Samuele Battistoni (IBM Security Services) Andrea Zapparoli Manzoni (Direttivo Clusit)
|
|
- Jessie Murphy
- 8 years ago
- Views:
Transcription
1 Samuele Battistoni (IBM Security Services) vs Andrea Zapparoli Manzoni (Direttivo Clusit)
2 Cyber Attack vs Security Intelligence vs Security Summit
3 La situazione in una slide 2013 vs 2011: + 267% di cyber attacchi gravi nel mondo 2013 vs 2012: + 26% di danni a parità di numero di attacchi Moltiplicazione degli attori e delle capacità offensive Tutti sono bersagli (privati, aziende, istituzioni) Tutte le piattaforme sono bersagli Le difese tradizionali non funzionano più Violazione di target prima impensabili Il ROI per gli attaccanti è elevatissimo Worst case! Il rischio per gli attaccanti è bassissimo Crescente rischio di Black Swans (HILP) Carenza di leggi e strumenti ad hoc Necessità di gestire rischi ed incidenti (in real time) Necessità di fare prevenzione! Security Summit
4 WHY? Perchè? Utilizziamo sistemi intrinsecamente insicuri come se non lo fossero A destra, la mia automobile nel All epoca ero molto fiero e non mi preoccupavo di nulla. Molti non vogliono sentirselo dire, ma l ICT di oggi, by design, ha il livello di sicurezza della mia 128 Sport del 1971 troppo basso rispetto alle minacce ed ai rischi. Questo è un problema. Le conseguenze sono inevitabili e nel 2012 sono costate al mondo quanto il PIL della Danimarca (400 miliardi di dollari). In Italia, circa lo 0,5% del PIL. Nel 2013, la stima del Ponemon Institute è che sia stata superata la soglia dei 500 miliardi di dollari di danni (diretti ed indiretti). Security Summit
5 Un sito web su 4 è bucabile o già bucato Common vulnerabilities found occurring in web application tested by IBM Application Security Service compared to OWASP Top 10 for 2013 Source: IBM X-Force Research and Development 5
6 Vulnerabilità lato client come se piovesse 6 Source: IBM X-Force Research and Development
7 Risultato 7
8 Perché dobbiamo fare Security Intelligence Perché genera awareness ed elimina le false certezze Perché i cattivi la usano contro i loro bersagli, 24/7 x 365 Perché è fondamentale per prevenire i rischi ( -> ROSI) Perché è importante per contenere le minacce in tempo utile mentre la finestra di compromissione in media oggi è di 230 giorni (!) Perché senza di essa oggi siamo ciechi, sordi e impotenti, ed è su questo che fanno leva gli attaccanti Security Summit
9 One more report? Technology is everywhere and also threats Security Summit
10 #1: Slow network and system errors attack Security Summit
11 #1: Slow network and system errors attack Large manufacture in 13 countries Good perimeter defense Firewall IPS Security Gateway (Web and Security) Antivirus on all internal and DMZ machines (server and PC) Thursday May 22 rd, :00 pm May 22 nd 23 rd, 2014 Friday May 23 rd, :00 am Facts: Network slowdown Account changes SAN errors Customer actions: Active Directory Snapshot diff with backups Findings: 2 machines (PrintServer22) 1 account (SVC472994) TeamViewer installed on PrintServer22 Customer remediation: Remove and Uninstall TeamViewer from PrintServer22 Security Summit
12 #1: Slow network and system errors attack Friday May 23 rd, :00 pm May 23 nd 24 th, 2014 During the night Facts: All SAN volumes disconnected from servers CIO, CTO, Facility Managers account s locked out Call IBM ERS Hotline Have an emergency? Call IBM ERS 24x7x365 (US) (WW) IBM findings: Automatic script that lock targeted accounts using SVC More than 15 DCs worldwide Local logs on the machines 50MB log rotation (~2h retention) Suggestion: disable the script and the SVC account Further investigation needed The bad things: No Access Management Does other business process use SVC account? No Change Control More than one day to answer the question and disable the account No Central log management No log from TeamViewer (removed and uninstalled by the customer) Security Summit
