Cyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015

Similar documents
Cyber Threat Intelligence Sharing: Lessons Learned, ObservaMons, RecommendaMons

White Paper: Leveraging Web Intelligence to Enhance Cyber Security

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

Defending Against Data Beaches: Internal Controls for Cybersecurity

A Primer on Cyber Threat Intelligence

Rethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council

Into the cybersecurity breach

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.

WHITE PAPER. Attack the Attacker HOW A MANAGED SECURITY SERVICE IMPROVES EFFICIENCY AND SAVES COST

Keynote: FBI Wednesday, February 4 noon 1:10 p.m.

Defending Against Cyber Attacks with SessionLevel Network Security

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

Obtaining Enterprise Cybersituational

After the Attack. The Transformation of EMC Security Operations

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Cyber Security for audit committees

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

FROM INBOX TO ACTION AND THREAT INTELLIGENCE:

How To Create An Insight Analysis For Cyber Security

Protecting Your Data, Intellectual Property, and Brand from Cyber Attacks

Advanced Persistent Threats

WRITTEN TESTIMONY OF

Threat Intelligence: What is it, and How Can it Protect You from Today s Advanced Cyber-Attacks A Webroot publication featuring analyst research

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats

By John Pirc. THREAT DETECTION HAS moved beyond signature-based firewalls EDITOR S DESK SECURITY 7 AWARD WINNERS ENHANCED THREAT DETECTION

Executive Summary 3. Snowden and Retail Breaches Influencing Security Strategies 3. Attackers are on the Inside Protect Your Privileges 3

Building Blocks of a Cyber Resilience Program. Monika Josi monika.josi@safis.ch

EEI Business Continuity. Threat Scenario Project (TSP) April 4, EEI Threat Scenario Project

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

The Next Generation Security Operations Center

PENETRATION TESTING GUIDE. 1

Stay ahead of insiderthreats with predictive,intelligent security

Security and Privacy

Trends in Malware DRAFT OUTLINE. Wednesday, October 10, 12

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

Cyber Watch. Written by Peter Buxbaum

CHAPTER 3 : INCIDENT RESPONSE THREAT INTELLIGENCE GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

The session is about to commence. Please switch your phone to silent!

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

U. S. Attorney Office Northern District of Texas March 2013

Fighting Advanced Threats

INDUSTRY OVERVIEW: FINANCIAL

Things To Do After You ve Been Hacked

An New Approach to Security. Chris Ellis McAfee Senior System Engineer

CyberArk Privileged Threat Analytics. Solution Brief

DETECT. LEARN. ADAPT. DEFEND. WIN EVERY ATTACK.

Symantec Cyber Security Services: DeepSight Intelligence

Cyber Information-Sharing Models: An Overview

SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper. Safeguarding data through increased awareness

September 20, 2013 Senior IT Examiner Gene Lilienthal

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

Middle Class Economics: Cybersecurity Updated August 7, 2015

Business Continuity for Cyber Threat

Modern Approach to Incident Response: Automated Response Architecture

Continuous Network Monitoring

WHITE PAPER: THREAT INTELLIGENCE RANKING

Data- centric Security: A New Information Security Perimeter Date: March 2015 Author: Jon Oltsik, Senior Principal Analyst

Threat Intelligence: The More You Know the Less Damage They Can Do. Charles Kolodgy Research VP, Security Products

Advanced Threat Protection with Dell SecureWorks Security Services

Cybersecurity and internal audit. August 15, 2014

CYBER SECURITY INFORMATION SHARING & COLLABORATION

Evolution Of Cyber Threats & Defense Approaches

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform

Gregg Gerber. Strategic Engagement, Emerging Markets

Hunting for Indicators of Compromise

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Digital Evidence and Threat Intelligence

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.

Combating a new generation of cybercriminal with in-depth security monitoring

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program

CYBER SECURITY TRAINING SAFE AND SECURE

Developing a Mature Security Operations Center

Web Security. Discovering, Analyzing and Mitigating Web Security Threats

Big Data and Security: At the Edge of Prediction

Addressing the Full Attack Continuum: Before, During, and After an Attack. It s Time for a New Security Model

Enterprise Security Platform for Government

2011 Cyber Security and the Advanced Persistent Threat A Holistic View

Getting real about cyber threats: where are you headed?

STATEMENT OF JOSEPH M. DEMAREST, JR. ASSISTANT DIRECTOR CYBER DIVISION FEDERAL BUREAU OF INVESTIGATION

Eight Essential Elements for Effective Threat Intelligence Management May 2015

REVOLUTIONIZING ADVANCED THREAT PROTECTION

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte

FIVE PRACTICAL STEPS

Business white paper. Missioncritical. defense. Creating a coordinated response to application security attacks

Developing a robust cyber security governance framework 16 April 2015

Cyber Adversary Characterization. Know thy enemy!

