Security as a Service
|
|
- Georgia Woods
- 8 years ago
- Views:
Transcription
1 Security as a Service 360 Living Security Assessment Why Traditional Security Assessments Are Failing To Keep Up Professional Services Whitepaper April 2014 Craig D'Abreo, CISSP GCIH Vice President - Masergy Professional Services
2 Contents Introduction... 2 Case Study Synopsis... 2 Issues With Traditional Assessments... 3 There Is A Better Way: 360 Living Security Assessment... 6 A Practical Application Case Study: Data Integration At Various Layers Conclusion Introduction With the proliferation of sophisticated modern malware distribution methods and a sharp increase in data breaches across a variety of global industries as a direct result of these infection methods, a new generation of security assessment technique have evolved that positively identifies these targeted attacks and helps organizations protect their critical assets. This white paper describes the problems with traditional security assessments and explain the holistic methodology this sophisticated class of integrated assessment technology utilizes to test for, identify sources of data leakage, block and remediate security incidents across an enterprise. Case Study Synopsis The following case-study is an example of one of the many information security incidents that occurs on a daily basis across the globe that is devastating to an organizations' reputation and business as a result of a simple yet sophisticated set of attacks to which most companies are susceptible: A security breach has been identified by a 3 rd party provider and the victim organization (a defense contractor) has just been notified that its critical documents which includes sensitive classified proprietary business information, user data and compromised data files have been found on servers several states away. The victim organization approaches a local security company to conduct an emergency network security assessment and assess the situation. On completion of the traditional security assessment which included scanning the external and internal network the consultants find no evidence of malware, data leakage or are able to identify any compromised machines. They do however identify and report on a few general vulnerabilities. After delivering their reports and invoices the security consultants are done with the project. 2
3 Issues With Traditional Assessments In order to realize why traditional security assessments are no longer sufficient or effective in detecting sophisticated infections, whether it's the run-of-the-mill type infections or specifically targeted attacks such as Advanced Persistent Threats (APTs), it is imperative to understand how modern malware typically operates. Malware is most effectively propagated due to vulnerabilities (very often zero-day) in regular desktop applications like PDF readers, various web browsers, flash and movie players etc. Unsuspecting users are tricked into accessing malicious websites or even regular websites that may have malicious advertising banners (funded by organized crime groups) or in more specifically targeted attacks the users of the victim organizations are tricked into opening up attachments or clicking cleverly disguised links through various social engineering techniques such as spoofed s. The following is an example of a malicious request in which a user is persuaded to open the attachment claiming to be a valid online purchase: Once at these websites, specially-crafted exploits residing on the webservers are launched against the user's machine that targets weaknesses in the users' browsers, desktop applications and other software. As soon as the exploit is executed the malware embeds itself deep into the victim machine unannounced to the user, and also installs backdoors and other command and control applications that enable a hacker to take complete control of the system. In addition to having access to these systems the malware is capable of recording all user keystrokes via key loggers, sniffing for sensitive information like usernames, passwords, credit card info, financial data, Personally Identifiable Information (PII) etc. that can be securely ex-filtrated out of the network through encrypted communication channels. Sophisticated malware even has the capability of hiding itself deep in the operating systems or changing its form (signature) also known as polymorphism so that traditional antivirus programs are unable to detect and quarantine them. Logic bombs are also common, where the malware will stay silent for extended periods of time and at random intervals will awake to send small amounts of data to the attackers in order to go undetected. 3
4 The following diagram is a high level representation of the attack flow in order to compromise a target network: Once an attacker has a foothold on the network via zero-day attacks such as spear-phishing they begin to start targeting various other network components and infrastructure within the victims' environment. This leads to further exploitation and data compromise of systems as they move through the organization undetected. Planting additional backdoors, Trojans, logic bombs etc. across the environment is a common practice to ensure they maintain access if discovered or accidentally shut down. Very often the goal is to stay on the network for an extended period of time and continue exfiltrating data for as long as possible thus maintaining stealth by covering up their tracks is an important component of the attack. 4
