwwbelgacom.be begacom.net belgacom.cz wwwproximus.be belgacom.pro e-proximus.be belgacom.de myproximus.com adslbelgacom.com belgacom.pl Belgacom CSIRT - confidential Slide 14

61 cyber security incident response team it s not only SME SDE&W 2012 Belgacom CSIRT - confidential Slide 15

62 cyber security incident response team advanced persistent threat september 2013 SDE&W /09 Belgacom launches an important clean-up operation, after its security experts detected a digital intrusion in the internal IT-system. 16/09: Belgacom communicates proactively about the incident and how it has been managed. Investigating authorities & official institutions (e.g. Privacy Commission) respond positively to this approach. Many speculations in the media about the perpetrators & their motives: Belgacom sticks to the facts and continues to collaborate with judicial investigation. No indications whatsoever that customers or their data have been impacted. Belgacom further strengthens prevention with intensive and continuous monitoring of all ITsystems. No new elements at this stage, despite some rumors & wrong information leaked to the press. Belgacom has chosen to communicate transparently about this incident and will continue to do so in the future whenever needed. Bottom line, we were able to detect a highly sophisticated attack and we performed a successful clean-up. Moving forward, resisting this kind in intrusion will be a joined challenge for all stakeholders involved, both private and public, on a national & international level. Belgacom CSIRT - confidential Slide 16

63 belgacom cyber security incident response team a standalone initiative? Belgacom CSIRT - confidential

64 cyber security incident response team how long does it take? SDE&W 2012 Belgacom CSIRT - confidential Source: Verizon DBIR 2012 Slide 18

65 cyber security incident response team sharing knowledge is strength SDE&W 2012 telco intelligence reaching out to other peers what are successful practices, and which offer the best value for money which internal sources of information is everyone using, to build knowledge and intelligence about incidents and trends (eg SIEM, log correlation, ) which incidents are other CERT/SOC handling, and how can it help the others process & tooling what utilities are used, that could be shared and even possibly integrated which documented processes are used to handle incidents share experiences with any kind of tooling do s, don ts operational collaboration put processes in place, in order to be able to quickly respond to cross-border sector-wide incidents (eg conference bridge, etc) Bi-weekly conference calls to share intelligence on incidents Yearly face-to-face meetings Direct mobile contacts shared between CERT/CSIRT contacts (mandatory for participation) Belgacom CSIRT - confidential Slide 19

66 cyber security incident response team sharing knowledge is strength SDE&W 2012 Belgacom CSIRT - confidential Slide 20

67 Slide 21 cyber security incident response team questions? SDE&W 2012 Andy De Petter

68 APT, it hits us all! Experiences in targeted attacks Freddy Dezeure 16/10/2013

69 CERT-EU Set-up Created 6/2011 EU Institutions own CERT Supports 60+ entities (EU institutions, bodies, agencies) Small (16 people), specialised team Provides operational IT security support to its clients Cooperates closely with internal ITsec teams Specialised in targeted attacks Reports to inter-institutional Steering Board 2

70 CERT-EU Constituents Located in many different EU countries From users Different legal entities Cross-sectoral Government, foreign policy, embassies Banking, energy, pharmaceutical, chemical, food, telecom Maritime, rail and aviation safety Law enforcement (EUROPOL, FRONTEX, EUPOL) and justice Research, hi-tech, navigation (GALILEO), defence (EUMS, EDA) High-value targets

71 CERT-EU Partners - Peers

72 Announcements (News) CERT-EU webportal Sources Automatic gathering of information on threats and vulnerabilities Clustering of breaking news RSS enabled on all screens CERT-EU advisories and white papers

73 Services Constituents Constituents Constituents Constituents Front-end services Back-end services Initial services Prototype/future services Announcements (EMM) Alerts Incident Handling Incident Analysis CERT-EU Incident Response Support Incident Response Coordination Malware analysis Tech Watch Threat assessment Security Tools «Open» sources Websites Newsletter Blogs Forums etc Third Party Monitoring Services CERTs Gov CERTs NCIRC etc Constituents Information on incidents Specialised support CERTs Itsec companies Law enforcement etc

