Cymon.io. Open Threat Intelligence. 29 October 2015 Copyright 2015 esentire, Inc. 1
|
|
|
- Gavin Malone
- 10 years ago
- Views:
Transcription
1 Cymon.io Open Threat Intelligence 29 October 2015 Copyright 2015 esentire, Inc. 1
2 #> whoami» Roy Firestein» Senior Consultant» Doing Research & Development» Other work include:» docping.me» threatlab.io 29 October 2015 Copyright 2015 esentire, Inc. 2
3 Agenda» About Cymon» Use Cases» Existing Tools» Machine Learning in Cymon» Architecture and Design 29 October 2015 Copyright 2015 esentire, Inc. 3
4 ABOUT CYMON
5 Why Cymon? Malicious? History Network 29 October 2015 Copyright 2015 esentire, Inc. 5
6 29 October 2015 Copyright 2015 esentire, Inc. 7
7 About» Largest tracker of security reports» Malware» Phishing» Botnets» Others.. 29 October 2015 Copyright 2015 esentire, Inc. 8
8 About» 20,000+ unique IPs saved daily 29 October 2015 Copyright 2015 esentire, Inc. 9
9 About» Almost 200 sources ingested daily» VirusTotal» Phishtank» Blacklists» Antivirus vendors 29 October 2015 Copyright 2015 esentire, Inc. 10
10 Quick Stats 4.6+ Million Million IP Addresses Security Events 29 October 2015 Copyright 2015 esentire, Inc. 11
11 Events Acquisition Chart 29 October 2015 Copyright 2015 esentire, Inc. 12
12 IPs with most sources 29 October 2015 Copyright 2015 esentire, Inc. 13
13 Web Interface» Free access» Search database for» IPs» Domains» URLs» Hashes 29 October 2015 Copyright 2015 esentire, Inc. 14
14 Web Interface - Events Timeline 29 October 2015 Copyright 2015 esentire, Inc. 15
15 IP Reputation Examples» October 2015 Copyright 2015 esentire, Inc. 16
16 Globe Visualization 29 October 2015 Copyright 2015 esentire, Inc. 17
17 Map Visualization 29 October 2015 Copyright 2015 esentire, Inc. 18
18 API Interface» We currently offer free API access for testing» Contact me for details 29 October 2015 Copyright 2015 esentire, Inc. 19
19 Twitter Replies to tweets containing IP addresses» Natural language responses 29 October 2015 Copyright 2015 esentire, Inc. 20
20 USE CASES
21 Firewall RBL» Dynamic block list 29 October 2015 Copyright 2015 esentire, Inc. 22
22 DGA Analysis» Detect malware domains 29 October 2015 Copyright 2015 esentire, Inc. 23
23 Apache Log Analysis 29 October 2015 Copyright 2015 esentire, Inc. 24
24 CYBER MONITORING
25 Cyber Monitoring» Brands, domains, s» Supported sources:» Pastebin sites» Bit Torrent sites» Twitter 29 October 2015 Copyright 2015 esentire, Inc. 26
26 ElasticSearch Data 29 October 2015 Copyright 2015 esentire, Inc. 27
27 Cyber Monitoring» DNS Monitoring» Alerting when records change» Passive IP Monitoring» Passive Domain Monitoring 29 October 2015 Copyright 2015 esentire, Inc. 28
28 Event Example: Pastebin 29 October 2015 Copyright 2015 esentire, Inc. 29
29 Passive Pentesting 29 October 2015 Copyright 2015 esentire, Inc. 30
30 Dashboard 29 October 2015 Copyright 2015 esentire, Inc. 31
31 Cymon Alternatives OTHER TOOLS
32 Soltra Edge 29 October 2015 Copyright 2015 esentire, Inc. 33
33 Threat Connect 29 October 2015 Copyright 2015 esentire, Inc. 34
34 Threat Stack 29 October 2015 Copyright 2015 esentire, Inc. 35
35 MozDef» Helps automate the security incident handling process» 29 October 2015 Copyright 2015 esentire, Inc. 36
36 MozDef += Cymon 29 October 2015 Copyright 2015 esentire, Inc. 37
37 MACHINE LEARNING 29 October 2015 Copyright 2015 esentire, Inc. 38
38 Machine Learning Features Prediction Input Output 29 October 2015 Copyright 2015 esentire, Inc. 39
39 Machine Learning 101» Need lots of data» Two learning methods» Supervised» Unsupervised» The computer will figure it out 29 October 2015 Copyright 2015 esentire, Inc. 40