5 The following high level process summarizes a general targeted attack: High Level APT Process The sophisticated attack techniques that target zero-day vulnerabilities, also known as Advanced Persistent Threats (APTs), cannot be identified by traditional vulnerability assessments. These traditional security assessments (such as vulnerability scanning) are looking for standalone known vulnerabilities with previously identified and reported signatures and are unable to alert on zero-day vulnerabilities that do not have a known signature. By inherent design another weakness of the scanning engines is that they do not attempt to look at the holistic network and simply do not indicate what hosts have been compromised and if they are bleeding critical data offsite to malicious location. Unfortunately very often these types of traditional assessments are standard check box' items for various compliance frameworks and standard audits to answer questions such as: Have you run vulnerability scans and fixed patched? Yes, we have box checked, point closed, move on and only the bare minimum has been accomplished while the attackers still have complete control of a network and continue to ship off data unscathed by the traditional vulnerability scan. As we break down each component of the various stages that comprise the APT attack into sub section components to understand the specific tools and techniques used to further penetrate the environment, maintain access and ex-filtrate data we can start mapping out these component based on tradition assessment techniques. Our research has shown that these assessment methods are able to identify just a few components within the attacks and we have found that over 85% of attack vectors cannot be detected by traditional assessment techniques. 5
6 The subsystem APT process below highlights the attack vectors components that are typically identified by traditional assessments techniques (< 15%): Subsystem APT Process There Is A Better Way: 360 Living Security Assessment There is no single appliance or technology that will detect and prevent every single kind of cyber-attack, but due to the large gap (>85%) in what is potentially identified by traditional security assessment techniques, our understanding of APT attacks and how they are able to easily infiltrate organization, we have started to see a new generation of assessment techniques. 6
7 These next-gen techniques combine several security initiatives that specialize in detecting a compromised network infrastructure based on the following assessment steps: Step 1: (24/7 Behavioral based network traffic monitoring + APT Detection) Due to the inherent nature of sophisticated malware most antivirus programs are unable to detect deeply embedded rootkits and kernel malware that is installed deep within the operating system. The only way to determine if these systems are compromised is to watch their network traffic pattern behaviors across the wire. These communication channels tend to be encrypted and also may not follow any particular timeframe/range. We have seen malware hibernate for several weeks and unexpectedly wake up and begin to talk back to their command and control (C&C) servers for a few seconds but during that time they tend to send back a large chuck of information that usually related to ex-filtration of data. It is thus important to watch for and analyze any suspicious patterns of network activity that is out of the normal behavior. Since this type of activity is extremely laborious from a manual perspective it is necessary to employ automated pattern analysis techniques that have the ability to analyze and keep track of historic network data as well as correlate current anomaly detection to previously observed traffic patterns in order to determine changes in normal network behavior. These types of network monitoring tools also help determine zero-day attacks. Install and configure network packet monitoring tools at strategic location with anomaly detection and behavioral traffic analysis. These tools should be setup at several locations across the enterprise such in front of the firewall on the perimeter (on the external network), behind the firewall on the internal network), in front of any trusted computing zones such as server farms, DMZ etc. The specific placement of the packet analysis and monitoring tool are extremely important so that maximum visibility is achieved across the environment. Core switch are recommended as spanning these traffic points provide as much coverage as possible from a network level. In addition the behavioral pattern analysis it is important that these monitoring tools also have the capability of signature analysis to help determine when known malware may be present as well as detect when malware or attacks are attempting to exploit specific vulnerabilities in software or 7
8 operating systems. It is the combination of signature and behavioral traffic pattern analysis that will help detect anomalous activity on a network. All the security technology in the world is not effective unless a team of security specialists are actively monitoring and assessing these solutions. When considering packet analysis solutions it is extremely important to employ a Managed Security Services Provider (MSSP) type model in which there is a team of specially trained security analysts to not only monitor but also analyze and interpret suspicious behavior that can be acted on and translated to incident response of your team to take action on. By focusing on anomalous network behavior the team is able to determine if there is suspicious network traffic behavior such as DNS queries to odd servers, random use or certain protocols and services, large file transfers to external sources, compromised systems on the network, new servers and workstation alive on the network etc. Another advantage of 24/7 monitoring is the immediate response capabilities of your security team no matter what time of day, or day of week to block an attack again the network. Step 2: (Penetration Testing, Vuln Analysis and Firewall Assessments) Once monitoring has been implemented across the network the next step is to begin penetration testing and vulnerability analysis assessments on the external and internal network. Penetration testing is an important aspect of overall network security since it takes a much different approach than automated vulnerability scanning. In automated scanning an assessor points network and application scanners at targets in order to determine the know vulnerabilities that may be present. While this assessment may account for identification of vulnerabilities and missing patches, penetration testing take vulnerability analysis and exploitation of these vulnerabilities to a whole different level. In pentration testing, the assessors simulate what a determined hacker would do in order to exploit a target network and potentially gain access. A majority of the time spent during such as assessment is focused on manual attack and exploitation techniques that typical vulnerability scanner are not sophisticated enough to perform. The goal is not to bring down the network but rather to attempt to gain access into the environment like a determined hacker would attempt to exploit. In addition to looking for holes within the network a penetration testing assessments tests the incident response 8