74 Statistics Alerts (Jan Sep) 400 Incident Response Coordination (Jan Sep) 11

75 Alerts Source of alert Clients 20% Other CERTs 20% Automated sources 60% Nature of alert Malicious s (spear phishing) Compromised systems Vulnerable systems (SQL, XSS) Leaked usernames / passwords DDOS 8

76 Incident response coordination Coordination of response to targeted attacks Provision of "internal" expertise to the constituent CERT-EU expertise and tools «On call» expertise in the constituency Liaison and coordination with third parties Other CERTs Specialist IT security companies On-site support if requested Constituent remains fully in charge 9

77 APT Challenges Adversary s persistence They know what they want and they pursue their goal They will repeatedly try to get in Once they re in they try to stay When you throw them out they will try to come back New intrusion and persistence techniques Unknown vulnerabilities (0-days) Changing malware signatures, polymorphous, individualised Changing C&C, dyndns, parking domains, individualised Usage of reputed sites (facebook, flickr, Twitter, blogs) for C&C Water holing sites

78 APT: difference in speed Initial infection almost impossible to avoid Take control over the infrastructure: 10 -> 48hours Detection: more than 1 year (or never) Remediation: 1-6 months 11

79 Initial infection

80 Proxy DC Server C&C

81 Infection Proxy DC Server C&C

82 Lateral move Proxy DC Server C&C

83 Access to corporate assets Proxy DC Server C&C

84 Access to corporate assets Proxy DC Server C&C

85 Detection A/V Multiple A/V systems HIDS Log analysis Detection of anomalous events (overnight activities, multiples interactive login attempts, unusual admin workstations etc.) User awareness Passive malevolence monitoring NIDS / IPS with private rules

86 Scoping Malware reversing Internal Scanning for IOCs in the network and systems (HIDS) Scanning for anomalous traffic Hits on the proxy/ids External Has anybody else seen this? No? -> You re on your own Yes? -> Multiply knowledge on IOCs What s the timeline Sinkholing

87 Pass the Hash Compromise a host Steal credentials using local admin or system rights (hashes or password in clear) Memory (SSO, running process, services, etc) Wait for interactive, local logon (incl. batch/services), create a need for troubleshooting, dump logon sessions Use the stolen credentials Depending on the privileges of the stolen credential, access: Other workstations, servers or Domain Controller DC: dump the Active Directory Use the password or pass-the-hash (network logon only) Repeat until you get the domain privileges Success within hours

88 Pass the Hash Lessons learnt Avoid WS to be contaminated Avoid contamination to spread Local admin rights for users Local admin passwords and functional passwords Interactive logon by help desk or system admin Measures on infrastructure and organisational level Don t give normal user extensive privileges Don t let privileged users run the risk of being contaminated Enforce the policies Microsoft white paper (Measures to be taken of information asset level as well) Risk assessment Segmentation

89 Pass the Hash Lessons learnt Production Domain(s) Admin Environment Power: Domain Controllers IPsec Domain Admins Data: Servers and Applications IPsec Threats: Internet Access: Users and Workstations Sensitive Server & Application Admins Management and Monitoring

FIRST Conference ISOC CARIS Workshop ACDC European Cyber Defence Pilot Experience

FIRST Conference ISOC CARIS Workshop ACDC European Cyber Defence Pilot Experience FIRST Conference ISOC CARIS Workshop ACDC European Cyber Defence Pilot Experience Ulrich Seldeslachts, Berlin, June 19th, 2015 Constantly Under Attack Avg Malicious Sessions / day per vertical Sources

More information

September 20, 2013 Senior IT Examiner Gene Lilienthal

September 20, 2013 Senior IT Examiner Gene Lilienthal Cyber Crime September 20, 2013 Senior IT Examiner Gene Lilienthal The following presentation are views and opinions of the speaker and does not necessarily reflect the views of the Federal Reserve Bank

More information

Cyber Security Metrics Dashboards & Analytics

Cyber Security Metrics Dashboards & Analytics Cyber Security Metrics Dashboards & Analytics Feb, 2014 Robert J. Michalsky Principal, Cyber Security NJVC, LLC Proprietary Data UNCLASSIFIED Agenda Healthcare Sector Threats Recent History Security Metrics

More information

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015 Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders

More information

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming

More information

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................

More information

Defending Against Data Beaches: Internal Controls for Cybersecurity

Defending Against Data Beaches: Internal Controls for Cybersecurity Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity

More information

Agenda. 3 2012, Palo Alto Networks. Confidential and Proprietary.

