ADVANCED PERSISTENT THREATS & ZERO DAY ATTACKS

Similar documents
i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program

i Network, Inc Technology Solutions, Products & Services Providing the right information, to the right customer, at the right time.

Accenture Cyber Security Transformation. October 2015

Cybersecurity The role of Internal Audit

Defending Against Data Beaches: Internal Controls for Cybersecurity

Triangle InfoSeCon. Alternative Approaches for Secure Operations in Cyberspace

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

Cybersecurity: Mission integration to protect your assets

Looking at the SANS 20 Critical Security Controls

Security Architecture: From Start to Sustainment. Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013

Cyber Security: from threat to opportunity

DoD Strategy for Defending Networks, Systems, and Data

I D C A N A L Y S T C O N N E C T I O N

Enterprise Security Governance. Robert Coles Chief Information Security Officer and Global Head of Digital Risk & Security

Threat Intelligence: The More You Know the Less Damage They Can Do. Charles Kolodgy Research VP, Security Products

Enterprise Security Tactical Plan

The Protection Mission a constant endeavor

Cybersecurity and internal audit. August 15, 2014

National Cyber Security Policy -2013

Cloud Computing Technologies Achieving Greater Trustworthiness and Resilience

Cisco Security Optimization Service

IG ISCM MATURITY MODEL FOR FY 2015 FISMA FOR OFFICIAL USE ONLY

Enterprise Security Platform for Government

Microsoft s cybersecurity commitment

NERC CIP VERSION 5 COMPLIANCE

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Addressing Cyber Risk Building robust cyber governance

THE TOP 4 CONTROLS.

FREQUENTLY ASKED QUESTIONS

Industrial Cyber Security. Complete Solutions to Protect Availability, Safety and Reliability of Industrial Facilities

Attack Intelligence: Why It Matters

Some Thoughts on the Future of Cyber-security

Business resilience: The best defense is a good offense

Data Management Roadmap

Extending Threat Protection and Control to Mobile Workers with Cloud-Based Security Services > White Paper

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice

Data Centric Security Management. Protecting information in a rapidly evolving and interconnected future

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Cybersecurity Delivering Confidence in the Cyber Domain

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Security Risk Management For Health IT Systems and Networks

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

Continuous Network Monitoring

Internal audit of cybersecurity. Presentation to the Atlanta IIA Chapter January 2015

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Security Analytics for Smart Grid

TRITON AP-ENDPOINT STOP ADVANCED THREATS AND SECURE SENSITIVE DATA FOR ROAMING USERS

Agenda. Introduction to SCADA. Importance of SCADA security. Recommended steps

WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION

C ETS C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CSCSS / ENTERPRISE TECHNOLOGY + SECURITY

defense through discovery

Targeted Intrusion Remediation: Lessons From The Front Lines. Jim Aldridge

Be Prepared. For Anything. Cyber Security - Confronting Current & Future Threats The role of skilled professionals in maintaining cyber resilience

應 用 SIEM 偵 測 與 預 防 APT 緩 攻 擊

EXTENDING THREAT PROTECTION AND CONTROL TO MOBILE WORKERS

A NEW APPROACH TO CYBER SECURITY

BlackRidge Technology Transport Access Control: Overview

Reliable, Repeatable, Measurable, Affordable

CyberSecurity Solutions. Delivering

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

The New Perimeter Information Isolate the data The road to securing Information without physical controls

Boeing is working with industry to establish a unified cyber strategy and deliver cyber security solutions to airlines worldwide.

