Stalking Hackers with Core Splunk. Derek Arnold, CISSP Senior Splunk Consultant
|
|
- Angel Barton
- 8 years ago
- Views:
Transcription
1 Stalking Hackers with Core Splunk Derek Arnold, CISSP Senior Splunk Consultant
2 Your Presenter Derek Arnold 12 years in security Enterprise IT Industries: Retail, medical tech, health insurance Specialties: Security operations, threat intelligence, physical security, SIEM Certified Splunk admin Yoga, Pilates, running
3 Agenda Threat Realization Anomaly Detection Windows Searches UNIX Searches Networking and Remote Desktop Searches Key Takeaways/Conclusion
4 THREAT REALIZATION Why beef up your detection?
5 Kevin Mitnick Robert has a sense that he understands how IT and network security people work, and it s not all that different from everyone else in the working world. The only way for them to notice [my going online] would have been going through the logs actively. His view of IT security people wasn t very flattering. People don t read logs every morning. When you get to your desk, you sit down, have a coffee, read a few Web sites of personal interest. You don t go in and read logs and see who changed their passwords yesterday. Source: Kevin Mitnick, The Art of Intrusion 5
6 2014 Retail Breaches White Paper In today s corporations, there are many attack alerts that may possibly overwhelm the staff s ability to react to them all. Companies must implement and maintain Security Information and Event Management (SIEM), define events of interest (EOI) and train staff to assess whether the EOI poses a serious threat. Ignoring an alert is like driving a car with the check engine light on because there are seemingly no other symptoms of a serious problem. Source: the-four-attack-vectors-to-prevent-or-detect-retailer-breaches 6
7 Sun Tzu If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle. Source: Sun Tzu, The Art of War, Ch. III 7
8 Reconnaissance Weaponization Delivery Exploitation Command and Control Exfiltration ANOMALY DETECTION Big word, big concept
9 Anomaly Detection In order to know what is abnormal, we need to know what is normal day historical profile required Shorten the dwell time You re using Universal Forwarder, RIGHT?
10 Universal Forwarder on Windows Harness the full capability Data sources: Windows event logs File system changes WMI-based data Windows registry data Host information Network information Use Cases File integrity monitoring: configuration files DNS resolution Downloads folders, temp folders, root folders Software installations Crashing processes, AV tampering Creation of new services Task scheduler activity More information
11 Reconnaissance Weaponization Delivery Exploitation Command and Control Exfiltration WINDOWS
12 Local Admin Usage (description) Who is using local admin instead of a specific administrative user? Risk of escalation of privilege. Who is making the change? Shouldn t they be using an ID trackable to a specific person? Does the job role of this employee match their privileges?
13 Local Admin Usage sourcetype="wineventlog:security" "Sid=S *-500"
14 Domain Admin Changes (description) Who is being added to the Windows domain admins group? Risk of escalation of privilege. Who is making the change? Does the job role of this employee match their privileges?
15 Domain Admin Changes (search) sourcetype=wineventlog:security Security_ID="YourDomain\ \DomainAdminADGroupName" (EventCode=4728 OR EventCode=632 OR EventCode=4729 OR EventCode=633) eval ChangedBy=mvindex(Security_ID,0) eval Member=mvindex(Security_ID,1) Adds/removes from W2k8 and W2k3 Assign variables for interesting fields eval DestinationGroup=mvindex(Security_ID,2) search DestinationGroup="YourDomain\\DomainAdminADGroupName" eval ActionTaken=if((EventCode=4729 OR EventCode=633), "A member was removed from a security-enabled global group.", ActionTaken) eval ActionTaken=if((EventCode=4728 OR EventCode=632), "A member was added to a security-enabled global group.", ActionTaken) Parse event codes and rename to friendly format Summarize activity in a table
16 Event Logs Cleared (description) After a threat actor has performed their task, wouldn t they try to clean up their tracks?