Agenda. 3 2012, Palo Alto Networks. Confidential and Proprietary. Agenda Evolution of the cyber threat How the cyber threat develops Why traditional systems are failing Need move to application controls Need for automation 3 2012, Palo Alto Networks. Confidential and

More information

Cybersecurity and internal audit. August 15, 2014

Cybersecurity and internal audit. August 15, 2014 Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices

More information

Microsoft s cybersecurity commitment

Microsoft s cybersecurity commitment Microsoft s cybersecurity commitment Published January 2015 At Microsoft, we take the security and privacy of our customers data seriously. This focus has been core to our culture for more than a decade

More information

IBM Security Strategy

IBM Security Strategy IBM Security Strategy Intelligence, Integration and Expertise Kate Scarcella CISSP Security Tiger Team Executive M.S. Information Security IBM Security Systems IBM Security: Delivering intelligence, integration

More information

How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz)

How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz) How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz) Domain.Local DC Client DomainAdmin Attack Operator Advise Protect Detect Respond

More information

Security strategies to stay off the Børsen front page

Security strategies to stay off the Børsen front page Security strategies to stay off the Børsen front page Steve Durkin, Channel Director for Europe, Q1 Labs, an IBM Company 1 2012 IBM Corporation Given the dynamic nature of the challenge, measuring the

More information

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave

More information

CYBER SECURITY INFORMATION SHARING & COLLABORATION

CYBER SECURITY INFORMATION SHARING & COLLABORATION Corporate Information Security CYBER SECURITY INFORMATION SHARING & COLLABORATION David N. Saul Senior Vice President & Chief Scientist 28 June 2013 Discussion Flow The Evolving Threat Environment Drivers

More information

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015 Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity

More information

Things To Do After You ve Been Hacked

Things To Do After You ve Been Hacked Problem: You ve been hacked! Now what? Solution: Proactive, automated incident response from inside the network Things To Do After You ve Been Hacked Tube web share It only takes one click to compromise

More information

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4) Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware

More information

End-user Security Analytics Strengthens Protection with ArcSight

End-user Security Analytics Strengthens Protection with ArcSight Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security

More information

10 Things Every Web Application Firewall Should Provide Share this ebook

10 Things Every Web Application Firewall Should Provide Share this ebook The Future of Web Security 10 Things Every Web Application Firewall Should Provide Contents THE FUTURE OF WEB SECURITY EBOOK SECTION 1: The Future of Web Security SECTION 2: Why Traditional Network Security

More information

CyberArk Privileged Threat Analytics. Solution Brief

CyberArk Privileged Threat Analytics. Solution Brief CyberArk Privileged Threat Analytics Solution Brief Table of Contents The New Security Battleground: Inside Your Network...3 Privileged Account Security...3 CyberArk Privileged Threat Analytics : Detect

More information

New challenges in Data privacy.

New challenges in Data privacy. New challenges in Data privacy. Zdravko Stoychev, CISM CRISC Information Security Officer Alpha Bank Bulgaria branch South East European Regional Forum on Cybersecurity and Cybercrime, 2013 11-13 Nov 2013

More information

IDENTITY & ACCESS. Privileged Identity Management. controlling access without compromising convenience

IDENTITY & ACCESS. Privileged Identity Management. controlling access without compromising convenience IDENTITY & ACCESS Privileged Identity Management controlling access without compromising convenience Introduction According to a recent Ponemon Institute study, mistakes made by people Privilege abuse

More information

Protecting Your Organisation from Targeted Cyber Intrusion

Protecting Your Organisation from Targeted Cyber Intrusion Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology

More information

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available

More information

Targeted Intrusion Remediation: Lessons From The Front Lines. Jim Aldridge

Targeted Intrusion Remediation: Lessons From The Front Lines. Jim Aldridge Targeted Intrusion Remediation: Lessons From The Front Lines Jim Aldridge All information is derived from MANDIANT observations in non-classified environments. Information has beensanitized where necessary

More information

ENISA s Study on the Evolving Threat Landscape. European Network and Information Security Agency

ENISA s Study on the Evolving Threat Landscape. European Network and Information Security Agency ENISA s Study on the Evolving Threat Landscape European Network and Information Security Agency Agenda Introduction to ENISA Preliminary remarks The ENISA report Major findings Conclusions 2 ENISA The

More information

Doyourwebsitebot defensesaddressthe changingthreat landscape?