40 Starting point myskmlsnvkrgr.cc Starting point yourcloud.com myskmlsnvkrgr Remove TLD yourcloud Extract Features (data points) 29 October 2015 Copyright 2015 esentire, Inc. 41
41 What data point can we extract?» Length» Entropy» Words» Mean word length» Median word length» Gebberish probability» Domain name 29 October 2015 Copyright 2015 esentire, Inc. 42
42 Building Training Dataset Good Bad Alexa Top 1M NetCraft DGA Trackers esentire Feed Feature Extraction 29 October 2015 Copyright 2015 esentire, Inc. 43
43 Building Training Dataset Extracted Features Final Dataset Randomize 29 October 2015 Copyright 2015 esentire, Inc. 44
44 TECHNOLOGY AND ARCHITECTURE
45 Technology Stack» Amazon AWS» Django (Python)» Node.js» Docker» ElasticSearch 29 October 2015 Copyright 2015 esentire, Inc. 46
46 Architecture Benefits» Scale up quickly» Can handle millions of API requests» Highly Available» Clone environment for testing in one click» Automatic database backups and recovery» Extremely detailed infrastructure logs and alerts» Cost savings compared to traditional deployments 29 October 2015 Copyright 2015 esentire, Inc. 47
47 Architecture Components 1. Data tier 2. Workers tier 3. Web application tier 29 October 2015 Copyright 2015 esentire, Inc. 48
48 Worker Diagram 29 October 2015 Copyright 2015 esentire, Inc. 49
49 COMING SOON
50 Google Chrome Plugin github.com/esentire/cymon-interceptor 29 October 2015 Copyright 2015 esentire, Inc. 51
51 Integration with Threat Lab 29 October 2015 Copyright 2015 esentire, Inc. 52
52 Created by you» Firefox plugin» Library for Ruby / Node / C#...» Firewall plugin» Proxy plugin» IDS plugin» Maltego Transforms 29 October 2015 Copyright 2015 esentire, Inc. 53
53 Thank You! github.com/esentire October 2015 Copyright 2015 esentire, Inc. 54
SES / CIF. Internet2 Combined Industry and Research Constituency Meeting April 24, 2012
SES / CIF Internet2 Combined Industry and Research Constituency Meeting April 24, 2012 Doug Pearson Technical Director, REN-ISAC [email protected] Background on REN-ISAC The REN-ISAC mission is to
Separating Signal from Noise: Taking Threat Intelligence to the Next Level
SESSION ID: SPO2-T09 Separating Signal from Noise: Taking Threat Intelligence to the Next Level Doron Shiloach X-Force Product Manager IBM @doronshiloach Agenda Threat Intelligence Overview Current Challenges
Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)
Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware
Sikkerhet Network Protector SDN app Geir Åge Leirvik HP Networking
Sikkerhet Network Protector SDN app Geir Åge Leirvik HP Networking Agenda BYOD challenges A solution for BYOD Network Protector SDN matched with industry leading service How it works In summary BYOD challenges
Cloud and Critical Infrastructures how Cloud services are factored in from a risk perspective
Cloud and Critical Infrastructures how Cloud services are factored in from a risk perspective Reaching the Cloud era in the EU Riga 16 June 2015 Jonathan Sage Government and Regulatory Affairs Cyber Security
Open Source Threat Intelligence. Kyle R Maxwell (@kylemaxwell) Senior Researcher, Verizon RISK Team
Open Source Threat Intelligence Kyle R Maxwell (@kylemaxwell) Senior Researcher, Verizon RISK Team 2 Before we begin All trademarks belong to their respective owners. No association with any other organizations,
APPLICATION PROGRAMMING INTERFACE
DATA SHEET Advanced Threat Protection INTRODUCTION Customers can use Seculert s Application Programming Interface (API) to integrate their existing security devices and applications with Seculert. With
Can We Become Resilient to Cyber Attacks?
