SlideShare a Scribd company logo

Science of Security: Cyber Ecosystem Attack Analysis Methodology

Shawn Riley
Shawn Riley

Science of Security (SoS) presentation given at the 2014 Security Today Conference in Grapevine TX.

Presentations & Public Speaking
1 of 26
Download to read offline
www.securitytodayinfo.com November 18 &19, 2014 Gaylord Texan │Grapevine, TX Science of Security: Cyber Intelligence Analysis Shawn Riley Executive Vice President, CSCSS Americas
www.securitytodayinfo.com About Me • Attack Analysis Scientist, Multisource Cyber Intelligence Analyst, & Sci-Fi Geek • Veteran – US Navy Cryptology Community • Former Lockheed Martin Senior Fellow • Former member UK Cybercrime Experts Working Group (UK Govt CSOC / OCSIA)
www.securitytodayinfo.com Outline • Science of Security • Cyber Ecosystem – Cyber Terrain • Cyber Attack Lifecycle • Cyber Ecosystem Attack Analysis Method – Threat Actor’s Cyber Offense Ecosystem • Threat Intelligence Method – Defender’s Cyber Defense Ecosystem • Active Defense Method
www.securitytodayinfo.com Science of Security (SoS) • The Science of Security term has been around since 2010 when an independent science and technology advisory committee for the U.S. Department of Defense concluded there is a science of (cyber) security discipline. • The following year, 2011, the White House released “Trustworthy Cyberspace: Strategic Plan For The Federal Cybersecurity Research And Development Program” formally establishing the Science of Security as 1 of 4 key strategic thrusts for U.S. Federal cybersecurity R&D programs. • A cyber security scientist, in a broad sense, is one engaging in a systematic activity to acquire and organize knowledge in the cyber security domain.
www.securitytodayinfo.com SoS – Core Themes • In 2011 Canada, United States, and United Kingdom established 7 core, inter-related themes that make up the Science of Security domain. SoS Attack Analysis Common Language Core Principles Measurable Security Agility Risk Human Factors
www.securitytodayinfo.com Cyber Ecosystem • Ecosystem is defined as “a community of living organisms in conjunction with the nonliving components of their environment, interacting as a system”. • DHS defines a cyber ecosystem as: “Like natural ecosystems, the cyber ecosystem comprises a variety of diverse participants – private firms, non-profits, governments, individuals, processes, and cyber devices (computers, software, and communication technologies) – that interact for multiple purposes.” People ProcessesTechnology http://www.dhs.gov/xlibrary/assets/nppd-cyber-ecosystem-white-paper-03-23-2011.pdf
www.securitytodayinfo.com Cyber Terrain • (Content)
www.securitytodayinfo.com Cyber Terrain – Layers 0-1 • CAPEC-ID:455 – Malicious Logic Insertion via Inclusion of Counterfeit Hardware Components • CAPEC-ID:453 – Malicious Logic Insertion via Counterfeit Hardware • CAPEC-ID:547 – Physical Destruction of Device or Component • CAPEC-ID:397 – Cloning Magnetic Strip Cards • CAPEC-ID:391 – Bypassing Physical Locks • CAPEC-ID:507 – Physical Theft • CAPEC-ID:414 – Pretexting via Delivery Person • CAPEC-ID:413 – Pretexting via Tech Support • CAPEC-ID:407 – Social Information Gathering via Pretexting • CAPEC-ID:406 – Social Information Gathering via Dumpster Diving CAPEC = Common Attack Pattern Enumeration Classification (463 total attack patterns in CAPEC V2.6) Website: http://capec.mitre.org
www.securitytodayinfo.com Cyber Terrain – Layers 2-7 • CAPEC-ID:383 – Harvesting Usernames or UserIDs via Application API Event Monitoring (Application Layer) • CAPEC-ID:311 – OS Fingerprinting (Network Layer, Transport Layer, & Application Layer) • CAPEC-ID:291 – DNS Zone Transfers (Application Layer) • CAPEC-ID:315 – TCP/IP Fingerprinting Probes (Network Layer, Transport Layer, & Application Layer) • CAPEC-ID:310 – Scanning for Vulnerable Software (Network Layer, Transport Layer, & Application Layer) • CAPEC-ID:311 – OS Fingerprinting (Network Layer, Transport Layer, & Application Layer) • CAPEC-ID:309 – Network Topology Mapping (Network Layer, Transport Layer, & Application Layer) • CAPEC-ID:293 – Traceroute Route Enumeration (Network Layer & Transport Layer) • CAPEC-ID:316 – ICMP Fingerprinting Probes (Network Layer)