Doyourwebsitebot defensesaddressthe changingthreat landscape? WHITEPAPER Doyourwebsitebot defensesaddressthe changingthreat landscape? Don tletbotsturnaminorincident intoamegasecuritybreach 1.866.423.0606 Executive Summary The website security threat landscape has

More information

Cloud and Critical Infrastructures how Cloud services are factored in from a risk perspective

Cloud and Critical Infrastructures how Cloud services are factored in from a risk perspective Cloud and Critical Infrastructures how Cloud services are factored in from a risk perspective Reaching the Cloud era in the EU Riga 16 June 2015 Jonathan Sage Government and Regulatory Affairs Cyber Security

More information

The webinar will begin shortly

The webinar will begin shortly The webinar will begin shortly An Introduction to Security Intelligence Presented by IBM Security Chris Ross Senior Security Specialist, IBM Security Agenda The Security Landscape An Introduction to Security

More information

Unknown threats in Sweden. Study publication August 27, 2014

Unknown threats in Sweden. Study publication August 27, 2014 Unknown threats in Sweden Study publication August 27, 2014 Executive summary To many international organisations today, cyber attacks are no longer a matter of if but when. Recent cyber breaches at large

More information

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED The FBI Cyber Program Bauer Advising Symposium October 11, 2012 Today s Agenda What is the threat? Who are the adversaries? How are they attacking you? What can the FBI do to help? What can you do to stop

More information

Country Case Study on Incident Management Capabilities CERT-TCC, Tunisia

Country Case Study on Incident Management Capabilities CERT-TCC, Tunisia Country Case Study on Incident Management Capabilities CERT-TCC, Tunisia Helmi Rais CERT-TCC Team Manager National Agency for Computer Security, Tunisia helmi.rais@ansi.tn helmi.rais@gmail.com Framework

More information

Security Intelligence Services. www.kaspersky.com

Security Intelligence Services. www.kaspersky.com Kaspersky Security Intelligence Services. Threat Intelligence Services www.kaspersky.com THREAT INTELLIGENCE SERVICES Tracking, analyzing, interpreting and mitigating constantly evolving IT security threats

More information

EU Threat Landscape Threat Analysis in Research ENISA Workshop Brussels 24th February 2015

EU Threat Landscape Threat Analysis in Research ENISA Workshop Brussels 24th February 2015 EU Threat Landscape Threat Analysis in Research ENISA Workshop Brussels 24th February 2015 Aristotelis Tzafalias Trust and Security Unit H.4 DG Connect European Commission Trust and Security: One Mission

More information

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth Modern Cyber Threats how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure Axel Wirth Healthcare Solutions Architect Distinguished Systems Engineer AAMI 2013 Conference

More information

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current

More information

RSA Security Analytics

RSA Security Analytics RSA Security Analytics This is what SIEM was Meant to Be 1 The Original Intent of SIEM Single compliance & security interface Compliance yes, but security? Analyze & prioritize alerts across various sources

More information

IBM Security re-defines enterprise endpoint protection against advanced malware

IBM Security re-defines enterprise endpoint protection against advanced malware IBM Security re-defines enterprise endpoint protection against advanced malware Break the cyber attack chain to stop advanced persistent threats and targeted attacks Highlights IBM Security Trusteer Apex

More information

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global

More information

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

defending against advanced persistent threats: strategies for a new era of attacks agility made possible defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been

More information

Evolving Threat Landscape

Evolving Threat Landscape Evolving Threat Landscape Briefing Overview Changing Threat Landscape Profile of the Attack Bit9 Solution Architecture Demonstartion Questions Growing Risks of Advanced Threats APT is on the rise 71% increase

More information

SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper. Safeguarding data through increased awareness

SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper. Safeguarding data through increased awareness SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper Safeguarding data through increased awareness November 2015 1 Contents Executive Summary 3 Introduction 4 Martime Security 5 Perimeters Breached

