Your SlideShare is downloading. ×
Richard Stiennon
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Richard Stiennon

694

Published on

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
694
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
21
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. New threats call for new responses Richard Stiennon Chief Research Analyst IT-Harvest Blog: ThreatChaos.com twitter.com/stiennon
  • 2. Highly targeted sophisticated attacks• Custom domains/websites• Social network vectors• Custom Trojans• Persistence• Insiders
  • 3. APTAdversaries: Competitors, criminals, spiesPernicious: Devious use of digital trade craftTargets: source codes, data, SIGINT, personnel,
  • 4. Ghostnet• Office of the Dalai Lama infiltrated through malware installed on computers• Email servers completely owned• Emails modified in transit• Email read and acted on• Over 1,200 infected computers globally
  • 5. Sound familiar?• Pentagon 2007• Rio Tinto 2009• Google Aurora 2010• Stuxnet
  • 6. Introducing the cyber intelligenceteam Cyber Commander Analysts Operations Red Team
  • 7. Cyber Commander• Assigns and directs roles• Makes sure the correct tools and defenses are deployed• Puts in place controls and audit processes• Reports to upper management on the results of those processes and audits• Primary point of contact for communicating to law enforcement and intelligence agencies
  • 8. AnalystsCyber defense analysts are the intelligence gatherers.They study the threatscape with an eye towardsemerging threats to the organization. • Understanding the state of the art in attack methodologies. • Getting to know potential attackers and monitoring their activity. • Monitoring known attack sources • Communicating the threat level to the rest of the cyber defense team. • Assisting in evaluating technology for internal deployment.
  • 9. OperationsSelecting and deploying tools – FireEye, Trend, Netwitness, Dumbala, Guidance SoftwareDiscovering internal infectionsMonitoring insider behavior
  • 10. Red TeamAttack and penetrationInternal audit
  • 11. The attackers have changed theirtools, targets, and goals.The defenders must change too.
  • 12. Blog: www.threatchaos.comemail: richard@it-harvest.comTwitter: twitter.com/cyberwar

×