13 #1: Slow network and system errors attack Saturday May 24 rd, 2014 During the day One week before IBM findings: No firewall logs related to TeamViewer traffic RADIUS server, using the configured 50MB, has ~15 days logs On Wed May 21 st there was: Interactive logon (local administrator) Account creation (SVC472994) Before that: IT Head of Security login on RADIUS server and create local administrator (probably using stolen or shared password) Then SVC user, from PrintServer22, performed Questions: Who? How? Why? Domain account change Install Java to control SAN volumes Customer fired the network and VMware administrator on Wednesday 21 st, 2014 Remember: No log from TeamViewer (removed and uninstalled by the customer) Monday 26 th May, 2014 During the day IBM further analysis: Create a VM similar to the PrintServer22 (from old backup) Install TeamViewer, perform login, analyze logs and compare with the original logs: Interactive logon found msg Punch Receive from IP xxx.xxx.xxx.xxx in vsphere Client logs Logs are more or less the same [~90%] IBM sent the IP address to the customer Security Summit
14 Incident Response Needs Have a plan (Incident Response Plan) Predefine your Incident Response Team Chose your approach Watch and Learn (with your forensics partner) Circumvent, block, recover Predefine a backup communication plan (no !) Define stakeholders communication plan: provider, developer, legal, Take care of forensic data Create user awareness (out of the security team) Follow crime/law engagement procedures HAVE EXPERIENCE (previous, dry runs, simulated incidents, tests ) Security Summit
15 #2: The SSH Scanner attack Security Summit
16 #2: The SSH Scanner attack Telco company Late April 2014 End Customer s services DC outsourced Good perimeter defense and monitoring Firewall, IPS, Security Gateway, Antivirus SIEM for Log management and correlation VA and PenTest for compliance Other servers in Customer s DC Used for partner, suppliers and backoffice services Managed directly by the customer team Facts: IBM SOC alert SSH Scanner and Dictionary Attack on entire network A-class (including IBM public network) source: Customer s FTP Server Late April 2014 Context information: The local FTP Server is: used for supplier and partner s documentation and invoice accessed with certificate IBM findings: Late April 2014 Remote root login from Romanian IP root login is disabled how did they logged into this machine? Deeper analysis needed Security Summit
17 #2: The SSH Scanner attack December 2013 January 2014 November 2013 April 2014 November 2013 Context information: Late December st attempt to virtualize the machine Failed due to some technical errors Late January 2014 The machine is virtualized correctly Some log are not registered Found a rootkit that was promptly removed The machine start logging correctly IBM findings: December 9 th, st not planned reboot (obfuscated by a lot of migration in these days) January 11 th, 2014 Another not planner reboot Logs disappear A modified kernel was installed on the machine Disable logging Set a fake root login disabled System setting shows root login disabled, but the remote login is enabled and works From November 2013 Other root logins from Chinese IP More than 6 months on this machine, remain underground, without trigger any alerts. Why? The customer was negotiating a merge with another company: Supplier s invoice and financial information was very valuable Once the job was completed, hackers sold the machine in the dark market (double gain, expense covered) The bad things: Cloning the machine as-is backdoor, misconfiguration, error are replicated on the new machine SSH Scanner solved it was not the only attack Deeper and complete investigation Scope is THE ENTIRE COMPANY Not only the web VA and Pen Test are not enough Security Summit
18 CaaS: Cybercrime as a Service Hacker Service Details Price Visa and Master Card (US) with CVV code $4 American Express (US) with CVV code $7 Visa and Master Card (EU) with CVV code $15 American Express Card (EU) with CVV code $18 Verified by Visa (US) $10 Verified by Visa(EU) $17-$25 Bank Acct. with $70,000-$150,000 Bank account number and online credentials (username/password). $300 Infected Computers 1 $20 5 $90 10 $160 Remote Access Trojan(RAT) $50-$250 Add-On Services to RATs Includes set up of C2 Server, adding FUD to RAT $20-$50 Hacking Website; stealing data Price depends on reputation of hacker $100-$300 DDoS Attacks Per day $90-$100 Per week $400-$600 Source: SecureWorks Source: Forbes Security Summit
19 Ma che se ne fanno di un device bucato? Security Summit