17 Event Logs Cleared (search) sourcetype=wineventlog:* (EventCode=1102 OR EventCode=517) LogName=Security table _time ComputerName EventCodeDescription Client_User_Name src_user Look for event logs cleared event codes Display the important info in a table
18 Suspicious Processes (description) Install malware using a name of a trusted process Can t install it in a system directory without sharing violation/system instability Look for trusted process names in non-standard folders
19 Suspicious Processes (search) sourcetype=wineventlog:security "new process has been created" eval Process_Name=coalesce(Image_File_Name,New_Process_Name) fields Message, Process_Name, User_Name, ComputerName search ((Process_Name=*cmd.exe NOT Process_Name="C:\\WINDOWS\\system32\\cmd.exe" NOT Process_Name="C:\\Windows\\SysWOW64\\cmd.exe" NOT Process_Name="C:\\Windows\\System32\ \inetsrv\\appcmd.exe" OR (Process_Name=*svchost.exe NOT Process_Name="C:\\WINDOWS\\system32\\svchost.exe") OR (Process_Name=*explorer.exe NOT Process_Name="C:\\WINDOWS\\explorer.exe") OR (Process_Name=*msiexec.exe NOT (Process_Name="C:\\WINDOWS\\system32\\msiexec.exe" OR Process_Name="C:\\Windows\\SysWOW64\\msiexec.exe")) OR (Process_Name=*taskmgr.exe NOT Process_Name="C:\\WINDOWS\\system32\\taskmgr.exe") OR (Process_Name=*at.exe NOT Process_Name="C:\\WINDOWS\\system32\\at.exe" NOT Process_Name="C:\\WINDOWS\\system32\\netstat.exe") OR (Process_Name=*gpupdate.exe NOT Process_Name="C:\\WINDOWS\\\system32\\gpupdate.exe") OR (Process_Name=*regedt32.exe NOT Process_Name="C:\\WINDOWS\\\system32\\regedt32.exe") OR (Process_Name=*iexplore.exe NOT Process_Name="C:\\Program Files (x86)\\internet Explorer\ \iexplore.exe" NOT Process_Name="C:\\Program Files\\Internet Explorer\\iexplore.exe") OR Process_Name="* *" OR Process_Name=*scvhost.exe OR Process_Name=*iexplorer.exe OR Process_Name=*svcdost.exe) Gather data fields Look for key system process names not running in their system folder Blank or misspelled
20 Reconnaissance Weaponization Delivery Exploitation Command and Control Exfiltration UNIX
21 UNIX Failed Logins sourcetype=unix_syslog ((failed password) OR (authentication failure) ) stats count by user host where count>2 sort - count Failed login attempts More than 2 failed attempts per user sorted by count
22 Reconnaissance Weaponization Delivery Exploitation Command and Control Exfiltration NETWORKING AND REMOTE DESKTOP
23 RDP Logins (description) Who is logging in remotely to servers? Do the logins match expected usage patterns? Time of day, departments, change records Does the job role of this employee match their privileges?
24 RDP Logins (search) sourcetype=wineventlog:security (EventCode=4624 OR EventCode=528) AND (Logon_Type=10) dedup Source_Network_Address dest Security_ID eval Security_ID=mvindex(Security_ID,1) table _time Security_ID Logon_Type Source_Network_Address Dest_Server Successful interactive logins Remove duplicates Formatting and table
25 FTP Outbound (description) Where are your files being sent? Do the filenames and destinations match expected business applications? Are the usernames a match to expected naming conventions?
26 FTP Outbound (search) sourcetype=cisco_asa FTP "Stored file" rex field=_raw "(?i)user (?P<user>.*) Stored file" rex field=_raw "(?i)stored file (?P<file>.*)" rex field=_raw "(?i):(?p<src_ip>\d{1,3}\.\d{1,3}\.\d{1,3}\. \d{1,3}+)/" rex field=_raw "(?i):(?p<dest_ip>\d{1,3}\.\d{1,3}\.\d{1,3}\. \d{1,3}+)/21" search NOT dest_ip= /8 NOT dest_ip= /12 geoip dest_ip fields - dest_ip_latitude, dest_ip_longitude, dest_ip_postal_code, dest_ip_region_name, dest_ip_country_code, dest_ip_country_name, dest_ip_city rename geo_info AS dest_ip_geo_info eval time=strftime(_time, "%m/%d %H:%M:%S") stats values(time) AS Time values(user) AS Username values(file) AS Filename values(dest_ip) AS dest_ip values(dest_ip_geo_info) AS "Dest IP Geo info" by src_ip File upload Extract user, file, source and dest Outbound activity only Get geolocation of dest and timestamp For format and clarity
27 KEY TAKEAWAYS/CONCLUSION
28 Key Takeaways/Conclusion Know Your Environment Understand the kill chain theory Baseline the past days of activity Search and alert on anomalies Tune continuously
29 Learn, share and hack Security office hours: 11:00 AM 2: Everyday Geek out, share ideas with Enterprise Security developers Red Team / Blue Team - Challenge your skills and learn new tricks Mon-Wed: 3:00 PM 6:00 Community Lounge Thurs: 11:00 AM 2:00 PM Birds of a feather- Collaborate and brainstorm with security ninjas Thurs: 12:00 PM 1:00 Room 2
30 Derek Arnold th Street, Suite 1700, Denver, CO
Speaker Info Tal Be ery
Battlefield Network Speaker Info Tal Be ery Senior Security Research Manager @Microsoft Former VP for Research @Aorato (Acquire by Microsoft) 15 years of security research Author of the TIME attack on
More informationSoftware that provides secure access to technology, everywhere.