Can We Become Resilient to Cyber Attacks? Nick Coleman, Global Head Cyber Security Intelligence Services December 2014 Can we become resilient National Security, Economic Espionage Nation-state actors,
The SIEM Evaluator s Guide
Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,
Module 1: Overview. Module 2: AlienVault USM Solution Deployment. Module 3: AlienVault USM Basic Configuration
Module 1: Overview This module provides an overview of the AlienVault Unified Security Management (USM) solution. Upon completing this module, you will meet these objectives: Describe the goal of network
Next Generation IPS and Reputation Services
Next Generation IPS and Reputation Services Richard Stiennon Chief Research Analyst IT-Harvest 2011 IT-Harvest 1 IPS and Reputation Services REPUTATION IS REQUIRED FOR EFFECTIVE IPS Reputation has become
Leading The World Into Connected Security. Dipl.-Inform., CISSP, S+ Rolf Haas Enterprise Technology Specialist Content Lead EMEA
Leading The World Into Connected Security Dipl.-Inform., CISSP, S+ Rolf Haas Enterprise Technology Specialist Content Lead EMEA History of Defining Largest Dedicated Delivering a Next Generation Architecture
ReadySpace Limited Unit J, 16/F Reason Group Tower, 403-413 Castle PeakRoad, Kwai Chung, N.T.
Reputation and Blacklist Monitoring Basic Professional Business Enterprise Reputation Monitoring Blacklist Monitoring Standard Malware Detection Scan for known Malware Scan for known viruses All pages
Enriching Network Threat Data with Open Source Tools to Improve Monitoring
Enriching Network Threat Data with Open Source Tools to Improve Monitoring SECURE 2012 XVI Conference on Telecommunications and IT Security 22-24 October 2012 Knowledge is power Thomas Hobbes, 1658 Agenda
Threat Intelligence is Dead. Long Live Threat Intelligence!
SESSION ID: STR-R02 Threat Intelligence is Dead. Long Live Threat Intelligence! Mark Orlando Director of Cyber Operations Foreground Security Background Threat Intelligence is Dead. Long Live Threat Intelligence!
Eight Essential Elements for Effective Threat Intelligence Management May 2015
INTRODUCTION The most disruptive change to the IT security industry was ignited February 18, 2013 when a breach response company published the first research that pinned responsibility for Advanced Persistent
Applying Machine Learning to Network Security Monitoring. Alex Pinto Chief Data Scien2st MLSec Project @alexcpsec @MLSecProject!
Applying Machine Learning to Network Security Monitoring Alex Pinto Chief Data Scien2st MLSec Project @alexcpsec @MLSecProject! whoami Almost 15 years in Informa2on Security, done a licle bit of everything.
Find the needle in the security haystack
Find the needle in the security haystack Gunnar Kristian Kopperud Principal Presales Consultant Security & Endpoint Management Technology Day Oslo 1 Find the needle in the security haystack Manually deep
Malware Monitoring Service Powered by StopTheHacker
Technical Resources Malware Monitoring Service Powered by StopTheHacker StopTheHacker Dashboard User Guide End User Version CONTENTS Introduction... 3 Account Activation... 3 How to Log into Your Account...
How To Create An Insight Analysis For Cyber Security
IBM i2 Enterprise Insight Analysis for Cyber Analysis Protect your organization with cyber intelligence Highlights Quickly identify threats, threat actors and hidden connections with multidimensional analytics
Security Business Intelligence Big Data for Faster Detection/Response
Security Business Intelligence Big Data for Faster Detection/Response SESSION ID: STU-R02B Stacy Purcell Security Architect Intel/IT Legal Notices This presentation is for informational purposes only.
