Rethinking Cyber Security in the Age of the Breach

Similar documents
WHITE PAPER. Managed Security. Five Reasons to Adopt a Managed Security Service

Certified Ethical Hacker Exam Version Comparison. Version Comparison

Security as a Service

Malicious Network Traffic Analysis

Reverse Shells Enable Attackers To Operate From Your Network. Richard Hammer August 2006

Description: Course Details:

FORBIDDEN - Ethical Hacking Workshop Duration

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka

Emerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA

Overview. Common Internet Threats. Spear Phishing / Whaling. Phishing Sites. Virus: Pentagon Attack. Viruses & Worms

24/7 Visibility into Advanced Malware on Networks and Endpoints

Loophole+ with Ethical Hacking and Penetration Testing

Advanced Persistent Threats

Firewalls, Tunnels, and Network Intrusion Detection

Description: Objective: Attending students will learn:

Beyond the Hype: Advanced Persistent Threats

CYBERTRON NETWORK SOLUTIONS

Cyb T er h Threat D f e ense S l o uti tion Moritz Wenz, Lancope 1

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

Concierge SIEM Reporting Overview

INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION

Jort Kollerie SonicWALL

The Hillstone and Trend Micro Joint Solution

RSA Security Analytics

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

EMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security

Networking for Caribbean Development

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Comprehensive Advanced Threat Defense

TRITON APX. Websense TRITON APX

Information Security. Training

Cyber Security In High-Performance Computing Environment Prakashan Korambath Institute for Digital Research and Education, UCLA July 17, 2014

BlackRidge Technology Transport Access Control: Overview

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Certified Cyber Security Analyst VS-1160

Top Ten Cyber Threats

Breach Found. Did It Hurt?

Developing Secure Software in the Age of Advanced Persistent Threats

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

CEH Version8 Course Outline

THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS

Endpoint & Server Protection. Brent Biernat First Vice President Network Services May 13, 2014

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?

Security Analytics for Smart Grid

Introducing IBM s Advanced Threat Protection Platform

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why Sorting Solutions? Why ProtectPoint?

RETHINKING CYBER SECURITY Changing the Business Conversation

Information Security Services

13 Ways Through A Firewall What you don t know will hurt you

The Essentials Series. PCI Compliance. sponsored by. by Rebecca Herold

13 Ways Through A Firewall

Security Toolsets for ISP Defense

EC-Council. Certified Ethical Hacker. Program Brochure

Cybercrime: evoluzione del malware e degli attacchi. Cesare Radaelli Regional Sales Manager, Italy cradaelli@paloaltonetworks.com

Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD.

Firewalls and Intrusion Detection

2010 Carnegie Mellon University. Malware and Malicious Traffic

What keep the CIO up at Night Managing Security Nightmares

If you know the enemy and know yourself, you need not fear the result of a hundred battles.

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

Cyber - Security and Investigations. Ingrid Beierly August 18, 2008

Zak Khan Director, Advanced Cyber Defence

McAfee Network Security Platform Administration Course

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Protecting What Matters Most. Terry Ray Chief Product Strategist Trending Technologies Session 11

Introduction of Intrusion Detection Systems

SCP - Strategic Infrastructure Security

P Principles of Network Forensics P Terms & Log-based Tracing P Application Layer Log Analysis P Lower Layer Log Analysis

Speed Up Incident Response with Actionable Forensic Analytics

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

Breaking the Cyber Attack Lifecycle

Cyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

Spyware. Michael Glenn Technology Management 2004 Qwest Communications International Inc.

Defending Against Data Beaches: Internal Controls for Cybersecurity

Information Technology Career Cluster Advanced Cybersecurity Course Number:

Second-generation (GenII) honeypots

Certified Ethical Hacker (CEH)

DATA SHEET. What Darktrace Finds

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats

IBM Protocol Analysis Module

Glasnost or Tyranny? You Can Have Secure and Open Networks!

Stop advanced targeted attacks, identify high risk users and control Insider Threats

Ethical Hacking and Information Security. Foundation of Information Security. Detailed Module. Duration. Lecture with Hands On Session: 90 Hours

IBM X-Force 2012 Cyber Security Threat Landscape

ASK PC Certified Information Systems Security Expert - CISSE

Getting Ahead of Malware

Rational AppScan & Ounce Products

Next-Generation Penetration Testing. Benjamin Mossé, MD, Mossé Security

WEB APPLICATION FIREWALLS: DO WE NEED THEM?