Software that provides secure access to technology, everywhere. Joseph Patrick Schorr @JoeSchorr October, 2015 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 1 Agenda What are we dealing with? How
More informationEITC Lessons Learned: Building Our Internal Security Intelligence Capability
EITC Lessons Learned: Building Our Internal Security Intelligence Capability SESSION ID: SEC-W08 Tamer El Refaey Senior Director, Security Monitoring and Operations Emirates Integrated Telecommunications
More informationWINDOWS SPLUNK LOGGING CHEAT SHEET - Win 7 - Win2012
This Windows Splunk Logging Cheat Sheet is intended to help you get started setting up Splunk reports and alerts for the most critical Windows security related events. By no means is this list extensive;
More informationDYNAMIC DNS: DATA EXFILTRATION
DYNAMIC DNS: DATA EXFILTRATION RSA Visibility Reconnaissance Weaponization Delivery Exploitation Installation C2 Action WHAT IS DATA EXFILTRATION? One of the most common goals of malicious actors is to
More informationRSA Security Anatomy of an Attack Lessons learned
RSA Security Anatomy of an Attack Lessons learned Malcolm Dundas Account Executive John Hurley Senior Technology Consultant 1 Agenda Advanced Enterprise/ Threats The RSA Breach A chronology of the attack
More informationSecurity OperaCons with Splunk App for Enterprise Security
Copyright 2014 Splunk Inc. Security OperaCons with Splunk App for Enterprise Security David Casey, Vice President, IT Security OperaCons Manager Flagstar Bank Disclaimer During the course of this presentacon,
More informationProtecting Your Data From The Inside Out UBA, Insider Threats and Least Privilege in only 10 minutes!
We protect your most sensitive information from insider threats. Protecting Your Data From The Inside Out UBA, Insider Threats and Least Privilege in only 10 minutes! VARONIS SYSTEMS About Me Dietrich
More informationWhite Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES. By James Christiansen, VP, Information Risk Management
White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES By James Christiansen, VP, Information Risk Management Executive Summary Security breaches in the retail sector are becoming more
More informationAfter the Attack. The Transformation of EMC Security Operations
After the Attack The Transformation of EMC Security Operations Thomas Wood Senior Systems Engineer, GSNA CISSP RSA, The Security Division of EMC Thomas.WoodJr@rsa.com 1 Agenda Review 2011 Attack on RSA
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationTHE OPEN UNIVERSITY OF TANZANIA
THE OPEN UNIVERSITY OF TANZANIA Institute of Educational and Management Technologies COURSE OUTLINES FOR DIPLOMA IN COMPUTER SCIENCE 2 nd YEAR (NTA LEVEL 6) SEMESTER I 06101: Advanced Website Design Gather
More informationSmarter Security for Smarter Local Government. Craig Sargent, Solutions Specialist
Smarter Security for Smarter Local Government Craig Sargent, Solutions Specialist SUMMARY 1 Trustwave and SpiderLabs 2 Penetration Testing 3 Web Application Firewall (WAF) 4 Security Information & Event
More informationCyber Security Metrics Dashboards & Analytics
Cyber Security Metrics Dashboards & Analytics Feb, 2014 Robert J. Michalsky Principal, Cyber Security NJVC, LLC Proprietary Data UNCLASSIFIED Agenda Healthcare Sector Threats Recent History Security Metrics
More informationDetecting Threats Via Network Anomalies. Paul Martini Cofounder and CEO iboss Cybersecurity
Detecting Threats Via Network Anomalies Paul Martini Cofounder and CEO iboss Cybersecurity Why is Anomaly Detection Important? Largest enterprises with the biggest investment in prevention are still getting
More informationLivezilla How to Install on Shared Hosting http://www.jonathanmanning.com By: Jon Manning
Livezilla How to Install on Shared Hosting By: Jon Manning This is an easy to follow tutorial on how to install Livezilla 3.2.0.2 live chat program on a linux shared hosting server using cpanel, linux
More informationThe Essentials Series. PCI Compliance. sponsored by. by Rebecca Herold
The Essentials Series PCI Compliance sponsored by by Rebecca Herold Using PCI DSS Compliant Log Management to Identify Attacks from Outside the Enterprise...1 Outside Attacks Impact Business...1 PCI DSS