Using SIEM for Real- Time Threat Detection
Using SIEM for Real- Time Threat Detection Presentation to ISSA Baltimore See and secure what matters Joe Magee CTO and Co-Founder March, 27 2013 About us Vigilant helps clients build and operate dynamic,
ThreatSTOP Technology Overview
ThreatSTOP Technology Overview The Five Parts to ThreatSTOP s Service We provide 5 integral services to protect your network and stop botnets from calling home ThreatSTOP s 5 Parts: 1 Multiple threat feeds
24/7 Visibility into Advanced Malware on Networks and Endpoints
WHITEPAPER DATA SHEET 24/7 Visibility into Advanced Malware on Networks and Endpoints Leveraging threat intelligence to detect malware and exploitable vulnerabilities Oct. 24, 2014 Table of Contents Introduction
PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management
PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management INTRODUCTION Traditional perimeter defense solutions fail against sophisticated adversaries who target their
SANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
Big Data in Action: Behind the Scenes at Symantec with the World s Largest Threat Intelligence Data
Big Data in Action: Behind the Scenes at Symantec with the World s Largest Threat Intelligence Data Patrick Gardner VP Engineering Sourabh Satish Distinguished Engineer Symantec Vision 2014 - Big Data
Splunk Enterprise Log Management Role Supporting the ISO 27002 Framework EXECUTIVE BRIEF
Splunk Enterprise Log Management Role Supporting the ISO 27002 Framework EXECUTIVE BRIEF Businesses around the world have adopted the information security standard ISO 27002 as part of their overall risk
WHITE PAPER: THREAT INTELLIGENCE RANKING
WHITE PAPER: THREAT INTELLIGENCE RANKING SEPTEMBER 2015 2 HOW WELL DO YOU KNOW YOUR THREAT DATA? HOW THREAT INTELLIGENCE FEED MODELING CAN SAVE MONEY AND PREVENT BREACHES Who are the bad guys? What makes
Unified Security Management and Open Threat Exchange
13/09/2014 Unified Security Management and Open Threat Exchange RICHARD KIRK SENIOR VICE PRESIDENT 11 SEPTEMBER 2014 Agenda! A quick intro to AlienVault Unified Security Management (USM)! Overview of the
Monitis Project Proposals for AUA. September 2014, Yerevan, Armenia
Monitis Project Proposals for AUA September 2014, Yerevan, Armenia Distributed Log Collecting and Analysing Platform Project Specifications Category: Big Data and NoSQL Software Requirements: Apache Hadoop
SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION
SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION How ThreatBLADES add real-time threat scanning and alerting to the Analytics Platform INTRODUCTION: analytics solutions have become an essential weapon
Threat Intelligence for Dummies. Karen Scarfone Scarfone Cybersecurity
Threat Intelligence for Dummies Karen Scarfone Scarfone Cybersecurity 1 Source Material Threat Intelligence for Dummies ebook Co-authored with Steve Piper of CyberEdge Group Published by Wiley Sponsored
Niara Security Intelligence. Overview. Threat Discovery and Incident Investigation Reimagined
Niara Security Intelligence Threat Discovery and Incident Investigation Reimagined Niara enables Compromised user discovery Malicious insider discovery Threat hunting Incident investigation Overview In
Performing Advanced Incident Response Interactive Exercise
Performing Advanced Incident Response Interactive Exercise Post-Conference Summary Merlin Namuth Robert Huber SCENARIO 1 - PHISHING EMAILS... 3... 3 Mitigations... 3 SCENARIO 2 - IDS ALERT FOR PSEXEC...
IBM Advanced Threat Protection Solution
IBM Advanced Threat Protection Solution Fabio Panada IBM Security Tech Sales Leader 1 Advanced Threats is one of today s key mega-trends Advanced Threats Sophisticated, targeted attacks designed to gain
Security Intelligence Blacklisting
The following topics provide an overview of Security Intelligence, including use for blacklisting and whitelisting traffic and basic configuration. Security Intelligence Basics, page 1 Security Intelligence
Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning
Niara Security Analytics Automatically detect attacks on the inside using machine learning Automatically detect attacks on the inside Supercharge analysts capabilities Enhance existing security investments
Preetham Mohan Pawar (1000919136)
Charles Lever, Manos Antonakakis, Brad Reaves, Patrick Traynor, Wenke Lee Presented By:- Preetham Mohan Pawar (1000919136) University of Texas, Arlington CSE Introduction. Basic concepts.( DNS ) Mobile
McAfee Network Security Platform Administration Course
McAfee Network Security Platform Administration Course Intel Security Education Services Administration Course The McAfee Network Security Platform Administration course from McAfee Education Services
WHY DOES MY SPEED MONITORING GRAPH SHOW -1 IN THE TOOLTIP? 2 HOW CAN I CHANGE MY PREFERENCES FOR UPTIME AND SPEED MONITORING 2
FAQ WHY DOES MY SPEED MONITORING GRAPH SHOW -1 IN THE TOOLTIP? 2 HOW CAN I CHANGE MY PREFERENCES FOR UPTIME AND SPEED MONITORING 2 WHAT IS UPTIME AND SPEED MONITORING 2 WHEN I TRY TO SELECT A SERVICE FROM
Security Data Analytics Platform
Security Data Analytics Platform Figure 1 - Global Search Dashboard "The Data Analytics Platform has revolutionized the way we handle data from our Security monitoring infrastructure to our developers
The Big Data Paradigm Shift. Insight Through Automation
The Big Data Paradigm Shift Insight Through Automation Agenda The Problem Emcien s Solution: Algorithms solve data related business problems How Does the Technology Work? Case Studies 2013 Emcien, Inc.