9 procedures of the organization as well as clearly demonstrates to management the security issues that may be present. At this stage of the overall assessment since the perimeter is currently being assessed using penetration testing techniques and vulnerability analysis tools the next step in securing the perimeter is to perform a detailed assessment on the security of the firewall. Since this is the main gateway in and out of the network it is extremely important to ensure the proper rules are in place. Very often organizations do not have any kind of egress (outbound) rules in place. Thus all (potentially 65,535) ports are allowed outbound. Through our research we have come across several forms of malware that propagate on high ports and even switch between several ports while connecting and establishing tunnels to external entities to transfer out data. These techniques are used by malware developers so that they can avoid commonly inspected traffic such as port 80 (http) and 443 (https) type connections by security devices. It is thus essential to ensure firewalls are locked down to only the necessary inbound and outbound ports based on business requirements. Temporary Access Control Lists (ACLs) and overlapping ACLs should also be checked to ensure there are no conflicting rules that could create a hole into the network. It is common for firewall administrators to create temporary rules that facilitate an emergency service and several weeks or months after allowing access to the environment human nature tends to forget to go back and shut these services off. An equally essential monitoring task while assessing the firewall is to make sure the firewall logs are being monitored on a consistent basis. Firewalls do generate a high volume of logs but it is necessary to capture and alert on significant events such as firewall login attempts, failed login attempts, changes to ACLs, any kind of brute force attacks, blocked traffic event etc. These kinds of events provide the most amount of value when co-related with network based events from the packet monitoring tools. Since analysts are constantly watching the network events on a 24/7 basis for the duration of the assessment it will be beneficial to capture the firewall logs and alerts and thus co-relate with other network based activity. 9
10 Step 3: (Internal Assessment, Security Policy, MDM & Cyber Liability Coverage) With several key security initiatives in place that have targeted the perimeter (Step 2) as well as 24/7 network packet analysis (Step 1) that covers overall network monitoring to determine where the data exfiltration may occur, these various steps has already automatically created a well-positioned security assessment shell around the target network infrastructure. It is now time to start working on the core of the network which not only includes technical analysis of the internal network but also focuses on the administrative and compliance security initiatives such as policy, information security awareness programs, mobile device management, log monitoring and critical server analysis. Security policy in any organization should be a top down initiative. Management must be able to establish baseline security policies for the organization and actively ensure that these policies are being distilled through the organization on a regular basis in the form of policy review, security awareness training sessions and ongoing monitoring to ensure these policies are being followed. Organizations often have elaborate security policies that employees are required to sign at their time of hire but are not disseminated on a regular basis. A majority of the modern malware attacks are successful as a result of a user being tricked into clicking/downloading/accessing content they should not have in the first place. With the rise of employee-owned personal mobile devices (BYOD) and corporate data stored on the devices such as sensitive corporate and files, organization are having a challenge with securing data on these devices as well as having to deal with the security challenge facing the app marketplace such as rogue apps that are designed to steal data by accessing other apps on the mobile platform that are unknowingly downloaded by users. Due to the significant challenges with mobile platforms it is necessary to assess and understand how the organization is equipped to deal with their mobile user and more importantly is there a policy in place to address mobile device management (MDM). Mobile devices that have been compromised once connected to the corporate network have the potential of attempting to identify and target network resources. It is thus necessary to assess and if found deficient employ corporate policies for MDM as well as deploy solutions that help protect corporate data from being exposed on these devices. 10
11 Another aspect of organization risk transference is to ensure that the organization has sufficient insurance coverage in case of a data breach. With the cost of global cybercrime topping $114 billion i annually and with average estimates of each compromised record costing an organization $214 ii the need for external cyber liability coverage is vital for the financial survival and rebuilding of an organization in the event of a data breach that become public. While tradition insurance covers tangible property and third party liability, cyber insurance covers the bits and bits of data that is processed by your organization and covers information such as Social Security numbers, credit card data, health records and PII information, financial records (banking and investments, credit info, pension, retirement) etc. Network Security and Privacy coverage begins with the first and third party coverage for loss and damage that may result from digital data that the organization may store such as files on stolen employee laptops or even information lost as a result of malware and data leakage from a network. With a good cyber policy in place costs for notification as well as fines and penalties are covered in addition to costs of resolving public relations in the event of a disaster. As a result of increasing data loss over the past several years across various industries, major frameworks and federal