20 Active Threat Assessment (ATA) Data Collection & Reconnaissance Targeted External Testing Internal Scanning & Analysis Reviews & Interviews Reporting & Briefing Uncover indicators of compromise and hidden threats Coordinated Attack Simulation Targeted penetration testing helps identify vulnerable systems and applications from an attacker s perspective, conducted with broad coverage or using a customized and simulated events. An on-site coordinator assists with validating that detection mechanisms are successfully detecting malicious activity. Tool based APT Forensic Scanning Checks for the presence of behavioral Indicators of Compromise (IOCs) frequently seen with intrusions indicating a currently active but previously unknown compromise. Memory (RAM) Analysis For systems identified with suspicious activity, a remote memory (RAM, volatile data) analysis may be done looking for common malware traits. System Log Analysis Logs from firewalls, IDS/IPS devices, Network AV servers, DNS and other systems can help reveal IOCs of an intruder or the presence of malware. Critical Controls Review Assessment of the level of implementation of SANS Top 20 Critical Security Controls helps to develop an overall security strategy. Security Summit
21 Security Intelligence Building Blocks Security Governance How Who & What Why Security Analysis Team Threat Intelligence Gathering Vulnerability analysis and Advisor Risk Assessment Impact Analysis Incident Management Plan Enforcement Optimization Investigation and Forensics Analysis Hunter Team Threat Assessment Infrastructure Application Social Phishing Awareness Attack modeling Ad-hoc projects Security Operations Center Monitoring Incident Escalation and Response Contain, Block, Correlate Security Application Management Security Configuration Management Security Policy Management Security Intelligence Platform Aggregate Security event log and flow Correlation, rules and feeds Security Summit
22 Funziona la Security Intelligence? Si, funziona! Security Summit
23 Grazie! Andrea Zapparoli Manzoni Samuele Battistoni Security Summit
24 Security Summit
Protecting against cyber threats and security breaches
Protecting against cyber threats and security breaches IBM APT Survival Kit Alberto Benavente Martínez abenaventem@es.ibm.com IBM Security Services Jun 11, 2015 (Madrid, Spain) 12015 IBM Corporation So
More informationUnder the Hood of the IBM Threat Protection System
Under the Hood of the System The Nuts and Bolts of the Dynamic Attack Chain 1 Balazs Csendes IBM Security Intelligence Leader, CEE balazs.csendes@cz.ibm.com 1 You are an... IT Security Manager at a retailer
More informationSCADA / Smart Grid Security Who is really in control of our Control Systems?
SCADA / Smart Grid Security Who is really in control of our Control Systems? Simone Riccetti Certified SCADA Security Architect Agenda Overview of Security landscape SCADA security problem How to protect
More informationBUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports
BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports Building a Security Operation Center Agenda: Auditing Your Network Environment Selecting Effective Security
More informationL evoluzione del Security Operation Center tra Threat Detection e Incident Response & Management
L evoluzione del Security Operation Center tra Threat Detection e Incident Response & Management Security Services Architect & Advisor, IBM Italia Intervento al Security Summit Milano 2016 15 aprile Autore
More informationSicurezza & Big Data: la Security Intelligence aiuta le aziende a difendersi dagli attacchi
Sicurezza & Big Data: la Security Intelligence aiuta le aziende a difendersi dagli attacchi Giovanni Abbadessa, IBM IT Security Architect Umberto Sansovini, IBM Security Consultant Document number Big
More informationComprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)
Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware
More informationCyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies
Cyber Security in Taiwan's Government Institutions: From APT To Investigation Policies Ching-Yu, Hung Investigation Bureau, Ministry of Justice, Taiwan, R.O.C. Abstract In this article, we introduce some
More informationITEC441- IS Security. Chapter 15 Performing a Penetration Test
1 ITEC441- IS Security Chapter 15 Performing a Penetration Test The PenTest A penetration test (pentest) simulates methods that intruders use to gain unauthorized access to an organization s network and