www.securitytodayinfo.com Cyber Terrain – Layers 8-11 • CAPEC-ID:37 – Lifting Data Embedded in Client Distributions • CAPEC-ID:205 – Lifting Credential Key Material Embedded in Client • CAPEC-ID:8 – Buffer Overflow in an API Call • CAPEC-ID:14 – Client-side Injection-induced Buffer Overflow • CAPEC-ID:118 – Gather Information • CAPEC-IDS:268 – Audit Log Manipulation • CAPEC-ID:270 – Modification of Registry Run Keys • CAPEC-ID:17 – Accessing, Modifying or Executing Executable Files • CAPEC-ID:69 – Target Programs with Elevated Privileges • CAPEC-ID:76 – Manipulating Input to File System Calls • CAPEC-ID:35 – Leverage Executable Code in Non-Executable Files • CAPEC-ID:472 – Browser Fingerprinting • CAPEC-ID:151 – Identity Spoofing • CAPEC-ID:156 – Deceptive Interactions
www.securitytodayinfo.com Cyber Terrain – Layers 12-14 • CAPEC-ID:404 – Social Information Gathering Attacks • CAPEC-ID:410 – Information Elicitation via Social Engineering • CAPEC-ID:416 – Target Influence via Social Engineering • CAPEC-ID:527 – Manipulate System Users • CAPEC-ID:156 – Deceptive Interactions • CAPEC-ID:98 – Phishing • CAPEC-ID:163 – Spear Phishing • CAPEC-ID:164 – Mobile Phishing (aka MobPhishing)
www.securitytodayinfo.com Cyber Terrain - Complete • (Content)
www.securitytodayinfo.com Cyber Ecosystem w/ Terrain Persona Layer Software App Layer Operating System Layer Machine Language Layer Logical Layers Communications Ports & Protocols Physical Layer Geographic Layer Organization Layer Government Layer Technology / Cyber Terrain People Processes / TTPs
www.securitytodayinfo.com Cyber Attack Lifecycle “Use a cyber attack lifecycle as a framework for observing and understanding an adversary’s actions and for defining an active defense strategy that makes effective use of information available through both internal and external sources throughout the lifecycle.” Recon Weaponize Deliver Exploit Control Execute Maintain Cyber Attack Lifecycle from: http://www.mitre.org/publications/technical-papers/cyber-resiliency-and-nist-special-publication-800-53-rev4-controls Key recommendation from NIST Guide To Cyber Threat Information Sharing (DRAFT) http://csrc.nist.gov/publications/drafts/800-150/sp800_150_draft.pdf
www.securitytodayinfo.com Cyber Ecosystem Attack Analysis Persona Layer Software App Layer Operating System Layer Machine Language Layer Logical Layers Communications Ports & Protocols Physical Layer Geographic Layer Geographic Layer Physical Layer Logical Layers Communications Ports & Protocols Machine Language Layer Operating System Layer Software App Layer Persona Layer Organization Layer Organization Layer Government Layer Government Layer Technology / Cyber Terrain Processes / TTPs Threat Actors / People Defenders Threat Actor’s use of technology and observable technical indicators Threat Actor’s Modus Operandi (Methods of Operation) Defender’s technology based mitigations and countermeasures Defender’s process based mitigations and countermeasures Recon Weaponize Deliver Exploit Control Execute Maintain Threat Intelligence is based on analysis of the Threat Actor’s Cyber Offense Ecosystem. Active Defense is based on analysis of the Defender’s Cyber Defense Ecosystem. Offense Defense Offense informs Defense
www.securitytodayinfo.com Boyd Cycle / OODA Loop • Decision cycle developed by USAF Colonel John Boyd who applied it to combat operations. Often applied to understand commercial operations and learning processes. http://en.wikipedia.org/wiki/OODA_loop
www.securitytodayinfo.com Threat Intelligence Method 1. Observe – Observe each stage of the attack, collect and process available data and information about the attack for each layer of the cyber ecosystem. 2. Orient – Analyze and synthesize the attack data and information for each stage and layer. Orient on the Threat Actor’s methods of operation and use of technology to identify observable indicators in the attack data for each stage across one or more layers of the cyber ecosystem. 3. Decide – Based on the Threat Actor’s modus operandi identify observables and indicators, decide if this attack is from a new threat actor or if the attack is part of a larger campaign. Produce threat intelligence report. 4. Act – Disseminate the threat intelligence report.