DYNAMIC DNS: DATA EXFILTRATION
DYNAMIC DNS: DATA EXFILTRATION RSA Visibility Reconnaissance Weaponization Delivery Exploitation Installation C2 Action WHAT IS DATA EXFILTRATION? One of the most common goals of malicious actors is to
Federated Threat Data Sharing with the Collective Intelligence Framework (CIF)
Federated Threat Data Sharing with the Collective Intelligence Framework (CIF) Gabriel Iovino (REN-ISAC), Kevin Benton (REN-ISAC), Yoshiaki Kasahara (Kyushu University), Yasuichi Kitamura (APAN) TIP2013
Contemporary Web Application Attacks. Ivan Pang Senior Consultant Edvance Limited
Contemporary Web Application Attacks Ivan Pang Senior Consultant Edvance Limited Agenda How Web Application Attack impact to your business? What are the common attacks? What is Web Application Firewall
How to Grow and Transform your Security Program into the Cloud
How to Grow and Transform your Security Program into the Cloud Wolfgang Kandek Qualys, Inc. Session ID: SPO-207 Session Classification: Intermediate Agenda Introduction Fundamentals of Vulnerability Management
Analyzing HTTP/HTTPS Traffic Logs
Advanced Threat Protection Automatic Traffic Log Analysis APTs, advanced malware and zero-day attacks are designed to evade conventional perimeter security defenses. Today, there is wide agreement that
Staying Secure After Microsoft Windows Server 2003 Reaches End of Life. Trevor Richmond, Sales Engineer Trend Micro
Staying Secure After Microsoft Windows Server 2003 Reaches End of Life Trevor Richmond, Sales Engineer Trend Micro Windows Server 2003 End of Life- Why Care? The next big vulnerability (Heartbleed/Shellshock)
Ironfan Your Foundation for Flexible Big Data Infrastructure
Ironfan Your Foundation for Flexible Big Data Infrastructure Benefits With Ironfan, you can expect: Reduced cycle time. Provision servers in minutes not days. Improved visibility. Increased transparency
Cyber Security for Start-ups: An Affordable 10-Step Plan
SESSION ID: ECO-W03 Cyber Security for Start-ups: An Affordable 10-Step Plan David Cowan Partner Bessemer Venture Partners @davidcowan Acknowledgements Startups don't like friction to get their job done.
The Role of Threat Intelligence and Layered Security for Intrusion Prevention in the Post-Target Breach Era
The Role of Threat Intelligence and Layered Security for Intrusion Prevention in the Post-Target Breach Era Ted Gruenloh Director of Operations Sentinel IPS * Agenda! Review of the current Network Security
Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team
Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................
Threat Intelligence Buyer s Guide
Threat Intelligence Buyer s Guide SANS CTI Summit, 10 February 2014 Rick Holland @rickhholland Principal Analyst Last year 2014 Forrester Research, Inc. Reproduction Prohibited 2 This year, Arnold s back!!