More informationStop the Maelstrom: Using Endpoint Sensor Data in a SIEM to Isolate Threats
Stop the Maelstrom: Using Endpoint Sensor Data in a SIEM to Isolate Threats Jody C. Patilla The Johns Hopkins University Session ID: TECH-107 Session Classification: Intermediate Objectives Get more out
More informationRSA Security Analytics
RSA Security Analytics This is what SIEM was Meant to Be 1 The Original Intent of SIEM Single compliance & security interface Compliance yes, but security? Analyze & prioritize alerts across various sources
More informationConcierge SIEM Reporting Overview
Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts
More informationGOOD GUYS VS BAD GUYS: USING BIG DATA TO COUNTERACT ADVANCED THREATS. Joe Goldberg. Splunk. Session ID: SPO-W09 Session Classification: Intermediate
GOOD GUYS VS BAD GUYS: USING BIG DATA TO COUNTERACT ADVANCED THREATS Joe Goldberg Splunk Session ID: SPO-W09 Session Classification: Intermediate About Me Joe Goldberg Current: Splunk - Security Evangelist
More informationIIS, FTP Server and Windows
IIS, FTP Server and Windows The Objective: To setup, configure and test FTP server. Requirement: Any version of the Windows 2000 Server. FTP Windows s component. Internet Information Services, IIS. Steps:
More informationHow to use FTP Commander
FTP (File Transfer Protocol) software can be used to upload files and complete folders to your web server. On the web, there are a number of free FTP programs that can be downloaded and installed onto
More informationSecurity & Threat Detection: Go Beyond Monitoring
Copyright 2014 Splunk Inc. Security & Threat Detection: Go Beyond Monitoring Philip Sow, CISSP Sales Engineering Manager SEA Security: We have come a long way.. FIG 1: New Malware Sample Over Years Advanced
More informationBREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT
BREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT Rashmi Knowles RSA, The Security Division of EMC Session ID: Session Classification: SPO-W07 Intermediate APT1 maintained access to
More informationSecurity Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?
Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis? This paper presents a scenario in which an attacker attempts to hack into the internal network
More informationCybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix
Cybercrime myths, challenges and how to protect our business Vladimir Kantchev Managing Partner Service Centrix Agenda Cybercrime today Sources and destinations of the attacks Breach techniques How to
More informationFive Steps to Improve Internal Network Security. Chattanooga ISSA
Five Steps to Improve Internal Network Security Chattanooga ISSA 1 Find Me AverageSecurityGuy.info @averagesecguy stephen@averagesecurityguy.info github.com/averagesecurityguy ChattSec.org 2 Why? The methodical
More informationUsing Internet or Windows Explorer to Upload Your Site
Using Internet or Windows Explorer to Upload Your Site This article briefly describes what an FTP client is and how to use Internet Explorer or Windows Explorer to upload your Web site to your hosting
More informationWordPress Security Scan Configuration
WordPress Security Scan Configuration To configure the - WordPress Security Scan - plugin in your WordPress driven Blog, login to WordPress as administrator, by simply entering the url_of_your_website/wp-admin
More informationSECURING YOUR REMOTE DESKTOP CONNECTION
White Paper SECURING YOUR REMOTE DESKTOP CONNECTION HOW TO PROPERLY SECURE REMOTE ACCESS 2015 SecurityMetrics SECURING YOUR REMOTE DESKTOP CONNECTION 1 SECURING YOUR REMOTE DESKTOP CONNECTION HOW TO PROPERLY
More informationWHITEPAPER. How a DNS Firewall Helps in the Battle against Advanced Persistent Threat and Similar Malware
WHITEPAPER How a DNS Firewall Helps in the Battle against Advanced Persistent Threat and Similar Malware How a DNS Firewall Helps in the Battle against Advanced As more and more information becomes available
More informationA New Perspective on Protecting Critical Networks from Attack:
Whitepaper A New Perspective on Protecting Critical Networks from Attack: Why the DoD Uses Advanced Network-traffic Analytics to Secure its Network 2014: A Year of Mega Breaches A Ponemon Study published