Transcription:

Cyber Threats Insights from history and current operations Prepared by Cognitio May 5, 2015

About Cognitio Cognitio is a strategic consulting and engineering firm led by a team of former senior technology executives from the U.S. Intelligence Community. We have a track record of safeguarding some of the nation s greatest secrets, equipping U.S. leadership with actionable intelligence that helps protect lives and driving technology innovation that kept key government agencies generations ahead. Cognitio leverages that vast knowledge to enable companies across disparate industries to effectively manage technology, maximize technology investments, and reduce overall institutional risk. Cloud Transition Cyber Security Innovation Data/Analy tics Cloud Transition We Do Three Things We provide cyber assessment, awareness, remediation and containment strategies. Our process, the Cyber360 includes best practices from government and industry. Cloud Transition Continued innovation is required for market success. Innovation requires well thought out action plans informed by knowledge of both legacy and new technologies. Cloud Transition We know the so-what of data, it is there to enhance your ability to achieve your business objectives. And we know the infrastructure and applications required to let you take advantage of your data. 2015 Cognitio Corp. All rights reserved. Page 2 2

Purpose of this Brief Provide facts and observations on the cyber threat in ways that can inform your decision-making Discuss best practices in the domain of cyber intelligence Provide recommendations that help enhance our collective defense Share and discuss ways of expressing the threat you may find useful in your own threat briefings 2015 Cognitio Corp. All rights reserved. Page 3

About The Cyber Threat Book Lessons from history and current ops Insights from companies under attack Ways to Enhance Cyber Intelligence Support Strategic levels Operational levels Tactical levels TheCyberThreat.com 2015 Cognitio Corp. All rights reserved. Page 4

Lets Start With The Conclusion Action Assess Get Informed Threat Briefs Understand Yourself Automate Collaborate Network Prepare for breach Love your people Description Conduct assessment of cyber intelligence activities & prioritize improvement plans The more you know about the threat the more you can educate others the better. Sign up for the daily Threat Brief at ThreatBrief.com Ensure executives on the team understand cyber threat to their business objectives Know what data, systems, capabilities are most important to protect. Use access control. Few organizations have automated their ability to analyze operational and tactical threat indicators. Fewer have automated their ability to respond. Automate your IT management and access control as well. No single organization can defend against all attackers. Sophisticated attacks require collaboration. Find your peers and build a community before you need it and seek inputs on how they leverage cyber intelligence in their organization (CSA, SINET, FBI, ISACs, SANS, AFCEA, INSA, FedCyber.com, ThreatBrief.com) Plan for how you would respond to the worst case scenario and exercise your responses. Consider assigning an insider threat manager to lead your insider mitigation program and remember it is not about tech here, it is about people and processes. And if you love and lead your good people they will help find the bad people. We will return to this slide after a review of the cyber threat 2015 Cognitio Corp. All rights reserved. Page 5

The Condensed History of the Cyber Threat Civil War: Both sides attacked, exploited, passed false orders. 1986 Hanover Hacker: Shows collaboration is critical 1988 Morris Worm: Plan for collaboration before you need it 1997 Solar Sunrise: Plan cyber intelligence data flow in advance 1998 Moonlight Maze: It takes a nation to fight a nation 2006-11 Shady Rat: Big organizations can attack large target sets, Collaborative intelligence work by good guys can save the day 2007 Estonia: Be ready to weather a storm 2008 Georgia: Expect cyber attacks timed to military ops 2008 Turkey Pipeline Explosion: Largest known cyber to physical attack 2009 GhostNet: When a powerful adversary wants in nothing will stop them. Collaborative cyber intelligence can inform response 2011 Wikileaks: Know the human element. Know balance between info sharing and protection 2013 Mandiant Report Released: Cyber intelligence can make a strategic difference 2013 Snowden Leaks: Know the threat before it strikes 2013 NYT: Just because someone should know doesn t mean they do 2013/14 Banks and Retail: Nothing stops a persistent adversary 2015 Cognitio Corp. All rights reserved. Page 6

The State of the Hack 2014 Forensics study of 1,000 organizations reveal 84% infected with malware. Most had at least one bot in network. Few were aware. Rates up from last year. Even leading anti-virus vendors now admitting that anti-virus is dead Verizon Data Breach Investigations Report (DBIR) proves attackers get in fast (minutes or hours) and remain undetected for months or years. Converged or blended attacks are the norm. Manual removal of detected threats takes significant financial and management resources and months of effort. Malware Is Associated With Almost All Breaches 2015 Cognitio Corp. All rights reserved. Page 7

Who is Attacking? Successful attacks are conducted by organizations Organizations are groups of people acting together for a common purpose By studying those organizations and how they behave and what they want we can help deter their actions and mitigate some of their capabilities When under attack we can better defend When penetrated we can more quickly respond The four categories of organizations: Nations, Criminals, Extremists, 2015 Cognitio Corp. All rights reserved. Page 8 Hactivists

The Special Case of the Insider The term Insider Threat has a special use in the security community. Can be a person you trust who you have given credentials to your most sensitive networks and accounts. Can be a good person one day then change intent the next Could be operating as an extension of one of the organizational categories described above Cannot be stopped by technology alone (but technology can help). Requires policies, process and a highly functioning team of good people to catch the bad ones 2015 Cognitio Corp. All rights reserved. Page 9

