EMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security Evangelist @StephenCoty

Similar documents
Modular Network Security. Tyler Carter, McAfee Network Security

Stephen Coty Director, Threat Research

Security Information & Event Management (SIEM)

Security Camp Conference Fine Art of Balancing Security & Privacy

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES. By James Christiansen, VP, Information Risk Management

Defending Against Data Beaches: Internal Controls for Cybersecurity

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

Cyber Security Metrics Dashboards & Analytics

24/7 Visibility into Advanced Malware on Networks and Endpoints

ALERT LOGIC FOR HIPAA COMPLIANCE

BlackRidge Technology Transport Access Control: Overview

The Role of Security Monitoring & SIEM in Risk Management

Security strategies to stay off the Børsen front page

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

IT Security Strategy and Priorities. Stefan Lager CTO Services

Cisco Security Optimization Service

A Case for Managed Security

By John Pirc. THREAT DETECTION HAS moved beyond signature-based firewalls EDITOR S DESK SECURITY 7 AWARD WINNERS ENHANCED THREAT DETECTION

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

Jort Kollerie SonicWALL

Security and Privacy

Advanced & Persistent Threat Analysis - I

What keep the CIO up at Night Managing Security Nightmares

The SMB Cyber Security Survival Guide

Cybersecurity: An Innovative Approach to Advanced Persistent Threats

Defending Against Cyber Attacks with SessionLevel Network Security

Fighting Advanced Threats

Cisco & Big Data Security

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why Sorting Solutions? Why ProtectPoint?

Critical Security Controls

Certified Ethical Hacker Exam Version Comparison. Version Comparison

CEH Version8 Course Outline

AppGuard. Defeats Malware

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

SECURITY SOLUTIONS AND SERVICES

External Supplier Control Requirements

The webinar will begin shortly

Attacks from the Inside

Performanta Pty Ltd. Company Profile. May Trust. Practical. Performanta.

The Value of QRadar QFlow and QRadar VFlow for Security Intelligence

A Systems Engineering Approach to Developing Cyber Security Professionals

Security Intelligence Services.

Cloud Services Prevent Zero-day and Targeted Attacks

Malicious Network Traffic Analysis

Networking for Caribbean Development

Rich Baich Principal March 22, 2012

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

東 京 電 機 大 学 国 際 化 サイバーセキュリティ 学 特 別 コース. Cyber Security in the Financial Sector

The Leading Provider of Endpoint Security Solutions

Unified Security Management and Open Threat Exchange

SourceFireNext-Generation IPS

How To Buy Nitro Security

Emerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA

Symantec Advanced Threat Protection: Network

IBM Security QRadar Vulnerability Manager

Description: Course Details:

MANAGED SECURITY SERVICES (MSS)

Internet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM

Enterprise Cybersecurity: Building an Effective Defense

Introducing IBM s Advanced Threat Protection Platform

Unified Security, ATP and more

Breaking the Cyber Attack Lifecycle

IBM Security re-defines enterprise endpoint protection against advanced malware

Is your SIEM ready.???

The Protection Mission a constant endeavor

Automated Protection on UCS with Trend Micro Deep Security

How To Create Situational Awareness

Industrial Security for Process Automation

SANS Top 20 Critical Controls for Effective Cyber Defense

IBM Security QRadar QFlow Collector appliances for security intelligence

THE BEST WAY TO CATCH A THIEF. Patrick Bedwell, Vice President, Product Marketing

Speed Up Incident Response with Actionable Forensic Analytics

Glasnost or Tyranny? You Can Have Secure and Open Networks!

Description: Objective: Attending students will learn:

900 Walt Whitman Road, Suite 304 Melville, NY Office:

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS. Junos WebApp Secure Junos Spotlight Secure

7 Things All CFOs Should Know About Cyber Security

Internet threats: steps to security for your small business

The Evolution of Application Monitoring

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

DHS ICSJWG Fall Conference Maintaining Necessary Information Paths Over Unidirectional Gateways

Incident Response. Six Best Practices for Managing Cyber Breaches.