regulations have been put in place such as HIPPA (Health Insurance Portability & Accountability Act) for healthcare, PCI-DSS (Payment Card Industry Security Standards Council) for retailers credit card and PII transaction, FERPA (Family Education Rights Privacy Act) for educators, FCRA (Fair Credit Reporting Act) and GLBA (Graham-Leach-Bliley Act) for financial institutions etc. to regulate and impose penalties as a result of negligence with the handling of sensitive and privacy data. Thus as part of the assessment it is imperative to assess, evaluate and if insufficient coverage is found explore options that will sufficiently cover the organization in the case of a breach or data loss. A Practical Application Case Study: Data Integration At Various Layers The true power of the above three assessment layers exists in the intergration and sharing of information by each security initiative across the various layers. While a single layer is not sufficient to completely determine overall security posture, the sharing and intrepreting of data gathered across several layers helps paint an accurate picture of what is actually occuring on the network and which systems have been compromised and may be currently leaking critical data. The following case study which was an actual assessment that was performed by using the above assessment methodology to find source of compromise that occurred on a corporate network (We have mapped the assessment initiative to the steps outlined above) - Once onsite, installed monitoring devies at perimeter, internal core switch, and server ranges. At this point the entire network traffic is being monitored and every single packet passing in and out of the network is being carefully tracked. [Step 1] 11
12 - While traffic is being captured and behavioral profile is forming of network, the core firewalls are undergoing assessment. All firewall ACLs (Access Control Lists) are investigated and audited to determine security risks. [Step 2] Findings: Security Audit determined the absence of egress (outbound) filtering in addition to the presence of several non-required inbound ports rule to unused services. Remediation included blocking all outbound traffic with explicit rule for business related traffic. - External penetration test and vulnerability analysis conducted on network perimeter. [Step 2] Findings: Several static vulnerabilities are identified and mail server has been found to allow any one from the internet to relay off mail server and spoof of any company official. Proof of concept (POC) is carried out to confirm. sent to employess spoofed from CEO inbox. Remediation included patching of all vulnerable services and disabling externally accessible mail relay service. - Internal security assessment conducted with focus on servers. Implemented specialized host based monitoring tools on critical servers to logs and capture suspicious process behavior. [Step 1 + 2] Findings: Around 4am the logging tools detects 2 outbound connection on port tcp/443 from main file server to 2 distinct IP addresses. Furthur investigation reveals IP address are part of botnet and are associated with hosting malware - Malicious IP address are co-related across network packet capture devices to determine if similar traffic was observed across the network. [Intergration of Step ] Findings: Behavioral patterns and packet capture analysis found 12 computers on the network including 5 servers to have random outbound activity on port tcp/443 to the same IP address at random intervals times over the past several days. Remediations include reimaging of all found compromised machines including servers and workstations. - Captured live memory dumps from all servers and workstation to analyze contents. [Step 3 + 1] Findings: Memory analysis revealed the presence of malware files attempting outbound communication. Remediations include reimaging of all found compromised machines including servers and workstations. 12
13 - Reviewed Security policy, Mobile Device management implementation, endpoint security coverage and cyber liability insurance coverage. [Step 3] Finding: Organization severely lacked security policy and employee awareness training programs. Mobile device managemnt solution in place with minor tweaks needed for security. Cyber liability coverage was not sufficient based on business practices and data help and needed review. Conclusion As this whitepaper has demonstrated through illustration of modern malware techniques and case study analysis, the traditional security assessments are no longer able to keep up with the sophistication and propagation of complex and targeted attacks. But as clearly shown above the next generation of security assessment techniques which combines a variety of initiatives and specialized tools that specialize in anomaly detection, share information and work together in various layers does enable a security assessment team to quickly identify and contain the source of network compromises and data leakage. 13
14 Sources: i ii 2010 U.S. Cost of a Data Breach Study by the Ponemon Institute 14
Fighting Advanced Threats
Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.
More informationKEY STEPS FOLLOWING A DATA BREACH
KEY STEPS FOLLOWING A DATA BREACH Introduction This document provides key recommended steps to be taken following the discovery of a data breach. The document does not constitute an exhaustive guideline,
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationCybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix
Cybercrime myths, challenges and how to protect our business Vladimir Kantchev Managing Partner Service Centrix Agenda Cybercrime today Sources and destinations of the attacks Breach techniques How to
More informationThe Hillstone and Trend Micro Joint Solution
The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry
More informationJK0 015 CompTIA E2C Security+ (2008 Edition) Exam
JK0 015 CompTIA E2C Security+ (2008 Edition) Exam Version 4.1 QUESTION NO: 1 Which of the following devices would be used to gain access to a secure network without affecting network connectivity? A. Router
More informationAnalyzing Security for Retailers An analysis of what retailers can do to improve their network security
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary
More informationAgenda. 3 2012, Palo Alto Networks. Confidential and Proprietary.