www.securitytodayinfo.com Pivot & Chain Into Campaigns Attack 1 Attack 2 Attack 3 APT 1 Attack 1 Attack 2 Attack 3 Attack 4 Attack 1 Attack 2 Attack 3 Attack 4 Attack5 Attack 1 Attack 2 Attack 3 Attack 4 Attack 5 Attack 6 APT 2 APT 1 APT 1 APT 2 APT 2 APT 2 CC1 CC1 CC1 CC1 CC1 CC2 CC2 CC2 CC2 CC2 CC2
www.securitytodayinfo.com PDCA – Plan Do Check Act • Iterative four-step management method used in business for the control and continuous improvement of processes and products. AKA Deming circle/cycle/wheel, Shewhart cycle, or as seen in ISO 9001. http://en.wikipedia.org/wiki/PDCA
www.securitytodayinfo.com Active Defense Method 1. Plan – Plan active defense courses of action based on threat intelligence for each stage of the Threat Actor’s attack, consider both technical and process based mitigations and countermeasures for each layer of the Defender’s cyber defense ecosystem. 2. Do – Implement the intelligence based courses of action to mitigate and counter the Threat Actor’s attack and to increase the defender’s resilience to future attacks by this threat actor. 3. Check – Measure the quality of the threat intelligence and effectiveness of the mitigations and countermeasures over time. 4. Act – Provide feedback on the quality of the threat intelligence and effectiveness of the mitigations and countermeasures, take action to continuously improve the security and resilience of the cyber ecosystem.
www.securitytodayinfo.com Methods Combined 2009 | | | | | | | | | | | | 2010 | | | | | | | | | | | | 2011 | | | | | | | | | | | | 2012 | | | | | | | | | | | | 2013 | | | | | | | | | | | | 2014 | | | | | | | | | | | | 2015 | | | | | | | | | | | Threat Intelligence Cycle Active Defense Cycle
www.securitytodayinfo.com Cyber Ecosystem Attack Analysis Methodology Persona Layer Software App Layer Operating System Layer Machine Language Layer Logical Layers Communications Ports & Protocols Physical Layer Geographic Layer Geographic Layer Physical Layer Logical Layers Communications Ports & Protocols Machine Language Layer Operating System Layer Software App Layer Persona Layer Organization Layer Organization Layer Government Layer Government Layer Technology / Cyber Terrain Processes / TTPs Threat Actors / People Defenders Threat Actor’s use of technology and observable technical indicators Threat Actor’s Modus Operandi (Methods of Operation) Defender’s technology based mitigations and countermeasures Defender’s process based mitigations and countermeasures Recon Weaponize Deliver Exploit Control Execute Maintain Offense Defense Threat Intelligence Cycle Active Defense Cycle
www.securitytodayinfo.com Benefits • Takes a more holistic approach by considering the attack across both the Threat Actor’s cyber offense ecosystem and the Defender’s defense ecosystem. • Enables the Defender to better identify, chain, and track Threat Actors and Campaigns over time. • Enables a more resilient cyber defense ecosystem by having multiple observable indicators for each stage of attack across different layers of the ecosystem. • Costs the Threat Actor considerable more to defeat layered intelligence based mitigations and countermeasures.
www.securitytodayinfo.com Additional Recommendations • Adopt STIX, TAXII, and CYBOX for Threat Intelligence with MAEC, CAPEC, CWE, CVE, CCE extensions. (http://msm.mitre.org) – Automation – Interoperability • Semantic Interoperability • Technical Interoperability • Policy Interoperability http://www.dhs.gov/xlibrary/assets/nppd-cyber-ecosystem-white-paper-03-23-2011.pdf
www.securitytodayinfo.com Summary • Following this methodology will reduce the defender’s cost per attack while increasing the threat actor’s cost to overcome • Based on methods used by many organizations already - OSI Model, OODA Loop, and PDCA cycle • Maturing from a reactive, passive defense posture to a more proactive, active defense posture
www.securitytodayinfo.com Thank You! • Please feel free to reach out with any questions or comments. • You can find me on LinkedIn at: www.linkedin.com/in/shawnriley71/