APPLICATION PROGRAMMING INTERFACE

Trust the Innovator to Simplify Cloud Security

Information Security and Risk Management

RSA Security Anatomy of an Attack Lessons learned

Data Center security trends

IBM Security IBM Corporation IBM Corporation

The Hillstone and Trend Micro Joint Solution

2012 Data Breach Investigations Report

The Cyber OODA Loop: How Your Attacker Should Help You Design Your Defense. Tony Sager The Center for Internet Security

Concierge SIEM Reporting Overview

Extreme Networks Security Analytics G2 Vulnerability Manager

Security Analytics for Smart Grid

Transcription:

EMERGING THREATS & STRATEGIES FOR DEFENSE Stephen Coty Chief Security Evangelist @StephenCoty

Industry Analysis 2014 Data Breaches - Ponemon Ponemon 2014 Data Breach Report *Statistics from 2013 Verizon Business Data Breach Investigation Report

Industry Analysis 2014 Data Breaches - Mandiant

Global Analysis

Industry Analysis - Financial

Industry Analysis - Healthcare

Industry Analysis - Retail

Different Cells

New Groups Emerging

Tools of the Trade

Black Shades RAT

Underground Economy Drop Sites Phishing Keyloggers Payment Gateways ecommerce Sites ecurrency Gambling ICQ Bank Wire Transfer Botnet Owners Botnet Service Spammers Validation Service (Card Checkers) Carding Forums Retailers Drop Service Malware Distribution Service Data Acquisition Service Data Mining & Enrichment Data Sales Cashing Malware Writers Identity Collectors Credit Card Users Master Criminals *Statistics from 2013 Verizon Business Data Breach Investigation Report

HOW DO WE DEFEND AGAINST THESE ATTACKS

Security Architecture Firewall/ACL Intrusion Detection Deep Packet Forensics Netflow Analysis Network NAC DDOS Scanner Vulnerabilities Log Mgmt SDLC Patch Mgmt Server/App Mail/Web Filter Scanner Backup Anti-Virus Encryption GPG/PGP FIM Host Anti Malware IAM Central Storage http://aws.amazon.com/security/security-resources/

Data Correlation is the Key

SIEM Operations 8.2 Million Per Day 40,000 Per Month 16

Enterprise Cyber Security Teams Monitor and Maintain non-managed hardware deployment uptime Cyber Security Awareness Program Incident Response Team Collect and Maintain content for all non-managed devices Operational Implementation of all security infrastructure Network and Application Penetration Testing and Audit Team

24x7 Security Operations Center Monitor intrusion detection and vulnerability scan activity Respond to incidents and provide ongoing tuning services as new threats appear Provide guidance on remediation when incidents are identified Detect Zero-Day and APT attacks Proactively monitor web application firewall Analyze incidents and escalate according to custom requirements Identify and implement required policy changes

THREAT INTELLIGENCE

Honeypot Findings Highest volume of attacks occurred in Europe Attacks against Microsoft DS accounted for over 51% of the overall attack vectors Database services have been a consistent target 14% of the malware loaded on the Honeypots was considered undetectable by AV Underscores the importance of a defense in depth strategy for the need to secure your enterprise and cloud infrastructure

Samples of Malware detected If an attacker were using the collected malware to launch an attack against an individual or an enterprise it would be theoretically run in this order. 1. Ping Sweep 2. Port Reconnaissance 3. Exploit a Vulnerability 4. Check for Shares or Networked Drives 5. Load Malware 6. Load Worm 7. Load Remote Access Trojan for full Control

Partnering with other Researchers

Open/Closed Source Intelligence

Monitoring the Social Media Accounts

Following IRC and Forums

Tracking and Predicting the Next Move He is a guy from a European country/ (Russia) His handle or nick is madd3 Using ICQ 416417 as a tool of communication (illegal transaction) A simple /whois command to the nick provided us with good information 85.17.139.13 (Leaseweb) ircname : John Smith channels : #chatroom server : irc.private-life.biz [Life Server] Check this out user has another room. #attackroom4 We can confirm that Athena version 2.3.5 is being use to attack other sites. 2,300 infected Users Cracked Software is available in forums As of today 1 BTC to $618.00 or 361.66

Forums to Follow Exploit.in

Stay Informed of the Latest Vulnerabilities Websites to follow - http://www.securityfocus.com - http://www.exploit-db.com - http://seclists.org/fulldisclosure/ - http://www.securitybloggersnetwork.com/ - http://nvd.nist.gov/ - http://cve.mitre.org/ - https://www.alertlogic.com/weekly-threat-report/

To Follow our Research Twitter: - @AlertLogic - @StephenCoty Blog: - https://www.alertlogic.com/resources/blog Cloud Security Report - https://www.alertlogic.com/resources/cloud-security-report/ Zero Day Magazine - http://www.alertlogic.com/zerodaymagazine/

Thank you.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information