Symantec Cyber Security Services: DeepSight Intelligence
Symantec Cyber Security Services: DeepSight Intelligence Actionable intelligence to get ahead of emerging threats Overview: Security Intelligence Companies face a rapidly evolving threat environment with
Whose IP Is It Anyways: Tales of IP Reputation Failures
Whose IP Is It Anyways: Tales of IP Reputation Failures SESSION ID: SPO-T07 Michael Hamelin Lead X-Force Security Architect IBM Security Systems @HackerJoe What is reputation? 2 House banners tell a story
Modular Network Security. Tyler Carter, McAfee Network Security
Modular Network Security Tyler Carter, McAfee Network Security Surviving Today s IT Challenges DDos BOTS PCI SOX / J-SOX Data Exfiltration Shady RAT Malware Microsoft Patches Web Attacks No Single Solution
Concierge SIEM Reporting Overview
Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts
Information Technology Policy
Information Technology Policy Security Information and Event Management Policy ITP Number Effective Date ITP-SEC021 October 10, 2006 Category Supersedes Recommended Policy Contact Scheduled Review [email protected]
Controlling Risk, Conserving Bandwidth, and Monitoring Productivity with Websense Web Security and Websense Content Gateway
Controlling Risk, Conserving Bandwidth, and Monitoring Productivity with Websense Web Security and Websense Content Gateway Websense Support Webinar January 2010 web security data security email security
GeoInt 2015 Watson Workshop
GeoInt 2015 Watson Workshop Bluemix Building a Watson Question & Answer Service Hands-on Lab The lab is divided into three parts Part A: Getting started what you need and what you will be building Estimated
Country Case Study on Incident Management Capabilities CERT-TCC, Tunisia
Country Case Study on Incident Management Capabilities CERT-TCC, Tunisia Helmi Rais CERT-TCC Team Manager National Agency for Computer Security, Tunisia [email protected] [email protected] Framework
GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"
GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA" A Roadmap for "Big Data" in Security Analytics ESSENTIALS This paper examines: Escalating complexity of the security management environment, from threats
Good Guys vs. the Bad Guys: Can Big Data Tools Counteract Advanced Threats?
Good Guys vs. the Bad Guys: Can Big Data Tools Counteract Advanced Threats? Will Froning, Information Security Manager, American University of Sharjah Mark Seward, Senior Director, Security and Compliance
The webinar will begin shortly
The webinar will begin shortly An Introduction to Security Intelligence Presented by IBM Security Chris Ross Senior Security Specialist, IBM Security Agenda The Security Landscape An Introduction to Security
FROM INBOX TO ACTION EMAIL AND THREAT INTELLIGENCE:
WHITE PAPER EMAIL AND THREAT INTELLIGENCE: FROM INBOX TO ACTION There is danger in your email box. You know it, and so does everyone else. The term phishing is now part of our daily lexicon, and even if
NGFW is yesterdays news what is next in scope for the firewall in the threat intelligence age
NGFW is yesterdays news what is next in scope for the firewall in the threat intelligence age Dynamic Threat Protection for Enterprise Edge and Data Center Rasmus Andersen Lead Security Sales Specialist
McAfee Public Cloud Server Security Suite
Installation Guide McAfee Public Cloud Server Security Suite For use with McAfee epolicy Orchestrator COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766,
Media Shuttle s Defense-in- Depth Security Strategy
Media Shuttle s Defense-in- Depth Security Strategy Introduction When you are in the midst of the creative flow and tedious editorial process of a big project, the security of your files as they pass among
Network Security Monitoring
Network Security Monitoring Network Startup Resource Center www.nsrc.org These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license (http://creativecommons.org/licenses/by-nc/4.0/)
Unified Security, ATP and more
SYMANTEC Unified Security, ATP and more TAKE THE NEXT STEP Martin Werner PreSales Consultant, Symantec Switzerland AG MEET SWISS INFOSEC! 27.01.2016 Unified Security 2 Symantec Enterprise Security Users
Botnets: The Advanced Malware Threat in Kenya's Cyberspace
Botnets: The Advanced Malware Threat in Kenya's Cyberspace AfricaHackon 28 th February 2014 Who we Are! Paula Musuva-Kigen Research Associate Director, Centre for Informatics Research and Innovation (CIRI)
WHEN THE HUNTER BECOMES THE HUNTED HUNTING DOWN BOTNETS USING NETWORK TRAFFIC ANALYSIS
WHEN THE HUNTER BECOMES THE HUNTED HUNTING DOWN BOTNETS USING NETWORK TRAFFIC ANALYSIS /ABOUT/ME Thomas Chopitea - Incident handler @CertSG Digital forensics & incident response (#DFIR), malware analysis,