Agenda Evolution of the cyber threat How the cyber threat develops Why traditional systems are failing Need move to application controls Need for automation 3 2012, Palo Alto Networks. Confidential and
More informationBlackRidge Technology Transport Access Control: Overview
2011 BlackRidge Technology Transport Access Control: Overview 1 Introduction Enterprises and government agencies are under repeated cyber attack. Attacks range in scope from distributed denial of service
More informationSECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal
WHITE PAPER SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM Why Automated Analysis Tools are not Created Equal SECURITY REIMAGINED CONTENTS Executive Summary...3 Introduction: The Rise
More informationConcierge SIEM Reporting Overview
Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts
More informationSpear Phishing Attacks Why They are Successful and How to Stop Them
White Paper Spear Phishing Attacks Why They are Successful and How to Stop Them Combating the Attack of Choice for Cybercriminals White Paper Contents Executive Summary 3 Introduction: The Rise of Spear
More informationRSA Security Anatomy of an Attack Lessons learned
RSA Security Anatomy of an Attack Lessons learned Malcolm Dundas Account Executive John Hurley Senior Technology Consultant 1 Agenda Advanced Enterprise/ Threats The RSA Breach A chronology of the attack
More informationUnknown threats in Sweden. Study publication August 27, 2014
Unknown threats in Sweden Study publication August 27, 2014 Executive summary To many international organisations today, cyber attacks are no longer a matter of if but when. Recent cyber breaches at large
More information24/7 Visibility into Advanced Malware on Networks and Endpoints
WHITEPAPER DATA SHEET 24/7 Visibility into Advanced Malware on Networks and Endpoints Leveraging threat intelligence to detect malware and exploitable vulnerabilities Oct. 24, 2014 Table of Contents Introduction
More informationSpeed Up Incident Response with Actionable Forensic Analytics
WHITEPAPER DATA SHEET Speed Up Incident Response with Actionable Forensic Analytics Close the Gap between Threat Detection and Effective Response with Continuous Monitoring January 15, 2015 Table of Contents
More informationPerspectives on Cybersecurity in Healthcare June 2015
SPONSORED BY Perspectives on Cybersecurity in Healthcare June 2015 Workgroup for Electronic Data Interchange 1984 Isaac Newton Square, Suite 304, Reston, VA. 20190 T: 202-618-8792/F: 202-684-7794 Copyright
More informationWhat Do You Mean My Cloud Data Isn t Secure?
Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there
More informationDefending Against Cyber Attacks with SessionLevel Network Security
Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive
More informationRethinking Cyber Security in the Age of the Breach
Global Cloud Networking Advanced Managed Security Cloud Unified Communications Rethinking Cyber Security in the Age of the Breach Craig D Abreo, CISSP VP Security Operations Copyright 2015 Masergy Communica8ons,
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationNetworking for Caribbean Development
Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n
More informationHow To Secure Your System From Cyber Attacks
TM DeltaV Cyber Security Solutions A Guide to Securing Your Process A long history of cyber security In pioneering the use of commercial off-the-shelf technology in process control, the DeltaV digital
More informationSPEAR PHISHING UNDERSTANDING THE THREAT
SPEAR PHISHING UNDERSTANDING THE THREAT SEPTEMBER 2013 Due to an organisation s reliance on email and internet connectivity, there is no guaranteed way to stop a determined intruder from accessing a business
More informationWHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform
WHITE PAPER Cloud-Based, Automated Breach Detection The Seculert Platform Table of Contents Introduction 3 Automatic Traffic Log Analysis 4 Elastic Sandbox 5 Botnet Interception 7 Speed and Precision 9
More informationGetting Ahead of Malware
IT@Intel White Paper Intel Information Technology Security December 2009 Getting Ahead of Malware Executive Overview Since implementing our security event monitor and detection processes two years ago,
More information2. From a control perspective, the PRIMARY objective of classifying information assets is to:
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
More informationIncident Response. Six Best Practices for Managing Cyber Breaches. www.encase.com
Incident Response Six Best Practices for Managing Cyber Breaches www.encase.com What We ll Cover Your Challenges in Incident Response Six Best Practices for Managing a Cyber Breach In Depth: Best Practices
More informationCyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies
Cyber Security in Taiwan's Government Institutions: From APT To Investigation Policies Ching-Yu, Hung Investigation Bureau, Ministry of Justice, Taiwan, R.O.C. Abstract In this article, we introduce some
More informationAppalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation... 1. Areas for Improvement... 2
Report No. 13-35 September 27, 2013 Appalachian Regional Commission Table of Contents Results of Evaluation... 1 Areas for Improvement... 2 Area for Improvement 1: The agency should implement ongoing scanning
More informationComprehensive Advanced Threat Defense
1 Comprehensive Advanced Threat Defense June 2014 PAGE 1 PAGE 1 1 INTRODUCTION The hot topic in the information security industry these days is Advanced Threat Defense (ATD). There are many definitions,
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationModern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth
Modern Cyber Threats how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure Axel Wirth Healthcare Solutions Architect Distinguished Systems Engineer AAMI 2013 Conference
More informationComprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)
Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware
More informationBreach Found. Did It Hurt?