More information

Cyber - Security and Investigations. Ingrid Beierly August 18, 2008

Cyber - Security and Investigations. Ingrid Beierly August 18, 2008 Cyber - Security and Investigations Ingrid Beierly August 18, 2008 Agenda Visa Cyber - Security and Investigations Today s Targets Recent Attack Patterns Hacking Statistics (removed) Top Merchant Vulnerabilities

More information

Indian Computer Emergency Response Team (CERT-In) Annual Report (2010)

Indian Computer Emergency Response Team (CERT-In) Annual Report (2010) Indian Computer Emergency Response Team (CERT-In) Annual Report (2010) Indian Computer Emergency Response Team (CERT-In) Department of Information Technology Ministry of Communications & Information Technology

More information

Digital Evidence and Threat Intelligence

Digital Evidence and Threat Intelligence Digital Evidence and Threat Intelligence 09 November 2015 Mark Clancy CEO www.soltra.com @soltraedge External Threats Growing 117,339 incoming attacks every day The total number of security incidents detected

More information

Can We Become Resilient to Cyber Attacks?

Can We Become Resilient to Cyber Attacks? Can We Become Resilient to Cyber Attacks? Nick Coleman, Global Head Cyber Security Intelligence Services December 2014 Can we become resilient National Security, Economic Espionage Nation-state actors,

More information

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness Wayne A. Wheeler The Aerospace Corporation GSAW 2015, Los Angeles, CA, March 2015 Agenda Emerging cyber

More information

Incident Response. Proactive Incident Management. Sean Curran Director

Incident Response. Proactive Incident Management. Sean Curran Director Incident Response Proactive Incident Management Sean Curran Director Agenda Incident Response Overview 3 Drivers for Incident Response 5 Incident Response Approach 11 Proactive Incident Response 17 2 2013

More information

2012 Data Breach Investigations Report

2012 Data Breach Investigations Report 2012 Data Breach Investigations Report A study conducted by the Verizon RISK Team with cooperation from the Australian Federal Police, Dutch National High Tech Crime Unit, Irish Reporting & Information

More information

Marble & MobileIron Mobile App Risk Mitigation

Marble & MobileIron Mobile App Risk Mitigation Marble & MobileIron Mobile App Risk Mitigation SOLUTION GUIDE Enterprise users routinely expose their employers data and threaten network security by unknowingly installing malicious mobile apps onto their

More information

INDUSTRY OVERVIEW: HEALTHCARE

INDUSTRY OVERVIEW: HEALTHCARE ii IBM MSS INDUSTRY OVERVIEW: HEALTHCARE RESEARCH AND INTELLIGENCE REPORT RELEASE DATE: OCTOBER 7, 2014 BY: JOHN KUHN, SENIOR THREAT RESEARCHER iii TABLE OF CONTENTS EXECUTIVE OVERVIEW/KEY FINDINGS...

More information

Data Center Security in a World Without Perimeters

Data Center Security in a World Without Perimeters www.iss.net Data Center Security in a World Without Perimeters September 19, 2006 Dave McGinnis Director of MSS Architecture Agenda Securing the Data Center What threats are we facing? What are the risks?

More information

Endpoint Threat Detection without the Pain

Endpoint Threat Detection without the Pain WHITEPAPER Endpoint Threat Detection without the Pain Contents Motivated Adversaries, Too Many Alerts, Not Enough Actionable Information: Incident Response is Getting Harder... 1 A New Solution, with a

More information

Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities

Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities Protecting a business s IT infrastructure is complex. Take, for example, a retailer operating a standard multi-tier infrastructure

More information

Belgacom Security Convention. Tuesday 15 October 2013, Aula Magna, Louvain-la-Neuve

Belgacom Security Convention. Tuesday 15 October 2013, Aula Magna, Louvain-la-Neuve Belgacom Security Convention Tuesday 15 October 2013, Aula Magna, Louvain-la-Neuve Belgacom Security Convention Cloud and Security Bart Callens Product Manager ICT Security 10/17/2013 Slide 2 Agenda 13:30

More information

The Importance of Cybersecurity Monitoring for Utilities

The Importance of Cybersecurity Monitoring for Utilities The Importance of Cybersecurity Monitoring for Utilities www.n-dimension.com Cybersecurity threats against energy companies, including utilities, have been increasing at an alarming rate. A comprehensive