Analytics Drives Big Data Drives Infrastructure Confessions of Storage turned Analytics Geeks
Analytics Drives Big Data Drives Infrastructure Confessions of Storage turned Analytics Geeks Dr. Aloke Guha 29th IEEE Conference on Massive Data Storage May 8 th, 2013 [email protected] What s Common Between
CYBER SCIENCE 2015 AN ANALYSIS OF NETWORK TRAFFIC CLASSIFICATION FOR BOTNET DETECTION
CYBER SCIENCE 2015 AN ANALYSIS OF NETWORK TRAFFIC CLASSIFICATION FOR BOTNET DETECTION MATIJA STEVANOVIC PhD Student JENS MYRUP PEDERSEN Associate Professor Department of Electronic Systems Aalborg University,
McAfee Security Architectures for the Public Sector
White Paper McAfee Security Architectures for the Public Sector End-User Device Security Framework Table of Contents Business Value 3 Agility 3 Assurance 3 Cost reduction 4 Trust 4 Technology Value 4 Speed
Scaling Big Data Mining Infrastructure: The Smart Protection Network Experience
Scaling Big Data Mining Infrastructure: The Smart Protection Network Experience 黃 振 修 (Chris Huang) SPN 主 動 式 雲 端 截 毒 技 術 架 構 師 About Me SPN 主 動 式 雲 端 截 毒 技 術 架 構 師 SPN Hadoop 基 礎 運 算 架 構 師 Hadoop in Taiwan
1 2013 Infoblox Inc. All Rights Reserved. Securing the critical service - DNS
1 2013 Infoblox Inc. All Rights Reserved. Securing the critical service - DNS Dominic Stahl Systems Engineer Central Europe 11.3.2014 Agenda Preface Advanced DNS Protection DDOS DNS Firewall dynamic Blacklisting
Securing Secure Browsers
Securing Secure Browsers SESSION ID: TRM-T11 Prashant Kumar Verma Sr. Consultant & Head (Security Testing) Paladion Networks @prashantverma21 Agenda Browser Threats Secure Browsers to address threats Secure
Domain Name Abuse Detection. Liming Wang
Domain Name Abuse Detection Liming Wang Outline 1 Domain Name Abuse Work Overview 2 Anti-phishing Research Work 3 Chinese Domain Similarity Detection 4 Other Abuse detection ti 5 System Information 2 Why?
Memory Forensics & Security Analytics: Detecting Unknown Malware
Memory Forensics & Security Analytics: Detecting Unknown Malware SESSION ID: SEC-T09 Fahad Ehsan Associate Director Security Research and Analytics UBS AG Where it all started. ------------------------------------------------------------------------------------------
AlienVault. Unified Security Management (USM) 5.x Policy Management Fundamentals
AlienVault Unified Security Management (USM) 5.x Policy Management Fundamentals USM 5.x Policy Management Fundamentals Copyright 2015 AlienVault, Inc. All rights reserved. The AlienVault Logo, AlienVault,
JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM
JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM May 2015 Nguyễn Tiến Đức ASEAN Security Specialist Agenda Modern Malware: State of the Industry Dynamic Threat Intelligence on the Firewall
Startup guide for Zimonitor
Page 1 of 5 Startup guide for Zimonitor This is a short introduction to get you started using Zimonitor. Start by logging in to your version of Zimonitor using the URL and username + password sent to you.
Analyzing large flow data sets using. visualization tools. modern open-source data search and. FloCon 2014. Max Putas
Analyzing large flow data sets using modern open-source data search and visualization tools FloCon 2014 Max Putas About me Operations Engineer - DevOps BS, MS, and CAS in Telecommunications Work/research
INCIDENT RESPONSE CHECKLIST
INCIDENT RESPONSE CHECKLIST The purpose of this checklist is to provide clients of Kivu Consulting, Inc. with guidance in the initial stages of an actual or possible data breach. Clients are encouraged
Botnet Analysis Leveraging Domain Ratio Analysis Uncovering malicious activity through statistical analysis of web log traffic
The Leader in Cloud Security RESEARCH REPORT Botnet Analysis Leveraging Domain Ratio Analysis Uncovering malicious activity through statistical analysis of web log traffic ABSTRACT Zscaler is a cloud-computing,
NERC CIP Version 5 and the PI System
Industry: Transmission/Distribution/Smarts Presented by NERC CIP Version 5 and the PI System Bryan Owen PE OSisoft Cyber Security Manager Agenda Update on OSIsoft Cyber Initiatives War Story CIP Version
場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :[email protected] Sr. Technology Consultant GCR
場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :[email protected] Sr. Technology Consultant GCR Minimum Requirements of Security Management and Compliance
Configuration Guide. Websense Web Security Solutions Version 7.8.1
Websense Web Security Solutions Version 7.8.1 To help you make the transition to Websense Web Security or Web Security Gateway, this guide covers the basic steps involved in setting up your new solution