More informationAdvanced SOC Design. Next Generation Security Operations. Shane Harsch Senior Solutions Principal, MBA GCED CISSP RSA
Advanced SOC Design Next Generation Security Operations Shane Harsch Senior Solutions Principal, MBA GCED CISSP RSA 1 ! Why/How security investments need to shift! Key functions of a Security Operations
More informationEffective Use of Security Event Correlation
Effective Use of Security Event Correlation Mark G. Clancy Chief Information Security Officer The Depository Trust & Clearing Corporation DTCC Non-Confidential (White) About DTCC DTCC provides custody
More informationNet Protector Admin Console
Net Protector Admin Console USER MANUAL www.indiaantivirus.com -1. Introduction Admin Console is a Centralized Anti-Virus Control and Management. It helps the administrators of small and large office networks
More informationWhite Paper. PCI Guidance: Microsoft Windows Logging
PCI Guidance: Microsoft Windows Logging Table of Contents Introduction...3 This white paper was written by: Cayce Beames, CISSP, QSA, Technical Practice Director, Strategic Services, Intel Security Preparation
More informationAlert Notification of Critical Results (ANCR) Public Domain Deployment Instructions
Alert Notification of Critical Results (ANCR) Public Domain Deployment Instructions Server Prerequisites Internet Information Server (IIS). It may be enabled in Windows Features (see Enabling IIS section).
More informationUser Guide. Version R91. English
AuthAnvil User Guide Version R91 English August 25, 2015 Agreement The purchase and use of all Software and Services is subject to the Agreement as defined in Kaseya s Click-Accept EULATOS as updated from
More informationCovert Operations: Kill Chain Actions using Security Analytics
Covert Operations: Kill Chain Actions using Security Analytics Written by Aman Diwakar Twitter: https://twitter.com/ddos LinkedIn: http://www.linkedin.com/pub/aman-diwakar-ccie-cissp/5/217/4b7 In Special
More informationVoipSwitch Security Audit
VoipSwitch Security Audit Security audit was made at 1 st January 2013 (3.00 PM 10.00 PM UTC +1) by John Doe who is Security Advisor at VoipSwitch Company. Server's IP address : 11.11.11.11 Server has
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationWorkflow Templates Library
Workflow s Library Table of Contents Intro... 2 Active Directory... 3 Application... 5 Cisco... 7 Database... 8 Excel Automation... 9 Files and Folders... 10 FTP Tasks... 13 Incident Management... 14 Security
More informationIntrusion Along the Kill Chain
Intrusion Along the Kill Chain Part I: On the State of things Intrusion detection systems have been around for almost two decades as a way to attempt to fill in the gap for when preventative security fails.
More informationDiscovering Threats by Monitoring Behaviors on Endpoints
Discovering Threats by Monitoring Behaviors on Endpoints Michael Kemmerer Cybersecurity Engineer, The MITRE Corporation Approved for Public Release; Distribution Unlimited. Case Number 14-2948 2 Introduction
More informationIntel Security Certified Product Specialist Security Information Event Management (SIEM)
Intel Security Certified Product Specialist Security Information Event Management (SIEM) Why Get Intel Security Certified? As technology and security threats continue to evolve, organizations are looking
More informationHacking the WordpressEcosystem
Hacking the WordpressEcosystem About Me Dan Catalin VASILE Information Security Consultant Researcher / Writer / Presenter OWASP Romania Board Member Online presence http://www.pentest.ro dan@pentest.ro/
More informationAdvanced Persistent Threats
Advanced Persistent Threats Craig Harwood Channel Manager SADC and Indian Ocean Islands 1 Agenda Introduction Today s Threat landscape What is an Advance persistent Threat How are these crimes perpetrated
More informationSIEM Optimization 101. ReliaQuest E-Book Fully Integrated and Optimized IT Security
SIEM Optimization 101 ReliaQuest E-Book Fully Integrated and Optimized IT Security Introduction SIEM solutions are effective security measures that mitigate security breaches and increase the awareness
More informationNOTE: Please refer to the LinkNavigator CD-ROM s IP Setup Utility if you do not know the LinkStation s IP Address or Host Name.