Advice from the Trenches: Preparing for the Challenges and Pressures of a Security Incident Investigation

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

7 Things All CFOs Should Know About Cyber Security

ENABLING FAST RESPONSES THREAT MONITORING

CYBER SECURITY. II. SCANDALOUS HACKINGS To show the seriousness of hacking we have included some very scandalous hacking incidences.

Incident Response. Six Best Practices for Managing Cyber Breaches.

CONTENTS AT A GMi#p. Chapter I Ethical Hacking Basics I Chapter 2 Cryptography. Chapter 3 Reconnaissance: Information Gathering for the Ethical Hacker

Guidelines for Website Security and Security Counter Measures for e-e Governance Project

Transcription:

Global Cloud Networking Advanced Managed Security Cloud Unified Communications Rethinking Cyber Security in the Age of the Breach Craig D Abreo, CISSP VP Security Operations Copyright 2015 Masergy Communica8ons, Inc.

A Quick History of Hacking 2 - Hackers emerge at MIT - Efficiency was the goal - Phone hack (Phreakers) - John Draper (Blue box) - Phreakers à Computing - Hacking groups - Legion of Doom/Chaos Club - 2600 Magazine - Robert Morris (1 st worm) - Operation Sundevil - Kevin Mitnick takedown - AOHell (AOL mail bomb) - Service Denial (Large Org) - DNS Attacks - Source Code Stealing - Intellectual Property - Credit Card/PII theft - APT and Malware - State Sponsored Attacks

Let s dissect an advanced cyber attack

Typical Advanced Persistent Threat (APT) Attack process Ini$al/Zero Day A0acks Backdoor/Remote Access Lateral Movement on Network Data Gathering/ Exfiltra$on Cover Tracks Targeted A@acks NICAZE Reconnaissance Proxy Tunneling Logs Edi8ng Phishing Malware Social Engineering Vulnerable Services SoJware flaws Drive by downloads IRC Botnet Logic Bombs Command & Control (C&C) User Mode rootkits Kernel Rootkits BIOS Malware Scanning Vulnerable Assets discovery Sniff network File shares Databases Password Cracking Hidden Data Streams (NTFS) Covert TCP channels (Loki) Reverse WWW shells Steganography techniques Log/Accoun8ng Clearing Use of Proxy channels (Tor) Clear shell history Microcode Malware SQL Injec8ons VM Detec8on

The result You can t escape the news 6

The high cost of Data Breaches The average cost to a company for a data breach is $3.5M Source: Ponemon Ins1tute 2014 Cost of Data Breach Global Analysis

Typical Enterprise Security Landscape Silo d independent security solutions Perimeter Focus Does not protect against internal threats Signature based Detect known signatures 95%+ exposed No defense for emerging threats, 0-day attacks, encryption Inability to monitor themselves Inadequate oversight, monitoring, ticketing and incident response Management challenges Not enough security expertise, small security staff

Monitoring all available traffic is key East - West Traffic North - South Traffic Users

Security Integration and Information Sharing

Advanced Behavioral Analysis & Machine Learning Resource Pairing Threshold Protocol Pattern Statistical Frequency

Resource & Pairing Engine System Resources monitoring: services protocols ports etc. Major and Minor Overflows & Underflows Inbound and Outbound activity Determine when new servers are found New Services discovered on a previous know host/entity tcp/3306 tcp/443 tcp/21 Pairing Engines monitors and tracks host-to-host/net communication

Threshold Engine Time based analysis using predictive mathematics to determine expected values Time slices analysis: single hour continuous contiguous hours day of week/month/quarter Useful for time based functions: backup batch processing etc.

Protocol Analysis & Pattern Engine Analysis to check for proper protocol usage Packet anomalies are used to evade detection fragments sequence obfuscation de-synchronization Abnormal packets = unsafe packets Pattern Engine will attempt to classify known traffic

Statistical Analysis & Frequency Engine Statistical analysis of: packet flow through the environment individual systems field information within packets Measure and tracks the rate of change in frequency from the statistical engine: packet count protocol usage port service usage

Identifying and analyzing abnormal network behaviors Machine Learning

The human element of Security Security = Protection/Prevention + Detection + Incident Response Let the machines do what they do best integrate closely with human intelligence/expertise and let the humans do what they do best People Process Technology

How can you apply these concepts? Monitor all available traffic on your all network (North-South, East-West, Critical zones, Logs, Scans, End-points etc.) Don't rely just on signature based technologies.. explore your behavioral options Hold a bake off before you settle on a MSSP provider.. Security is 24/7 not 9-5 Invest in a comprehensive security audit program Educate your users - Security Awareness goes a long long way

Global Cloud Networking Advanced Managed Security Cloud Unified Communications Thank You!!

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information