Recommended

The Cyber Attack Lifecycle
The Cyber Attack LifecycleThe Cyber Attack Lifecycle
The Cyber Attack LifecycleCybereason
 
Setting Your CTI Process In Motion - ENISA CTI-EU 2022
Setting Your CTI Process In Motion - ENISA CTI-EU 2022Setting Your CTI Process In Motion - ENISA CTI-EU 2022
Setting Your CTI Process In Motion - ENISA CTI-EU 2022Andreas Sfakianakis
 
Malware Analysis
Malware AnalysisMalware Analysis
Malware AnalysisPrashant Gupta
 
Attack detection and prevention in the cyber
Attack detection and prevention in the cyberAttack detection and prevention in the cyber
Attack detection and prevention in the cyberJahangirnagar University
 
Critical Infrastructure and Cyber Threat
Critical Infrastructure and Cyber ThreatCritical Infrastructure and Cyber Threat
Critical Infrastructure and Cyber ThreatMotorola Solutions
 
The Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixThe Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixFrode Hommedal
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachAnchises Moraes
 
Introduction to google hacking database
Introduction to google hacking databaseIntroduction to google hacking database
Introduction to google hacking databaseimthebeginner
 

Recommended

The Cyber Attack Lifecycle
The Cyber Attack LifecycleThe Cyber Attack Lifecycle
The Cyber Attack LifecycleCybereason
 
Setting Your CTI Process In Motion - ENISA CTI-EU 2022
Setting Your CTI Process In Motion - ENISA CTI-EU 2022Setting Your CTI Process In Motion - ENISA CTI-EU 2022
Setting Your CTI Process In Motion - ENISA CTI-EU 2022Andreas Sfakianakis
 
Malware Analysis
Malware AnalysisMalware Analysis
Malware AnalysisPrashant Gupta
 
Attack detection and prevention in the cyber
Attack detection and prevention in the cyberAttack detection and prevention in the cyber
Attack detection and prevention in the cyberJahangirnagar University
 
Critical Infrastructure and Cyber Threat
Critical Infrastructure and Cyber ThreatCritical Infrastructure and Cyber Threat
Critical Infrastructure and Cyber ThreatMotorola Solutions
 
The Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixThe Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixFrode Hommedal
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachAnchises Moraes
 
Introduction to google hacking database
Introduction to google hacking databaseIntroduction to google hacking database
Introduction to google hacking databaseimthebeginner
 
Osint 2ool-kit-on the-go-bag-o-tradecraft
Osint 2ool-kit-on the-go-bag-o-tradecraftOsint 2ool-kit-on the-go-bag-o-tradecraft
Osint 2ool-kit-on the-go-bag-o-tradecraftSteph Cliche
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Dam Frank
 
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by AdversariesATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by AdversariesMITRE - ATT&CKcon
 
Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark WebCase IQ
 
User Authentication: Passwords and Beyond
User Authentication: Passwords and BeyondUser Authentication: Passwords and Beyond
User Authentication: Passwords and BeyondJim Fenton
 
SCOR-350-701-V6.pdf
SCOR-350-701-V6.pdfSCOR-350-701-V6.pdf
SCOR-350-701-V6.pdfRoysLoudes
 
Information security awareness
Information security awarenessInformation security awareness
Information security awarenessCAS
 
Using IOCs to Design and Control Threat Activities During a Red Team Engagement
Using IOCs to Design and Control Threat Activities During a Red Team EngagementUsing IOCs to Design and Control Threat Activities During a Red Team Engagement
Using IOCs to Design and Control Threat Activities During a Red Team EngagementJoe Vest
 
Network Forensics Intro
Network Forensics IntroNetwork Forensics Intro
Network Forensics IntroJake K.
 