ANALYST BRIEF Breach Found. Did It Hurt? INCIDENT RESPONSE PART 2: A PROCESS FOR ASSESSING LOSS Authors Christopher Morales, Jason Pappalexis Overview Malware infections impact every organization. Many
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationNetwork Incident Report
To submit copies of this form via facsimile, please FAX to 202-406-9233. Network Incident Report United States Secret Service Financial Crimes Division Electronic Crimes Branch Telephone: 202-406-5850
More informationManaged Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint?
Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint? Why? Focused on Managed Intrusion Security Superior-Architected Hardened Technology Security
More informationAdvanced Persistent Threats
White Paper INTRODUCTION Although most business leaders and IT managers believe their security technologies adequately defend against low-level threats, instances of (APTs) have increased. APTs, which
More informationAnalyzing HTTP/HTTPS Traffic Logs
Advanced Threat Protection Automatic Traffic Log Analysis APTs, advanced malware and zero-day attacks are designed to evade conventional perimeter security defenses. Today, there is wide agreement that
More informationNetwork Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting
Network Security: 30 Questions Every Manager Should Ask Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting Network Security: 30 Questions Every Manager/Executive Must Answer in Order
More informationA Case for Managed Security
A Case for Managed Security By Christopher Harper Managing Director, Security Superior Managed IT & Security Services 1. INTRODUCTION Most firms believe security breaches happen because of one key malfunction
More informationA Decision Maker s Guide to Securing an IT Infrastructure
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
More informationCybersecurity and internal audit. August 15, 2014
Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices
More informationSecurity and Privacy
Security and Privacy Matthew McCormack, CISSP, CSSLP CTO, Global Public Sector, RSA The Security Division of EMC 1 BILLIONS OF USERS MILLIONS/BILLIONS OF APPS 2010 Cloud Big Data Social Mobile Devices
More informationWhy Leaks Matter. Leak Detection and Mitigation as a Critical Element of Network Assurance. A publication of Lumeta Corporation www.lumeta.
Why Leaks Matter Leak Detection and Mitigation as a Critical Element of Network Assurance A publication of Lumeta Corporation www.lumeta.com Table of Contents Executive Summary Defining a Leak How Leaks
More informationAdvanced Threat Protection with Dell SecureWorks Security Services
Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5
More informationThe Cloud App Visibility Blindspot
The Cloud App Visibility Blindspot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Introduction Today, enterprise assets are more at risk than ever before
More informationWhite Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES. By James Christiansen, VP, Information Risk Management
White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES By James Christiansen, VP, Information Risk Management Executive Summary Security breaches in the retail sector are becoming more
More informationGlobal Partner Management Notice
Global Partner Management Notice Subject: Critical Vulnerabilities Identified to Alert Payment System Participants of Data Compromise Trends Dated: May 4, 2009 Announcement: To support compliance with
More informationProtect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities
Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities Protecting a business s IT infrastructure is complex. Take, for example, a retailer operating a standard multi-tier infrastructure
More informationCOORDINATED THREAT CONTROL
APPLICATION NOTE COORDINATED THREAT CONTROL Interoperability of Juniper Networks IDP Series Intrusion Detection and Prevention Appliances and SA Series SSL VPN Appliances Copyright 2010, Juniper Networks,
More information2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program.