More information

Integrating MSS, SEP and NGFW to catch targeted APTs

Integrating MSS, SEP and NGFW to catch targeted APTs #SymVisionEmea #SymVisionEmea Integrating MSS, SEP and NGFW to catch targeted APTs Tom Davison Information Security Practice Manager, UK&I Antonio Forzieri EMEA Solution Lead, Cyber Security 2 Information

More information

Information Security Threat Trends

Information Security Threat Trends Talk @ Microsoft Security Day Sep 2005 Information Security Threat Trends Mr. S.C. Leung 梁 兆 昌 Senior Consultant 高 級 顧 問 CISSP CISA CBCP M@PISA Email: scleung@hkcert.org 香 港 電 腦 保 安 事 故 協 調 中 心 Introducing

More information

2012 Bit9 Cyber Security Research Report

2012 Bit9 Cyber Security Research Report 2012 Bit9 Cyber Security Research Report Table of Contents Executive Summary Survey Participants Conclusion Appendix 3 4 10 11 Executive Summary According to the results of a recent survey conducted by

More information

Privilege Gone Wild: The State of Privileged Account Management in 2015

Privilege Gone Wild: The State of Privileged Account Management in 2015 Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...

More information

Security & Threat Detection: Go Beyond Monitoring

Security & Threat Detection: Go Beyond Monitoring Copyright 2014 Splunk Inc. Security & Threat Detection: Go Beyond Monitoring Philip Sow, CISSP Sales Engineering Manager SEA Security: We have come a long way.. FIG 1: New Malware Sample Over Years Advanced

More information

UNCLASSIFIED. Briefing to Critical Infrastructure Sector Organizations on the Canadian Cyber Incident Response Centre (CCIRC)

UNCLASSIFIED. Briefing to Critical Infrastructure Sector Organizations on the Canadian Cyber Incident Response Centre (CCIRC) Briefing to Critical Infrastructure Sector Organizations on the Canadian Cyber Incident Response Centre (CCIRC) Cyber in the News 1 Tactics, Techniques and Procedures These observed tactics, techniques

More information

US-CERT Year in Review. United States Computer Emergency Readiness Team

US-CERT Year in Review. United States Computer Emergency Readiness Team US-CERT Year in Review United States Computer Emergency Readiness Team CY 2012 US-CERT Year in Review United States Computer Emergency Readiness Team CY 2012 What s Inside Welcome 1 Vison, Mission, Goals

More information

IBM Security Intelligence Strategy

IBM Security Intelligence Strategy IBM Security Intelligence Strategy Delivering Insight with Agility October 17, 2014 Victor Margina Security Solutions Accent Electronic 12013 IBM Corporation We are in an era of continuous breaches Operational

More information

Fighting Advanced Threats

Fighting Advanced Threats Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.

More information

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform WHITE PAPER Cloud-Based, Automated Breach Detection The Seculert Platform Table of Contents Introduction 3 Automatic Traffic Log Analysis 4 Elastic Sandbox 5 Botnet Interception 7 Speed and Precision 9

More information

Into the cybersecurity breach

Into the cybersecurity breach Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing

More information

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice Introduction There are numerous statistics published by security vendors, Government

More information

Addressing Cyber Risk Building robust cyber governance

Addressing Cyber Risk Building robust cyber governance Addressing Cyber Risk Building robust cyber governance Mike Maddison Partner Head of Cyber Risk Services The future of security The business environment is changing The IT environment is changing The cyber

More information

How Attackers are Targeting Your Mobile Devices. Wade Williamson

How Attackers are Targeting Your Mobile Devices. Wade Williamson How Attackers are Targeting Your Mobile Devices Wade Williamson Today s Agenda Brief overview of mobile computing today Understanding the risks Analysis of recently discovered malware Protections and best

More information

The Hillstone and Trend Micro Joint Solution

The Hillstone and Trend Micro Joint Solution The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry

More information

Contemporary Web Application Attacks. Ivan Pang Senior Consultant Edvance Limited

Contemporary Web Application Attacks. Ivan Pang Senior Consultant Edvance Limited Contemporary Web Application Attacks Ivan Pang Senior Consultant Edvance Limited Agenda How Web Application Attack impact to your business? What are the common attacks? What is Web Application Firewall