File000119
File000119File000119
File000119Desmond Devendran
 
Google Dorks
Google DorksGoogle Dorks
Google DorksAdhoura Academy
 
Network Forensic
Network ForensicNetwork Forensic
Network ForensicSujeet Kumar
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence pptKumar Gaurav
 
Multifactor Authentication
Multifactor AuthenticationMultifactor Authentication
Multifactor AuthenticationRonnie Isherwood
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course contentShivamSharma909
 
Data Center Security
Data Center SecurityData Center Security
Data Center SecurityCisco Canada
 
Lecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.pptLecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.pptSurajgroupsvideo
 
Data Center Security
Data Center SecurityData Center Security
Data Center Securitydevalnaik
 
Study of Digital Forensics on Google Cloud Platform
Study of Digital Forensics on Google Cloud PlatformStudy of Digital Forensics on Google Cloud Platform
Study of Digital Forensics on Google Cloud PlatformSamuel Borthwick
 
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...Edureka!
 
National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)Gopal Choudhary
 
How To Catch a Phish: User Awareness and Training
How To Catch a Phish: User Awareness and TrainingHow To Catch a Phish: User Awareness and Training
How To Catch a Phish: User Awareness and TrainingLondon School of Cyber Security
 

More Related Content

What's hot

Osint 2ool-kit-on the-go-bag-o-tradecraft
Osint 2ool-kit-on the-go-bag-o-tradecraftOsint 2ool-kit-on the-go-bag-o-tradecraft
Osint 2ool-kit-on the-go-bag-o-tradecraftSteph Cliche
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Dam Frank
 
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by AdversariesATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by AdversariesMITRE - ATT&CKcon
 
Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark WebCase IQ
 
User Authentication: Passwords and Beyond
User Authentication: Passwords and BeyondUser Authentication: Passwords and Beyond
User Authentication: Passwords and BeyondJim Fenton
 
SCOR-350-701-V6.pdf
SCOR-350-701-V6.pdfSCOR-350-701-V6.pdf
SCOR-350-701-V6.pdfRoysLoudes
 
Information security awareness
Information security awarenessInformation security awareness
Information security awarenessCAS
 
Using IOCs to Design and Control Threat Activities During a Red Team Engagement
Using IOCs to Design and Control Threat Activities During a Red Team EngagementUsing IOCs to Design and Control Threat Activities During a Red Team Engagement
Using IOCs to Design and Control Threat Activities During a Red Team EngagementJoe Vest
 
Network Forensics Intro
Network Forensics IntroNetwork Forensics Intro
Network Forensics IntroJake K.
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence pptKumar Gaurav
 
Multifactor Authentication
Multifactor AuthenticationMultifactor Authentication
Multifactor AuthenticationRonnie Isherwood
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course contentShivamSharma909
 
Data Center Security
Data Center SecurityData Center Security
Data Center SecurityCisco Canada
 
Lecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.pptLecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.pptSurajgroupsvideo
 
Data Center Security
Data Center SecurityData Center Security
Data Center Securitydevalnaik
 
Study of Digital Forensics on Google Cloud Platform
Study of Digital Forensics on Google Cloud PlatformStudy of Digital Forensics on Google Cloud Platform
Study of Digital Forensics on Google Cloud PlatformSamuel Borthwick
 
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...Edureka!
 

What's hot (20)

Osint 2ool-kit-on the-go-bag-o-tradecraft
Osint 2ool-kit-on the-go-bag-o-tradecraftOsint 2ool-kit-on the-go-bag-o-tradecraft
Osint 2ool-kit-on the-go-bag-o-tradecraft
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3
 
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by AdversariesATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries
 
Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark Web
 
User Authentication: Passwords and Beyond
User Authentication: Passwords and BeyondUser Authentication: Passwords and Beyond
User Authentication: Passwords and Beyond
 
SCOR-350-701-V6.pdf
SCOR-350-701-V6.pdfSCOR-350-701-V6.pdf
SCOR-350-701-V6.pdf
 
Information security awareness
Information security awarenessInformation security awareness
Information security awareness
 
Using IOCs to Design and Control Threat Activities During a Red Team Engagement
Using IOCs to Design and Control Threat Activities During a Red Team EngagementUsing IOCs to Design and Control Threat Activities During a Red Team Engagement
Using IOCs to Design and Control Threat Activities During a Red Team Engagement
 
Network Forensics Intro
Network Forensics IntroNetwork Forensics Intro
Network Forensics Intro
 