2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program. Entry Name HFA Submission Contact Phone Email Qualified Entries must be received by
More informationWhy The Security You Bought Yesterday, Won t Save You Today
9th Annual Courts and Local Government Technology Conference Why The Security You Bought Yesterday, Won t Save You Today Ian Robertson Director of Information Security Michael Gough Sr. Risk Analyst About
More informationDeploying Firewalls Throughout Your Organization
Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense
More informationFirewalls Overview and Best Practices. White Paper
Firewalls Overview and Best Practices White Paper Copyright Decipher Information Systems, 2005. All rights reserved. The information in this publication is furnished for information use only, does not
More informationHoneyBOT User Guide A Windows based honeypot solution
HoneyBOT User Guide A Windows based honeypot solution Visit our website at http://www.atomicsoftwaresolutions.com/ Table of Contents What is a Honeypot?...2 How HoneyBOT Works...2 Secure the HoneyBOT Computer...3
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationAnti-exploit tools: The next wave of enterprise security
Anti-exploit tools: The next wave of enterprise security Intro From malware and ransomware to increasingly common state-sponsored attacks, organizations across industries are struggling to stay ahead of
More informationSecure Your Mobile Workplace
Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in
More informationBuilding A Secure Microsoft Exchange Continuity Appliance
Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building
More informationdefending against advanced persistent threats: strategies for a new era of attacks agility made possible
defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been
More informationSECURITY TERMS: Advisory Backdoor - Blended Threat Blind Worm Bootstrapped Worm Bot Coordinated Scanning
SECURITY TERMS: Advisory - A formal notice to the public on the nature of security vulnerability. When security researchers discover vulnerabilities in software, they usually notify the affected vendor
More information5 Steps to Advanced Threat Protection
5 Steps to Advanced Threat Protection Agenda Endpoint Protection Gap Profile of Advanced Threats Consensus Audit Guidelines 5 Steps to Advanced Threat Protection Resources 20 Years of Chasing Malicious
More informationCovert Operations: Kill Chain Actions using Security Analytics
Covert Operations: Kill Chain Actions using Security Analytics Written by Aman Diwakar Twitter: https://twitter.com/ddos LinkedIn: http://www.linkedin.com/pub/aman-diwakar-ccie-cissp/5/217/4b7 In Special
More informationUnified Security, ATP and more
SYMANTEC Unified Security, ATP and more TAKE THE NEXT STEP Martin Werner PreSales Consultant, Symantec Switzerland AG MEET SWISS INFOSEC! 27.01.2016 Unified Security 2 Symantec Enterprise Security Users
More informationAB 1149 Compliance: Data Security Best Practices
AB 1149 Compliance: Data Security Best Practices 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: AB 1149 is a new California
More informationIntroducing IBM s Advanced Threat Protection Platform
Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM
More informationPreparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE
More informationIBM Security QRadar QFlow Collector appliances for security intelligence
IBM Software January 2013 IBM Security QRadar QFlow Collector appliances for security intelligence Advanced solutions for the analysis of network flow data 2 IBM Security QRadar QFlow Collector appliances
More informationTop 20 Critical Security Controls
Top 20 Critical Security Controls July 2015 Contents Compliance Guide 01 02 03 04 Introduction 1 How Rapid7 Can Help 2 Rapid7 Solutions for the Critical Controls 3 About Rapid7 11 01 INTRODUCTION The Need
More informationNational Endowment for the Arts Evaluation Report. Table of Contents. Results of Evaluation... 1. Areas for Improvement... 2. Exit Conference...
NEA OIG Report No. R-13-03 Table of Contents Results of Evaluation... 1 Areas for Improvement... 2 Area for Improvement 1: The agency should implement ongoing scanning to detect vulnerabilities... 2 Area
More informationHow to Practice Safely in an era of Cybercrime and Privacy Fears
How to Practice Safely in an era of Cybercrime and Privacy Fears Christina Harbridge INFORMATION PROTECTION SPECIALIST Information Security The practice of defending information from unauthorised access,
More informationInnovative Defense Strategies for Securing SCADA & Control Systems
1201 Louisiana Street Suite 400 Houston, Texas 77002 Phone: 877.302.DATA Fax: 800.864.6249 Email: info@plantdata.com Innovative Defense Strategies for Securing SCADA & Control Systems By: Jonathan Pollet
More informationSpyware. Michael Glenn Technology Management Michael.Glenn@Qwest.com. 2004 Qwest Communications International Inc.
Spyware Michael Glenn Technology Management Michael.Glenn@Qwest.com Agenda Security Fundamentals Current Issues Spyware Definitions Overlaps of Threats Best Practices What Service Providers are Doing References
More informationTop tips for improved network security
Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a
More informationCisco Advanced Malware Protection
Solution Overview Cisco Advanced Malware Protection Breach Prevention, Detection, Response, and Remediation for the Real World BENEFITS Gain unmatched global threat intelligence to strengthen front-line
More informationEndpoint & Server Protection. Brent Biernat First Vice President Network Services May 13, 2014
Endpoint & Server Protection Brent Biernat First Vice President Network Services May 13, 2014 The Evolution of Cyber Crime 1878 Bell Telephone Teenage Switchboard Operator Disconnected calls, eavesdropped,
More informationITAR Compliance Best Practices Guide
ITAR Compliance Best Practices Guide 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: International Traffic in Arms Regulations
More informationInnovations in Network Security
Innovations in Network Security Michael Singer April 18, 2012 AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies.