More information

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE

More information

Protecting against cyber threats and security breaches

Protecting against cyber threats and security breaches Protecting against cyber threats and security breaches IBM APT Survival Kit Alberto Benavente Martínez abenaventem@es.ibm.com IBM Security Services Jun 11, 2015 (Madrid, Spain) 12015 IBM Corporation So

More information

IBM X-Force 2012 Cyber Security Threat Landscape

IBM X-Force 2012 Cyber Security Threat Landscape IBM X-Force 2012 Cyber Security Threat Landscape 1 2012 IBM Corporation Agenda Overview Marketing & Promotion Highlights from the 2011 IBM X-Force Trend and Risk Report New attack activity Progress in

More information

Incident Response. Six Best Practices for Managing Cyber Breaches. www.encase.com

Incident Response. Six Best Practices for Managing Cyber Breaches. www.encase.com Incident Response Six Best Practices for Managing Cyber Breaches www.encase.com What We ll Cover Your Challenges in Incident Response Six Best Practices for Managing a Cyber Breach In Depth: Best Practices

More information

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix Cybercrime myths, challenges and how to protect our business Vladimir Kantchev Managing Partner Service Centrix Agenda Cybercrime today Sources and destinations of the attacks Breach techniques How to

More information

INDUSTRY OVERVIEW: FINANCIAL

INDUSTRY OVERVIEW: FINANCIAL ii IBM MSS INDUSTRY OVERVIEW: FINANCIAL RESEARCH AND INTELLIGENCE REPORT RELEASE DATE: NOVEMBER 5, 2014 BY: JOHN KUHN, SENIOR THREAT RESEARCHER iii TABLE OF CONTENTS EXECUTIVE OVERVIEW... 1 MAJOR FINANCIAL

More information

Identifying Cyber Risks and How they Impact Your Business

Identifying Cyber Risks and How they Impact Your Business 10 December, 2014 Identifying Cyber Risks and How they Impact Your Business David Bateman, Partner, K&L Gates, Seattle Sasi-Kanth Mallela, Special Counsel, K&L Gates, London Copyright 2013 by K&L Gates

More information

Next Generation IPS and Reputation Services

Next Generation IPS and Reputation Services Next Generation IPS and Reputation Services Richard Stiennon Chief Research Analyst IT-Harvest 2011 IT-Harvest 1 IPS and Reputation Services REPUTATION IS REQUIRED FOR EFFECTIVE IPS Reputation has become

More information

Are you prepared to be next? Invensys Cyber Security

Are you prepared to be next? Invensys Cyber Security Defense In Depth Are you prepared to be next? Invensys Cyber Security Sven Grone Critical Controls Solutions Consultant Presenting on behalf of Glen Bounds Global Modernization Consultant Agenda Cyber

More information

Privilege Gone Wild: The State of Privileged Account Management in 2015

Privilege Gone Wild: The State of Privileged Account Management in 2015 Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...

More information

Website Security: It s Not all About the Hacker Anymore

Website Security: It s Not all About the Hacker Anymore Website Security: It s Not all About the Hacker Anymore Mike Smart Sr. Manager, Products and Solutions Trust Services & Website Security Website Security 1 Website Security Challenges Evolving Web Use

More information

What legal aspects are needed to address specific ICT related issues?

What legal aspects are needed to address specific ICT related issues? What legal aspects are needed to address specific ICT related issues? Belhassen ZOUARI CEO, National Agency for Computer Security, Tunisia Head of the Tunisian Cert (tuncert), E-mail : b.zouari@ansi.tn

More information

Large Scale Breach Lessons Learned. September 2013

Large Scale Breach Lessons Learned. September 2013 Large Scale Breach Lessons Learned September 2013 1 A Comprehensive Approach to Advanced Threat Defense The threat landscape has changed Adversaries have the ability to develop customized, targeted, and

More information

Eight Essential Elements for Effective Threat Intelligence Management May 2015

Eight Essential Elements for Effective Threat Intelligence Management May 2015 INTRODUCTION The most disruptive change to the IT security industry was ignited February 18, 2013 when a breach response company published the first research that pinned responsibility for Advanced Persistent

More information

Imperva Cloud WAF. How to Protect Your Website from Hackers. Hackers. *Bots. Legitimate. Your Websites. Scrapers. Comment Spammers