More informationIBM Security Strategy
IBM Security Strategy Intelligence, Integration and Expertise Kate Scarcella CISSP Security Tiger Team Executive M.S. Information Security IBM Security Systems IBM Security: Delivering intelligence, integration
More informationO N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response workflow guide. This guide has been created especially for you for use in within your security
More informationSicurezza Data Center 22 giugno 2015. Fabio Paravani Regional Account Manager
Sicurezza Data Center 22 giugno 2015 Fabio Paravani Regional Account Manager A world safe for exchanging digital information CEO Founded Headquarters Employees Offices 2012 Sales Eva Chen 1988, United
More informationPERDIX: A FRAMEWORK FOR REALTIME BEHAVIORAL EVALUATION OF SECURITY THREATS IN CLOUD COMPUTING ENVIRONMENT
PERDIX: A FRAMEWORK FOR REALTIME BEHAVIORAL EVALUATION OF SECURITY THREATS IN CLOUD COMPUTING ENVIRONMENT December 6, 2013 Julien Lavesque CTO Itrust j.lavesque@itrust.fr Security experts company founded
More informationStronger than Firewalls And Cheaper Too
Stronger than Firewalls And Cheaper Too Andrew Ginter Director of Industrial Security Waterfall Security Solutions 2012 Emerging Threat: Low Tech, Targeted Attacks Night Dragon, Shady RAT, Anonymous Trick
More informationCybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix
Cybercrime myths, challenges and how to protect our business Vladimir Kantchev Managing Partner Service Centrix Agenda Cybercrime today Sources and destinations of the attacks Breach techniques How to
More informationConcierge SIEM Reporting Overview
Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts
More informationCS 356 Lecture 25 and 26 Operating System Security. Spring 2013
CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control
More informationWorldwide Security and Vulnerability Management 2009 2013 Forecast and 2008 Vendor Shares
EXCERPT Worldwide Security and Vulnerability Management 2009 2013 Forecast and 2008 Vendor Shares IN THIS EXCERPT Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationIBM Security Operations Center Poland! Wrocław! Daniel Donhefner SOC Manager!
IBM Security Operations Center Poland! Wrocław! Daniel Donhefner SOC Manager! IBM can provide unmatched global coverage and security awareness! 4,300 Strategic outsourcing security delivery resources 1,200
More informationAdvanced Threats: The New World Order
Advanced Threats: The New World Order Gary Lau Technology Consulting Manager Greater China gary.lau@rsa.com 1 Agenda Change of Threat Landscape and Business Impact Case Sharing Korean Incidents EMC CIRC
More informationIndustrial Control Systems Security. Denny Gregianin_Sales Area Manager
Industrial Control Systems Security Denny Gregianin_Sales Area Manager VEM in Numbers 5 29 170 800 495 5000 Dipendenti e Fatturato Design & Delivery NOC SOC HR & Quality Operations Custom Application Development
More informationSecurity Challenges and Solutions for Higher Education. May 2011
Security Challenges and Solutions for Higher Education May 2011 Discussion Topics Security Threats and Challenges Education Risks and Trends ACH and Wire Fraud Malware and Phishing Techniques Prevention
More informationAll Information is derived from Mandiant consulting in a non-classified environment.
Disclaimer: All Information is derived from Mandiant consulting in a non-classified environment. Case Studies are representative of industry trends and have been derived from multiple client engagements.
More informationCryptoLocker la punta dell iceberg, impariamo a difenderci dagli attacchi mirati. Patrick Gada 18 March 2015 Senior Sales Engineer
CryptoLocker la punta dell iceberg, impariamo a difenderci dagli attacchi mirati Patrick Gada 18 March 2015 Senior Sales Engineer CryptoLocker Rossi Mario, CryptoLocker CryptoLocker Attacco del 27 gennaio
More informationRSA Security Anatomy of an Attack Lessons learned
RSA Security Anatomy of an Attack Lessons learned Malcolm Dundas Account Executive John Hurley Senior Technology Consultant 1 Agenda Advanced Enterprise/ Threats The RSA Breach A chronology of the attack
More informationSoftware that provides secure access to technology, everywhere.