File000119
File000119File000119
File000119
 
Google Dorks
Google DorksGoogle Dorks
Google Dorks
 
Network Forensic
Network ForensicNetwork Forensic
Network Forensic
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence ppt
 
Multifactor Authentication
Multifactor AuthenticationMultifactor Authentication
Multifactor Authentication
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course content
 
Data Center Security
Data Center SecurityData Center Security
Data Center Security
 
Lecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.pptLecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.ppt
 
Data Center Security
Data Center SecurityData Center Security
Data Center Security
 
Study of Digital Forensics on Google Cloud Platform
Study of Digital Forensics on Google Cloud PlatformStudy of Digital Forensics on Google Cloud Platform
Study of Digital Forensics on Google Cloud Platform
 
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
 

Viewers also liked

National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)Gopal Choudhary
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chainSymantec Brasil
 
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...BCM Institute
 
The Library of Sparta
The Library of SpartaThe Library of Sparta
The Library of SpartaLancope, Inc.
 
Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?John Gilligan
 
National cyber security policy
National cyber security policyNational cyber security policy
National cyber security policyNextBigWhat
 
Journey to cyber resilience
Journey to cyber resilienceJourney to cyber resilience
Journey to cyber resilienceAndrew Bycroft
 
Everything about TAXII
Everything about TAXIIEverything about TAXII
Everything about TAXIIstixproject
 
Threat Intelligence Is Like Three Day Potty Training
Threat Intelligence Is Like Three Day Potty TrainingThreat Intelligence Is Like Three Day Potty Training
Threat Intelligence Is Like Three Day Potty TrainingPriyanka Aash
 
National Cyber Security Policy-2013
National Cyber Security Policy-2013National Cyber Security Policy-2013
National Cyber Security Policy-2013Vidushi Singh
 
Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMAlienVault
 
STIX, TAXII, CISA: Impact of the Cybersecurity Information Sharing Act of 2015
STIX, TAXII, CISA: Impact of the Cybersecurity Information Sharing Act of 2015STIX, TAXII, CISA: Impact of the Cybersecurity Information Sharing Act of 2015
STIX, TAXII, CISA: Impact of the Cybersecurity Information Sharing Act of 2015Priyanka Aash
 
BSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseBSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseChris Sistrunk
 
Introduction to STIX 101
Introduction to STIX 101Introduction to STIX 101
Introduction to STIX 101stixproject
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligencePrachi Mishra
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessJason Murray
 

Viewers also liked (20)

National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)
 
How To Catch a Phish: User Awareness and Training
How To Catch a Phish: User Awareness and TrainingHow To Catch a Phish: User Awareness and Training
How To Catch a Phish: User Awareness and Training
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chain
 
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
 
CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2
 
The Library of Sparta
The Library of SpartaThe Library of Sparta
The Library of Sparta
 
Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?
 
National cyber security policy
National cyber security policyNational cyber security policy
National cyber security policy
 
Journey to cyber resilience
Journey to cyber resilienceJourney to cyber resilience
Journey to cyber resilience
 
Everything about TAXII
Everything about TAXIIEverything about TAXII
Everything about TAXII
 
Curso de Ejemplo
Curso de EjemploCurso de Ejemplo
Curso de Ejemplo
 
Threat Intelligence Is Like Three Day Potty Training
Threat Intelligence Is Like Three Day Potty TrainingThreat Intelligence Is Like Three Day Potty Training
Threat Intelligence Is Like Three Day Potty Training
 
National Cyber Security Policy-2013
National Cyber Security Policy-2013National Cyber Security Policy-2013
National Cyber Security Policy-2013
 
Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USM
 
STIX, TAXII, CISA: Impact of the Cybersecurity Information Sharing Act of 2015
STIX, TAXII, CISA: Impact of the Cybersecurity Information Sharing Act of 2015STIX, TAXII, CISA: Impact of the Cybersecurity Information Sharing Act of 2015
STIX, TAXII, CISA: Impact of the Cybersecurity Information Sharing Act of 2015
 
BSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseBSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA Defense
 
Introduction to STIX 101
Introduction to STIX 101Introduction to STIX 101
Introduction to STIX 101
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
 

Similar to Science of Security: Cyber Ecosystem Attack Analysis Methodology

Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSFDigital Bond
 
RMS Security Breakfast
RMS Security BreakfastRMS Security Breakfast
RMS Security BreakfastRackspace
 