FTP Setup Guide This guide will assist you in setting up the FTP Server on Buffalo s LinkStation product. Instructions to setup anonymous and password protected (registered user) FTP Servers will be shown
More informationProtect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities
Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities Protecting a business s IT infrastructure is complex. Take, for example, a retailer operating a standard multi-tier infrastructure
More informationConfigure Backup Server for Cisco Unified Communications Manager
Configure Backup Server for Cisco Unified Communications Manager Document ID: 110309 Contents Introduction Prerequisites Requirements Components Used Conventions Configure a Backup Server for Cisco Unified
More informationIBM Security QRadar SIEM Version 7.1.0 MR1. Log Sources User Guide
IBM Security QRadar SIEM Version 7.1.0 MR1 Log Sources User Guide Note: Before using this information and the product that it supports, read the information in Notices and Trademarks on page 108. Copyright
More informationSecurity Information & Event Management (SIEM)
Security Information & Event Management (SIEM) Peter Helms, Senior Sales Engineer, CISA, CISSP September 6, 2012 1 McAfee Security Connected 2 September 6, 2012 Enterprise Security How? CAN? 3 Getting
More informationEmerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA
Emerging Network Security Threats and what they mean for internal auditors December 11, 2013 John Gagne, CISSP, CISA 0 Objectives Emerging Risks Distributed Denial of Service (DDoS) Attacks Social Engineering
More informationGlobal Image Management System For epad-vision. User Manual Version 1.10
Global Image Management System For epad-vision User Manual Version 1.10 May 27, 2015 Global Image Management System www.epadlink.com 1 Contents 1. Introduction 3 2. Initial Setup Requirements 3 3. GIMS-Server
More informationHP ArcSight User Behavior Analytics
Insider Threat HP ArcSight User Behavior Analytics Application Misuse Sensitive Data Access Hakan Durgut ArcSight Specialist Nordics/Baltics 1 The insider threat challenge IT Security focus in on the external
More informationCONTINUOUS MONITORING THE MISSING PIECE TO SECURITY OPERATION (SOC) TODAY
CONTINUOUS MONITORING THE MISSING PIECE TO SECURITY OPERATION (SOC) TODAY MATTHIAS YEO Chief Technology Officer - APAC CISSP, CISA, CISM, PMP 1 OVER REACTING VS UNDER REACTING Reason for the world today
More informationPineApp Surf-SeCure Quick
PineApp Surf-SeCure Quick Installation Guide September 2010 WEB BASED INSTALLATION SURF-SECURE AS PROXY 1. Once logged in, set the appliance s clock: a. Click on the Edit link under Time-Zone section.
More informationSPEAR PHISHING UNDERSTANDING THE THREAT
SPEAR PHISHING UNDERSTANDING THE THREAT SEPTEMBER 2013 Due to an organisation s reliance on email and internet connectivity, there is no guaranteed way to stop a determined intruder from accessing a business
More informationAlienVault Unified Security Management Solution Complete. Simple. Affordable Life Cycle of a log
Complete. Simple. Affordable Copyright 2014 AlienVault. All rights reserved. AlienVault, AlienVault Unified Security Management, AlienVault USM, AlienVault Open Threat Exchange, AlienVault OTX, Open Threat
More informationMarble & MobileIron Mobile App Risk Mitigation
Marble & MobileIron Mobile App Risk Mitigation SOLUTION GUIDE Enterprise users routinely expose their employers data and threaten network security by unknowingly installing malicious mobile apps onto their
More informationSmall Business Server Part 2
Small Business Server Part 2 Presented by : Robert Crane BE MBA MCP director@ciaops.com Computer Information Agency http://www.ciaops.com Agenda Week 1 What is SBS / Setup Week 2 Using & configuring SBS
More informationBreach Findings for Large Merchants. 28 January 2015 Glen Jones Cyber Intelligence and Investigation Lester Chan Payment System Security
Breach Findings for Large Merchants 28 January 2015 Glen Jones Cyber Intelligence and Investigation Lester Chan Payment System Security Disclaimer The information or recommendations contained herein are
More informationSecret Server Qualys Integration Guide
Secret Server Qualys Integration Guide Table of Contents Secret Server and Qualys Cloud Platform... 2 Authenticated vs. Unauthenticated Scanning... 2 What are the Advantages?... 2 Integrating Secret Server
More informationComprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)
Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware
More informationdefending against advanced persistent threats: strategies for a new era of attacks agility made possible
defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been
More informationEnterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: Large organizations have spent millions of dollars on security
More informationQuick Start Guide. Hosting Your Domain
Quick Start Guide Hosting Your Domain http://www.names.co.uk/support/ Table of Contents Web Hosting... 3 FTP (File Transfer Protocol)... 3 File Manager... 6 SiteMaker... 7 2 Please keep these documents
More information1. How do I access my VPS control panel?