Software that provides secure access to technology, everywhere. Joseph Patrick Schorr @JoeSchorr October, 2015 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 1 Agenda What are we dealing with? How
More informationThings To Do After You ve Been Hacked
Problem: You ve been hacked! Now what? Solution: Proactive, automated incident response from inside the network Things To Do After You ve Been Hacked Tube web share It only takes one click to compromise
More informationTop Five Data Security Trends Impacting Franchise Operators. Payment System Risk September 29, 2009
Top Five Data Security Trends Impacting Franchise Operators Payment System Risk September 29, 2009 Top Five Data Security Trends Agenda Data Security Environment Compromise Overview and Attack Methods
More informationPractice Good Enterprise Security Management. Presented by Laurence CHAN, MTR Corporation Limited
Practice Good Enterprise Security Management Presented by Laurence CHAN, MTR Corporation Limited About Me Manager Information Security o o o o Policy formulation and governance Incident response Incident
More informationIBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer
IBM Security QRadar SIEM & Fortinet / FortiAnalyzer Introducing new functionality for IBM QRadar Security Intelligence Platform: integration with Fortinet s firewalls and logs forwarded by FortiAnalyzer.
More informationDEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER
DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND Introduction > New security threats are emerging all the time, from new forms of malware and web application exploits that target
More informationEMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security Evangelist @StephenCoty
EMERGING THREATS & STRATEGIES FOR DEFENSE Stephen Coty Chief Security Evangelist @StephenCoty Industry Analysis 2014 Data Breaches - Ponemon Ponemon 2014 Data Breach Report *Statistics from 2013 Verizon
More informationSecurity Policy JUNE 1, 2012. SalesNOW. Security Policy v.1.4 2012-06-01. v.1.4 2012-06-01 1
JUNE 1, 2012 SalesNOW Security Policy v.1.4 2012-06-01 v.1.4 2012-06-01 1 Overview Interchange Solutions Inc. (Interchange) is the proud maker of SalesNOW. Interchange understands that your trust in us
More informationPenetration Testing Services. Demonstrate Real-World Risk
Penetration Testing Services Demonstrate Real-World Risk Penetration Testing Services The best way to know how intruders will actually approach your network is to simulate a real-world attack under controlled
More informationVulnerabilità e Attacchi alle Infrastrutture IT Simone Riccetti. Sr. IT Security Architect
Vulnerabilità e Attacchi alle Infrastrutture IT Simone Riccetti Sr. IT Security Architect Agenda Team di Ricerca X-Force Vulnerabilità e Minacce Tecnologie di Protezione Attack Lifecycle Live Demo 2 The
More informationSecurity from the Cloud
Security from the Cloud Remote Vulnerability Scanning Writer: Peter Technical Review: David Contact: info@hackertarget.com Published: April 2008 Summary: This white paper describes advantages of using
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationIncident Response. Six Best Practices for Managing Cyber Breaches. www.encase.com
Incident Response Six Best Practices for Managing Cyber Breaches www.encase.com What We ll Cover Your Challenges in Incident Response Six Best Practices for Managing a Cyber Breach In Depth: Best Practices
More informationTHREAT VISIBILITY & VULNERABILITY ASSESSMENT
THREAT VISIBILITY & VULNERABILITY ASSESSMENT Date: April 15, 2015 IKANOW Analysts: Casey Pence IKANOW Platform Build: 1.34 11921 Freedom Drive, Reston, VA 20190 IKANOW.com TABLE OF CONTENTS 1 Key Findings
More informationSeparating Signal from Noise: Taking Threat Intelligence to the Next Level
SESSION ID: SPO2-T09 Separating Signal from Noise: Taking Threat Intelligence to the Next Level Doron Shiloach X-Force Product Manager IBM @doronshiloach Agenda Threat Intelligence Overview Current Challenges
More informationEndpoint & Server Protection. Brent Biernat First Vice President Network Services May 13, 2014
Endpoint & Server Protection Brent Biernat First Vice President Network Services May 13, 2014 The Evolution of Cyber Crime 1878 Bell Telephone Teenage Switchboard Operator Disconnected calls, eavesdropped,
More informationINCIDENT RESPONSE CHECKLIST
INCIDENT RESPONSE CHECKLIST The purpose of this checklist is to provide clients of Kivu Consulting, Inc. with guidance in the initial stages of an actual or possible data breach. Clients are encouraged
More informationCybersecurity: An Innovative Approach to Advanced Persistent Threats
Cybersecurity: An Innovative Approach to Advanced Persistent Threats SESSION ID: AST1-R01 Brent Conran Chief Security Officer McAfee This is who I am 2 This is what I do 3 Student B The Hack Pack I used
More informationWho Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015
Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders
More informationSmarter Security for Smarter Local Government. Craig Sargent, Solutions Specialist
Smarter Security for Smarter Local Government Craig Sargent, Solutions Specialist SUMMARY 1 Trustwave and SpiderLabs 2 Penetration Testing 3 Web Application Firewall (WAF) 4 Security Information & Event
More information11th AMC Conference on Securely Connecting Communities for Improved Health
11th AMC Conference on Securely Connecting Communities for Improved Health Information Security Testing How Do AMCs Ensure Your Networks are Secure June 22, 2015 Ray Hillen, Dennis Schmidt, Adam Bennett
More informationPalo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats
Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats Executive Summary Palo Alto Networks strategic partnership with Splunk brings the power of our next generation
More informationReducing Application Vulnerabilities by Security Engineering
Reducing Application Vulnerabilities by Security Engineering - Subash Newton Manager Projects (Non Functional Testing, PT CoE Group) 2008, Cognizant Technology Solutions. All Rights Reserved. The information
More informationNetwork and Host-based Vulnerability Assessment
Network and Host-based Vulnerability Assessment A guide for information systems and network security professionals 6600 Peachtree-Dunwoody Road 300 Embassy Row Atlanta, GA 30348 Tel: 678.443.6000 Toll-free:
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More informationPCI DSS 3.0 : THE CHANGES AND HOW THEY WILL EFFECT YOUR BUSINESS
PCI DSS 3.0 : THE CHANGES AND HOW THEY WILL EFFECT YOUR BUSINESS CIVICA Conference 22 January 2015 WELCOME AND AGENDA Change is here! PCI-DSS 3.0 is mandatory starting January 1, 2015 Goals of the session
More informationPCI DSS 3.0 Changes Bill Franklin Executive IT Auditor bfranklin@compassitc.com January 23, 2014
PCI DSS 3.0 Changes Bill Franklin Executive IT Auditor bfranklin@compassitc.com January 23, 2014 Agenda Introduction PCI DSS 3.0 Changes What Can I Do to Prepare? When Do I Need to be Compliant? Questions
More informationIBM Security Services
IBM Security Services - Penetration Testing - July 15, 2014 12014 IBM Corporation THE EVOLVING THREAT LANDSCAPE 2 Success in today s dynamic, data driven global marketplace requires effective enterprise
More informationWhat Do You Mean My Cloud Data Isn t Secure?
Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there
More informationDall Information Security alla Cyber Security, e ritorno
Dall Information Security alla Cyber Security, e ritorno (Come migliorare la sicurezza dell azienda attraverso un efficace governo degli incidenti) Luca Bechelli (CLUSIT) Marco Di Leo (HP) Fabio Vernacotola
More informationIntroduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec
Introduction Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec More than 20 years of experience in cybersecurity specializing
More informationA Case for Managed Security
A Case for Managed Security By Christopher Harper Managing Director, Security Superior Managed IT & Security Services 1. INTRODUCTION Most firms believe security breaches happen because of one key malfunction
More informationUncover security risks on your enterprise network
Uncover security risks on your enterprise network Sign up for Check Point s on-site Security Checkup. About this presentation: The key message of this presentation is that organizations should sign up
More informationTHE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS
THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS INCONVENIENT STATISTICS 70% of ALL threats are at the Web application layer. Gartner 73% of organizations have been hacked in the past two
More informationMANAGED SECURITY SERVICES (MSS)
MANAGED SECURITY SERVICES (MSS) The Cyber Security Initiative. Cybercrime is becoming an important factor for CIOs and IT professionals, but also for CFOs, compliance officers and business owners. The
More informationSecret Server Qualys Integration Guide
Secret Server Qualys Integration Guide Table of Contents Secret Server and Qualys Cloud Platform... 2 Authenticated vs. Unauthenticated Scanning... 2 What are the Advantages?... 2 Integrating Secret Server
More informationAPPLICATION PROGRAMMING INTERFACE
DATA SHEET Advanced Threat Protection INTRODUCTION Customers can use Seculert s Application Programming Interface (API) to integrate their existing security devices and applications with Seculert. With
More informationAD Account Lockout Investigation and Root Cause Analysis
AD Account Lockout Investigation and Root Cause Analysis Allen Chin Principal Consultant allen_chin@symantec.com 1 Contents 1 Background Issue 2 What was done 3 What were discovered 4 Recommendations 5
More informationWHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.
WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY. A guide for IT security from BIOS The Problem SME s, Enterprises and government agencies are under virtually constant attack today. There
More informationGlobal ediscovery Client Data Security. Managed technology for the global legal profession
Global ediscovery Client Data Security Managed technology for the global legal profession Epiq Systems is a global leader in providing fully integrated technology products and services for ediscovery and
More informationHow To Integrate Intelligence Based Security Into Your Organisation
Threat Intelligence Pty Ltd info@threatintelligence.com 1300 809 437 Threat Intelligence Managed Intelligence Service Did you know that the faster you detect a security breach, the lesser the impact to
More informationData Breach Lessons Learned. June 11, 2015
Data Breach Lessons Learned June 11, 2015 Introduction John Adams, CISM, CISA, CISSP Associate Director Security & Privacy 410.707.2829 john.adams@protiviti.com Powerful Insights. Proven Delivery. Kevin
More informationThe webinar will begin shortly
The webinar will begin shortly An Introduction to Security Intelligence Presented by IBM Security Chris Ross Senior Security Specialist, IBM Security Agenda The Security Landscape An Introduction to Security
More informationProtecting Your Data From The Inside Out UBA, Insider Threats and Least Privilege in only 10 minutes!
We protect your most sensitive information from insider threats. Protecting Your Data From The Inside Out UBA, Insider Threats and Least Privilege in only 10 minutes! VARONIS SYSTEMS About Me Dietrich
More informationWhite Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES. By James Christiansen, VP, Information Risk Management
White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES By James Christiansen, VP, Information Risk Management Executive Summary Security breaches in the retail sector are becoming more
More informationCombating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center
Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored. It takes an average
More informationAdvanced Threat Protection with Dell SecureWorks Security Services
Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5
More informationUnified Security, ATP and more
SYMANTEC Unified Security, ATP and more TAKE THE NEXT STEP Martin Werner PreSales Consultant, Symantec Switzerland AG MEET SWISS INFOSEC! 27.01.2016 Unified Security 2 Symantec Enterprise Security Users
More informationOvercoming PCI Compliance Challenges
Overcoming PCI Compliance Challenges Randy Rosenbaum - Security Services Exec. Alert Logic, CPISM Brian Anderson - Product Manager, Security Services, SunGard AS www.sungardas.com Goal: Understand the
More informationKEY STEPS FOLLOWING A DATA BREACH
KEY STEPS FOLLOWING A DATA BREACH Introduction This document provides key recommended steps to be taken following the discovery of a data breach. The document does not constitute an exhaustive guideline,
More informationAlberto Meneghini! Security Leader, IBM Italia! IBM Security. 2015 IBM Corporation. 12015 IBM Corporation
Alberto Meneghini! Security Leader, IBM Italia! 12015 IBM Corporation Esistono istituzioni finanziarie che sanno cosa significa essere attaccate ed altre che neppure lo immaginano. In quale vi riconoscete?!
More informationHow to build and use a Honeypot. Ralph Edward Sutton, Jr. DTEC 6873 Section 01
How to build and use a Honeypot By Ralph Edward Sutton, Jr DTEC 6873 Section 01 Abstract Everybody has gotten hacked one way or another when dealing with computers. When I ran across the idea of a honeypot
More informationSecurity and Privacy
Security and Privacy Matthew McCormack, CISSP, CSSLP CTO, Global Public Sector, RSA The Security Division of EMC 1 BILLIONS OF USERS MILLIONS/BILLIONS OF APPS 2010 Cloud Big Data Social Mobile Devices
More informationProtection Against Advanced Persistent Threats
Protection Against Advanced Persistent Threats Peter Mesjar Systems Engineer, CCIE 17428 October 2014 Agenda Modern Threats Advanced Malware Protection Solution Why Cisco? Cisco Public 2 The Problem are
More informationCombating a new generation of cybercriminal with in-depth security monitoring
Cybersecurity Services Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored.