State Agency Cyber Security Survey v October State Agency Cybersecurity Survey v 3.4

Raytheon Cybersecurity and Small Business Engagement. Raytheon Jeff Jacoby

Advanced Threat Protection with Dell SecureWorks Security Services

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats

SECURITY RISK MANAGEMENT

Release of the Draft Cybersecurity Procurement Language for Energy Delivery Systems

Improving Cyber Security and Mission Assurance via Cyber Preparedness (Cyber Prep) Levels

North Dakota 2013 IT Security Audit Vulnerability Assessment & Penetration Test Project Briefing

Approach to Information Security Architecture. Kaapro Kanto Chief Architect, Security and Privacy TeliaSonera

Data- centric Security: A New Information Security Perimeter Date: March 2015 Author: Jon Oltsik, Senior Principal Analyst

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

Enterprise Cybersecurity: Building an Effective Defense

Security in Space: Intelsat Information Assurance

High End Information Security Services

Middle Class Economics: Cybersecurity Updated August 7, 2015

Cybersecurity Enhancement Account. FY 2017 President s Budget

Practical Steps To Securing Process Control Networks

Cyber Security Risk Management: A New and Holistic Approach

EEI Business Continuity. Threat Scenario Project (TSP) April 4, EEI Threat Scenario Project

5 Steps to Advanced Threat Protection

Transcription:

ADVANCED PERSISTENT THREATS & ZERO DAY ATTACKS AN INFORMATION SECURITY BATTLEFIELD From Static to Dynamic Defense Cyber Security Strategies, LLC 1

2008-2010 Is The Cyber Tipping Point ESTONIA GEORGIA CABLE CUTS THUMB DRIVE BAN RESTRICTING SOCIAL NETWORKING CYBER ESPIONAGE/OPERATION AURORA CYBER CRIMINAL.CYBER TERRORISM Cyber Security Strategies, LLC 2

Strategic Security and Risk Management must be adopted in Corporate cultures Cyber Warfare it s targeting everyone leadership must prioritize the board room must care Malware changes landscape Comprehensive approach for Critical Infrastructure e.g Power Grid, Banks etc. A major cyber attack on Critical Infrastructure economically devastating Both state and non-state espionage has created the opportunity Cyber Security Strategies, LLC 3

Characterizing Advanced Persistent Threats Cyber Security Strategies, LLC 4

Cyber Security Maturity Model* Robust Information & Communications Technologies for Mission Success E Resilience Risk Management Most Organizations C D A B Agility / Speed of Action A B C D E Reactive & Manual People based following doctrine and doing their best to put out fires Tools-Based Integrated Picture Dynamic Defense Applying tools and technologies piecemeal to assist people in reacting faster Loosely integrated with focus on interoperability and standards based data exchange for IA situational awareness Resilient Enterprise Predictive and agile, the Predictive & mission enterprise instantiates focused, isolates and policy, illuminates events contains damage, secure and helps the operators supply chains and protect find, fix, and target for key critical infrastructures response to operate through cyber attack *Cyber Security Strategies, LLC 5

Prevention vs. Remediation Understand landscape and ruthless architecture engineering Standard Configurations and Inventory of Assets Trained and educated workforce (controlled Access/Use) Policy-based enterprise (interoperable infrastructure vs. point sol ns) Risk based model & decision making/continuous assessments Penetration Testing/Red and Blue teams and exercises Software & Systems Security Assurance Data Protection at rest/motion with rapid recovery and resiliency Cyber Security Strategies, LLC 6

Building A Dynamic Defense Reduce the Attack surface/agile defense Strong Identity protection/attribution for people and devices Mission-based architectures: automated mgmt of vulnerabilities/threats Enterprise Security Protection (encryption) and Management Persistent Attack, Sensing, Warning and Response from the perimeter to the edge Inbound & Outbound threat protection Deploy host based security Expand protection for mobile devices Cyber Security Strategies, LLC 7

Towards A Resilient Enterprise Business continuity during an attack Map & prioritize crown jewels Share tactical information with key business partners Flexible encryption and key mgmt Secure supply chains Systems assurance up and down the ISO Stack Link business continuity efforts to operate through cyber attack Cyber Security Strategies, LLC 8

Summary Strategic Security is only way to address advanced persistent threat Awareness/Commitment-from board room down Implementation of a pro-active prevention program Adopt Cyber Security Maturity Model* to achieve a dynamic defense capability with real-time interoperable detection and response Baking resilience into the enterprise to operate through cyber attack or disruption Cyber Security Strategies, LLC* 9

Further information Robert F. Lentz 410-914-7195 (phone) robert.lentz@cybersecuritystrategies.com Cyber Security Strategies, LLC 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information