VPS Business FAQ Section 1: Installation...2 1. How do I access my VPS control panel?...2 2. How do I access my Windows VPS?...6 3. How do I access my Linux VPS?...8 Section 2: using a VPS...9 4. How to
More informationLocking down a Hitachi ID Suite server
Locking down a Hitachi ID Suite server 2016 Hitachi ID Systems, Inc. All rights reserved. Organizations deploying Hitachi ID Identity and Access Management Suite need to understand how to secure its runtime
More informationBridging the gap between COTS tool alerting and raw data analysis
Article Bridging the gap between COTS tool alerting and raw data analysis An article on how the use of metadata in cybersecurity solutions raises the situational awareness of network activity, leading
More informationSIEM is only as good as the data it consumes
SIEM is only as good as the data it consumes Key Themes The traditional Kill Chain model needs to be updated due to the new cyber landscape A new Kill Chain for detection of The Insider Threat needs to
More informationTop Five Data Security Trends Impacting Franchise Operators. Payment System Risk September 29, 2009
Top Five Data Security Trends Impacting Franchise Operators Payment System Risk September 29, 2009 Top Five Data Security Trends Agenda Data Security Environment Compromise Overview and Attack Methods
More informationTUT8173 Best Practices for Security Monitoring in Distributed Environments November 2014
TUT8173 Best Practices for Security Monitoring in Distributed Environments November 2014 Chris Patzer ZF Norbert Klasen NetIQ Agenda Sentinel Deployment Scenarios Case Study: ZF Lessons Learned 2 Infrastructure
More informationSophos Anti-Virus for Mac OS X Help
Sophos Anti-Virus for Mac OS X Help For networked and standalone Macs running Mac OS X Product version: 9 Document date: June 2013 Sophos TOC 3 Contents About Sophos Anti-Virus...5 About the Scans window...5
More informationSophos Enterprise Console Help. Product version: 5.1 Document date: June 2012
Sophos Enterprise Console Help Product version: 5.1 Document date: June 2012 Contents 1 About Enterprise Console...3 2 Guide to the Enterprise Console interface...4 3 Getting started with Sophos Enterprise
More informationThe Incident Response Playbook for Android and ios
SESSION ID: AIR-W03R The Incident Response Playbook for Android and ios Andrew Hoog CEO and Co-founder NowSecure @ahoog42 @NowSecureMobile Andrew Hoog Author of three books Incident Response for Android
More informationAre you worthy? The Laws of Privileged Account Management
SESSION ID: IDY-901 Are you worthy? The Laws of Privileged Account Management SPEAKER: Jackson Shaw @JacksonShaw Sr. Director, Product Management, IAM Dell Security Solutions Jackson.Shaw@software.dell.com
More informationNixu SNS Security White Paper May 2007 Version 1.2
1 Nixu SNS Security White Paper May 2007 Version 1.2 Nixu Software Limited Nixu Group 2 Contents 1 Security Design Principles... 3 1.1 Defense in Depth... 4 1.2 Principle of Least Privilege... 4 1.3 Principle
More informationGood Guys vs. the Bad Guys: Can Big Data Tools Counteract Advanced Threats?