The Threat Actors Actor Motive Targets Nation States Economic or Military IP or Infrastructure Organized Crime Financial Gain IP, Banks, PoS Terrorists / Extremists Cause Support Highly Visible Targets Hackers / Hacktivists Publicity, Watch it burn Anything and Everything Trusted Insiders Revenge, Financial Gain Your Data and/or Networks 2015 Cognitio Corp. All rights reserved. Page 10

Attack Patterns Method Summary Lessons Espionage Methods Web Application Attacks Human-guided use of tools to find and extract information Breaking into web sites or applications Prioritize, classify, and protect data Don t host web sites on your network; use robust DMZs Malicious Code Viruses, worms, etc Automatic detection and remediation Exploit poor configuration PoS Attacks Take advantage of bad design Financial transactions are always vulnerable Understand your applications alter default configurations Ensure access to tactical threat intelligence; Red Teams 2015 Cognitio Corp. All rights reserved. Page 11

Bad Actors and Their Code Modern malware is designed to stay under the radar Old anti-virus solutions do not work against new threats Malware hops between media Slow, hard to observe communications Sandboxing, honeypots/nets not the entire solution Even sophisticated adversaries and modern malware can be detected No adversary can be invisible Well trained incident response teams find them However, non-automated methods are overwhelmed and cannot scale Automation is key, including automating cyber intelligence Foundational Work Has Been Done Enabling Automation 2015 Cognitio Corp. All rights reserved. Page 12

Think of Cyber Intelligence like the National Security Community Does Three levels of cyber intelligence Strategic: serving longer term decisions and strategies Operational: serving day to day leadership decisions Tactical: direct support to defenders in the fight Benefits of this approach: Ensure right allocation of required resources to accomplish cyber intelligence objectives and to serve decision-makers Ensure the right architecture is put in place to support the different kinds of decisions made The National Security Community has Intelligence Agencies. Who can 2015 Cognitio Corp. All rights reserved. Page 13 industry turn to?

The Rise of the Cyber Intelligence Discipline The hottest sector of the cyber security business right now is the cyber intelligence sector The old/established firms are enhancing their cyber intelligence practices and offerings New startups are attracting significant investments Data feeds of threat intelligence are hot commodities A new construct called Web Intelligence is emerging Secure collaboration spaces are hot 2015 Cognitio Corp. All rights reserved. Page 14

Concluding Thoughts Adversaries have objectives they are going to fight to achieve History has shown they will never stop History also shows the bad guys will always get in, eventually But a well-instrumented enterprise with a mature cyber intelligence program can detect and mitigate adversary actions Focus on protecting the data, and prioritize which data to protect the best Secure collaboration is required to defeat the threat, including secure collaboration with external organizations Cyber Intelligence is required to ensure you can have a secure collaboration capability Which Leads Back To Our Recommendations 2015 Cognitio Corp. All rights reserved. Page 15

Steps To Enhance Our Use of Cyber Intelligence and Our Collective Cyber Defense Action Description Assess Get Informed Threat Briefs Understand Yourself Automate Collaborate Network Prepare for breach Love your people Conduct assessment of cyber intelligence activities & prioritize improvement plans The more you know about the threat the more you can educate others the better. Sign up for the daily Threat Brief at ThreatBrief.com Ensure executives on the team understand cyber threat to their business objectives Know what data, systems, capabilities are most important to protect. Use access control. Few organizations have automated their ability to analyze operational and tactical threat indicators. Fewer have automated their ability to respond. Automate your IT management and access control as well. No single organization can defend against all attackers. Sophisticated attacks require collaboration. Find your peers and build a community before you need it and seek inputs on how they leverage cyber intelligence in their organization (CSA, SINET, FBI, ISACs, SANS, AFCEA, INSA, FedCyber.com, ThreatBrief.com) Plan for how you would respond to the worst case scenario and exercise your responses. Consider assigning an insider threat manager to lead your insider mitigation program and remember it is not about tech here, it is about people and processes. And if you love and lead your good people they will help find the bad people. Do you concur? 2015 Cognitio Corp. All rights reserved. Page 16

Steps You Can Take Now Sign Up For The Daily Threat Brief http://threatbrief.com Read our paper on the Five Questions CEOs Should Ask Regarding Cyber. Then ask yourself those questions! http://threatbrief.com/ceo-questions Read the book The Cyber Threat http://thecyberthreat.com 2015 Cognitio Corp. All rights reserved. Page 17

Contact Information Bob Gourley bob.gourley@cognitiocorp.com Cognitio Corp 1750 Tysons Blvd, Ste 1500 McLean, VA 22102 (703)738-0068 2015 Cognitio Corp. All rights reserved. Page 18

Sources and Methods We continuously research and review threat and response trends at ThreatBrief.com Other insights provided from 2015 Verizon Data Breach Investigations Report 2014 Annual Check Point Security Report RSA Sponsored Security for Business Innovation Council on Transforming Security SANS reference library Interviews of leading community CISOs Our book The Cyber Threat Sign Up For Our Daily Threat Brief at ThreatBrief.com 2015 Cognitio Corp. All rights reserved. Page 19

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information