More informationTake the Red Pill: Becoming One with Your Computing Environment using Security Intelligence
Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence Chris Poulin Security Strategist, IBM Reboot Privacy & Security Conference 2013 1 2012 IBM Corporation Securing
More informationJK0 015 CompTIA E2C Security+ (2008 Edition) Exam
JK0 015 CompTIA E2C Security+ (2008 Edition) Exam Version 4.1 QUESTION NO: 1 Which of the following devices would be used to gain access to a secure network without affecting network connectivity? A. Router
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationFIREWALL POLICY November 2006 TNS POL - 008
FIREWALL POLICY November 2006 TNS POL - 008 Introduction Network Security Services (NSS), a department of Technology and Network Services, operates a firewall to enhance security between the Internet and
More informationSecuring Your Business s Bank Account
Commercial Banking Customers Securing Your Business s Bank Account Trusteer Rapport Resource Guide For Business Banking January 2014 Table of Contents 1. Introduction 3 Who is Trusteer? 3 2. What is Trusteer
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationTHE ROLE OF IDS & ADS IN NETWORK SECURITY
THE ROLE OF IDS & ADS IN NETWORK SECURITY The Role of IDS & ADS in Network Security When it comes to security, most networks today are like an egg: hard on the outside, gooey in the middle. Once a hacker
More informationContact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:
Malicious software About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for
More informationRunning the SANS Top 5 Essential Log Reports with Activeworx Security Center
Running the SANS Top 5 Essential Log Reports with Activeworx Security Center Creating valuable information from millions of system events can be an extremely difficult and time consuming task. Particularly
More informationCALNET 3 Category 7 Network Based Management Security. Table of Contents
State of California IFB STPD 12-001-B CALNET 3 Category 7 Network Based Security Table of Contents 7.2.1.4.a DDoS Detection and Mitigation Features... 1 7.2.2.3 Email Monitoring Service Features... 2 7.2.3.2
More informationPreparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE
More informationMobile, Cloud, Advanced Threats: A Unified Approach to Security
Mobile, Cloud, Advanced Threats: A Unified Approach to Security David Druker, Ph.D. Senior Security Solution Architect IBM 1 Business Security for Business 2 Common Business Functions Manufacturing or
More informationSecurity Monitoring and Alerting: Managed Security Service Providers (MSSP) vs. Security Incident & Event Management (SIEM)
Security Monitoring and Alerting: Managed Security Service Providers (MSSP) vs. Security Incident & Event Management (SIEM) ActiveGuard U.S. Patent Nos 6,988,208; 7,168,093; 7,370,359; 7,424,743; 2015
More informationCYBER ATTACK DEFENSE A KILL CHAIN STRATEGY WHITE PAPER
CYBER ATTACK DEFENSE A KILL CHAIN STRATEGY WHITE PAPER Executive Summary Companies of all sizes and across all industries are faced with the increasing problem of defending against cyber attacks. Malicious
More informationUNCLASSIFIED. http://www.govcertuk.gov.uk. General Enquiries. Incidents incidents@govcertuk.gov.uk Incidents incidents@govcertuk.gsi.gov.uk.
Version 1.2 19-June-2013 GUIDELINES Incident Response Guidelines Executive Summary Government Departments have a responsibility to report computer incidents under the terms laid out in the SPF, issued
More informationModular Network Security. Tyler Carter, McAfee Network Security
Modular Network Security Tyler Carter, McAfee Network Security Surviving Today s IT Challenges DDos BOTS PCI SOX / J-SOX Data Exfiltration Shady RAT Malware Microsoft Patches Web Attacks No Single Solution
More informationNetwork Security Forensics
Network Security Forensics As hacking and security threats grow in complexity and organizations face stringent requirements to document access to private data on the network, organizations require a new
More informationHow a Company s IT Systems Can Be Breached Despite Strict Security Protocols
How a Company s IT Systems Can Be Breached Despite Strict Security Protocols Brian D. Huntley, CISSP, PMP, CBCP, CISA Senior Information Security Advisor Information Security Officer, IDT911 Overview Good
More informationEcom Infotech. Page 1 of 6
Ecom Infotech Page 1 of 6 Page 2 of 6 IBM Q Radar SIEM Intelligence 1. Security Intelligence and Compliance Analytics Organizations are exposed to a greater volume and variety of threats and compliance
More information