Good Guys vs. the Bad Guys: Can Big Data Tools Counteract Advanced Threats? Will Froning, Information Security Manager, American University of Sharjah Mark Seward, Senior Director, Security and Compliance
More informationRBackup Server Installation and Setup Instructions and Worksheet. Read and comply with Installation Prerequisites (In this document)
RBackup Server Installation and Setup Instructions and Worksheet Fill out the Installation Worksheet. (In this document) Read and comply with Installation Prerequisites (In this document) Review the Partner
More informationEvolving Threat Landscape
Evolving Threat Landscape Briefing Overview Changing Threat Landscape Profile of the Attack Bit9 Solution Architecture Demonstartion Questions Growing Risks of Advanced Threats APT is on the rise 71% increase
More informationGlobal TAC Secure FTP Site Customer User Guide
Global TAC Secure FTP Site Customer User Guide Introduction This guide is provided to assist you in using the GTAC Secure FTP site. This site resides in the Houston Remote Services Center (RSC), and is
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationIntruPro TM IPS. Inline Intrusion Prevention. White Paper
IntruPro TM IPS Inline Intrusion Prevention White Paper White Paper Inline Intrusion Prevention Introduction Enterprises are increasingly looking at tools that detect network security breaches and alert
More informationMICROSOFT WINDOWS SERVER8 ADMINISTRATION
MICROSOFT WINDOWS SERVER8 ADMINISTRATION ESSENTIALS Tom Carpenter WILEY John Wiley & Sons, Inc. Contents Introduction xix Chapter 1 Windows Server Overview 1 Introducing Servers 1 Understanding Server
More informationSetting Up Scan to SMB on TaskALFA series MFP s.
Setting Up Scan to SMB on TaskALFA series MFP s. There are three steps necessary to set up a new Scan to SMB function button on the TaskALFA series color MFP. 1. A folder must be created on the PC and
More informationFTP Service Reference
IceWarp Server FTP Service Reference Version 10 Printed on 12 August, 2009 i Contents FTP Service 1 V10 New Features... 2 FTP Access Mode... 2 FTP Synchronization... 2 FTP Service Node... 3 FTP Service
More informationOpen Directory. Contents. Before You Start 2. Configuring Rumpus 3. Testing Accessible Directory Service Access 4. Specifying Home Folders 4
Contents Before You Start 2 Configuring Rumpus 3 Testing Accessible Directory Service Access 4 Specifying Home Folders 4 Open Directory Groups 6 Maxum Development Corp. Before You Start Open Directory
More informationPRiSM Security. Configuration and considerations
PRiSM Security Configuration and considerations Agenda Security overview Authentication Adding a User Security Groups Security Roles Asset Roles Security Overview Three Aspects of Security Authentication
More informationHow to Use Remote Access Using Internet Explorer
Introduction Welcome to the Mount s Remote Access service. The following documentation is intended to assist first time or active users with connecting, authenticating and properly logging out of Remote
More informationRSA Security Analytics the complete approach to security monitoring or how to approach advanced threats
RSA Security Analytics the complete approach to security monitoring or how to approach advanced threats Grzegorz Mucha grzegorz.mucha@rsa.com Advanced Threats Threat Landscape Criminals Petty criminals
More informationWhy The Security You Bought Yesterday, Won t Save You Today
9th Annual Courts and Local Government Technology Conference Why The Security You Bought Yesterday, Won t Save You Today Ian Robertson Director of Information Security Michael Gough Sr. Risk Analyst About
More informationAlienVault. Unified Security Management (USM) 5.x Policy Management Fundamentals
AlienVault Unified Security Management (USM) 5.x Policy Management Fundamentals USM 5.x Policy Management Fundamentals Copyright 2015 AlienVault, Inc. All rights reserved. The AlienVault Logo, AlienVault,
More informationAdvantage for Windows Copyright 2012 by The Advantage Software Company, Inc. All rights reserved. Client Portal blue Installation Guide v1.
Advantage for Windows Copyright 2012 by The Advantage Software Company, Inc. All rights reserved Client Portal blue Installation Guide v1.1 Overview This document will walk you through the process of installing
More informationIntroduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec
Introduction Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec More than 20 years of experience in cybersecurity specializing
More information10 Best Practices to Protect Your Network presented by Saalex Information Technology and Citadel Group
10 Best Practices to Protect Your Network presented by Saalex Information Technology and Citadel Group Presented by: Michael Flavin and Stan Stahl Saalex Information Technology Overview Saalex Information
More information2012 North Dakota Information Technology Security Audit Vulnerability Assessment and Penetration Testing Summary Report
2012 North Dakota Information Technology Security Audit Vulnerability Assessment and Penetration Testing Summary Report 28 September 2012 Submitted to: Donald Lafleur IS Audit Manager ND State Auditor
More information