Imperva Cloud WAF. How to Protect Your Website from Hackers. Hackers. *Bots. Legitimate. Your Websites. Scrapers. Comment Spammers How to Protect Your from Hackers Web attacks are the greatest threat facing organizations today. In the last year, Web attacks have brought down businesses of all sizes and resulted in massive-scale data

More information

Hunting for Indicators of Compromise

Hunting for Indicators of Compromise Hunting for Indicators of Compromise Lucas Zaichkowsky Mandiant Session ID: END-R31 Session Classification: Intermediate Agenda Threat brief Defensive strategy overview Hunting for Indicators of Compromise

More information

GOOD GUYS VS BAD GUYS: USING BIG DATA TO COUNTERACT ADVANCED THREATS. Joe Goldberg. Splunk. Session ID: SPO-W09 Session Classification: Intermediate

GOOD GUYS VS BAD GUYS: USING BIG DATA TO COUNTERACT ADVANCED THREATS. Joe Goldberg. Splunk. Session ID: SPO-W09 Session Classification: Intermediate GOOD GUYS VS BAD GUYS: USING BIG DATA TO COUNTERACT ADVANCED THREATS Joe Goldberg Splunk Session ID: SPO-W09 Session Classification: Intermediate About Me Joe Goldberg Current: Splunk - Security Evangelist

More information

A HELPING HAND TO PROTECT YOUR REPUTATION

A HELPING HAND TO PROTECT YOUR REPUTATION OVERVIEW SECURITY SOLUTIONS A HELPING HAND TO PROTECT YOUR REPUTATION CONTENTS INFORMATION SECURITY MATTERS 01 TAKE NOTE! 02 LAYERS OF PROTECTION 04 ON GUARD WITH OPTUS 05 THREE STEPS TO SECURITY PROTECTION

More information

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved. Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control

More information

Current Threat Scenario and Recent Attack Trends

Current Threat Scenario and Recent Attack Trends Current Threat Scenario and Recent Attack Trends Anil Sagar Additional Director Indian Computer Emergency Response Team (CERT-In) Objectives Current Cyber space Nature of cyberspace and associated risks

More information

All Information is derived from Mandiant consulting in a non-classified environment.

All Information is derived from Mandiant consulting in a non-classified environment. Disclaimer: All Information is derived from Mandiant consulting in a non-classified environment. Case Studies are representative of industry trends and have been derived from multiple client engagements.

More information

Advanced Persistent Threats

Advanced Persistent Threats Advanced Persistent Threats Craig Harwood Channel Manager SADC and Indian Ocean Islands 1 Agenda Introduction Today s Threat landscape What is an Advance persistent Threat How are these crimes perpetrated

More information

Cyber intelligence exchange in business environment : a battle for trust and data

Cyber intelligence exchange in business environment : a battle for trust and data Cyber intelligence exchange in business environment : a battle for trust and data Experiences of a cyber threat information exchange research project and the need for public private collaboration Building

More information

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799 Cyber Security An Executive Imperative for Business Owners SSE Network Services www.ssenetwork.com 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799 Pretecht SM by SSE predicts and remedies

More information

In the Cloud We Trust!

In the Cloud We Trust! In the Cloud We Trust! Dejan Cvetkovic CTO, Microsoft CEE ISACA, Athens, Greece, November 24 th, 2015 Agenda Compliance for Financial Services The Microsoft Approach to Compliance Risk Management and Threat

More information

RSA Security Anatomy of an Attack Lessons learned

RSA Security Anatomy of an Attack Lessons learned RSA Security Anatomy of an Attack Lessons learned Malcolm Dundas Account Executive John Hurley Senior Technology Consultant 1 Agenda Advanced Enterprise/ Threats The RSA Breach A chronology of the attack

More information

Executive Summary 3. Snowden and Retail Breaches Influencing Security Strategies 3. Attackers are on the Inside Protect Your Privileges 3

Executive Summary 3. Snowden and Retail Breaches Influencing Security Strategies 3. Attackers are on the Inside Protect Your Privileges 3 GLOBAL ADVANCED THREAT LANDSCAPE SURVEY 2014 TABLE OF CONTENTS Executive Summary 3 Snowden and Retail Breaches Influencing Security Strategies 3 Attackers are on the Inside Protect Your Privileges 3 Third-Party

More information