More informationGuideline on Auditing and Log Management
CMSGu2012-05 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Auditing and Log Management National Computer Board Mauritius
More informationWatchGuard Technologies, Inc. 505 Fifth Avenue South Suite 500, Seattle, WA 98104 www.watchguard.com
SMALL BUSINESS NETWORK SECURITY GUIDE WHY A REAL FIREWALL PROVIDES THE BEST NETWORK PROTECTION AUGUST 2004 SMALL BUSINESS NETWORK SECURITY GUIDE: WHY A REAL FIREWALL PROVIDES THE BEST NETWORK PROTECTION
More informationWHITEPAPER. How a DNS Firewall Helps in the Battle against Advanced Persistent Threat and Similar Malware
WHITEPAPER How a DNS Firewall Helps in the Battle against Advanced Persistent Threat and Similar Malware How a DNS Firewall Helps in the Battle against Advanced As more and more information becomes available
More informationContent Security: Protect Your Network with Five Must-Haves
White Paper Content Security: Protect Your Network with Five Must-Haves What You Will Learn The continually evolving threat landscape is what makes the discovery of threats more relevant than defense as
More informationOn-Premises DDoS Mitigation for the Enterprise
On-Premises DDoS Mitigation for the Enterprise FIRST LINE OF DEFENSE Pocket Guide The Challenge There is no doubt that cyber-attacks are growing in complexity and sophistication. As a result, a need has
More informationCyber - Security and Investigations. Ingrid Beierly August 18, 2008
Cyber - Security and Investigations Ingrid Beierly August 18, 2008 Agenda Visa Cyber - Security and Investigations Today s Targets Recent Attack Patterns Hacking Statistics (removed) Top Merchant Vulnerabilities
More informationBUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports
BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports Building a Security Operation Center Agenda: Auditing Your Network Environment Selecting Effective Security
More informationCHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC
: INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS 1 FIVE KEY RECOMMENDATIONS During 2014, NTT Group supported response efforts for a variety of incidents. Review of these engagements revealed some observations
More informationInformation Security Services
Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual
More information1 You will need the following items to get started:
QUICKSTART GUIDE 1 Getting Started You will need the following items to get started: A desktop or laptop computer Two ethernet cables (one ethernet cable is shipped with the _ Blocker, and you must provide
More informationThe Importance of Cybersecurity Monitoring for Utilities
The Importance of Cybersecurity Monitoring for Utilities www.n-dimension.com Cybersecurity threats against energy companies, including utilities, have been increasing at an alarming rate. A comprehensive
More informationThe Value of QRadar QFlow and QRadar VFlow for Security Intelligence
BROCHURE The Value of QRadar QFlow and QRadar VFlow for Security Intelligence As the security threats facing organizations have grown exponentially, the need for greater visibility into network activity
More informationSecurity Management. Keeping the IT Security Administrator Busy
Security Management Keeping the IT Security Administrator Busy Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Excelsior College James L. Antonakos SUNY Distinguished Teaching
More informationENABLING FAST RESPONSES THREAT MONITORING
ENABLING FAST RESPONSES TO Security INCIDENTS WITH THREAT MONITORING Executive Summary As threats evolve and the effectiveness of signaturebased web security declines, IT departments need to play a bigger,
More information74% 96 Action Items. Compliance
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated
More informationLarry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping
Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control
More informationReference Architecture: Enterprise Security For The Cloud
Reference Architecture: Enterprise Security For The Cloud A Rackspace Whitepaper Reference Architecture: Enterprise Security for the Cloud Cover Table of Contents 1. Introduction 2 2. Network and application
More informationPresented by Evan Sylvester, CISSP
Presented by Evan Sylvester, CISSP Who Am I? Evan Sylvester FAST Information Security Officer MBA, Texas State University BBA in Management Information Systems at the University of Texas Certified Information
More informationWEB PROTECTION. Features SECURITY OF INFORMATION TECHNOLOGIES
WEB PROTECTION Features SECURITY OF INFORMATION TECHNOLOGIES The web today has become an indispensable tool for running a business, and is as such a favorite attack vector for hackers. Injecting malicious
More information