1 info sec+risk-mgmt
1 info sec+risk-mgmt1 info sec+risk-mgmt
1 info sec+risk-mgmtmadunix
 
CompTIA_Security_plus_SY0-701_course_content.pdf
CompTIA_Security_plus_SY0-701_course_content.pdfCompTIA_Security_plus_SY0-701_course_content.pdf
CompTIA_Security_plus_SY0-701_course_content.pdfInfosec train
 
CompTIA_Security_plus_SY0-701_course_content.pdf
CompTIA_Security_plus_SY0-701_course_content.pdfCompTIA_Security_plus_SY0-701_course_content.pdf
CompTIA_Security_plus_SY0-701_course_content.pdfpriyanshamadhwal2
 
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦Infosec train
 
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦priyanshamadhwal2
 
Security+ SY0-701 CERTIFICATION TRAINING.pdf
Security+ SY0-701 CERTIFICATION TRAINING.pdfSecurity+ SY0-701 CERTIFICATION TRAINING.pdf
Security+ SY0-701 CERTIFICATION TRAINING.pdfinfosecTrain
 
CompTIA Security+ (Plus) Certification Training Course
CompTIA Security+ (Plus) Certification Training CourseCompTIA Security+ (Plus) Certification Training Course
CompTIA Security+ (Plus) Certification Training CourseInfosecTrain Education
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...APNIC
 
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...James Anderson
 
Soc analyst course content v3
Soc analyst course content v3Soc analyst course content v3
Soc analyst course content v3ShivamSharma909
 
Protecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetProtecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetPerforce
 
Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Stephen Abram
 
Cybersecurity by the numbers
Cybersecurity by the numbersCybersecurity by the numbers
Cybersecurity by the numbersAPNIC
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightHostway|HOSTING
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKumawat Dharmpal
 

Similar to Science of Security: Cyber Ecosystem Attack Analysis Methodology (20)

CyberOps.pptx
CyberOps.pptxCyberOps.pptx
CyberOps.pptx
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSF
 
RMS Security Breakfast
RMS Security BreakfastRMS Security Breakfast
RMS Security Breakfast
 
1 info sec+risk-mgmt
1 info sec+risk-mgmt1 info sec+risk-mgmt
1 info sec+risk-mgmt
 
CompTIA_Security_plus_SY0-701_course_content.pdf
CompTIA_Security_plus_SY0-701_course_content.pdfCompTIA_Security_plus_SY0-701_course_content.pdf
CompTIA_Security_plus_SY0-701_course_content.pdf
 
CompTIA_Security_plus_SY0-701_course_content.pdf
CompTIA_Security_plus_SY0-701_course_content.pdfCompTIA_Security_plus_SY0-701_course_content.pdf
CompTIA_Security_plus_SY0-701_course_content.pdf
 
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦
 
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦
 
Security+ SY0-701 CERTIFICATION TRAINING.pdf
Security+ SY0-701 CERTIFICATION TRAINING.pdfSecurity+ SY0-701 CERTIFICATION TRAINING.pdf
Security+ SY0-701 CERTIFICATION TRAINING.pdf
 
CompTIA Security+ (Plus) Certification Training Course
CompTIA Security+ (Plus) Certification Training CourseCompTIA Security+ (Plus) Certification Training Course
CompTIA Security+ (Plus) Certification Training Course
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
 
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
 
Soc analyst course content v3
Soc analyst course content v3Soc analyst course content v3
Soc analyst course content v3
 
Protecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetProtecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and Interset
 
Vulenerability Management.pptx
Vulenerability Management.pptxVulenerability Management.pptx
Vulenerability Management.pptx
 
Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)
 
Cybersecurity by the numbers
Cybersecurity by the numbersCybersecurity by the numbers
Cybersecurity by the numbers
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with Phirelight
 
A Strategy for Addressing Cyber Security Challenges
A Strategy for Addressing Cyber Security Challenges A Strategy for Addressing Cyber Security Challenges
A Strategy for Addressing Cyber Security Challenges
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 

Recently uploaded

BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxMohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxmohammadalnahdi22
 
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Hasting Chen
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024eCommerce Institute
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaKayode Fayemi
 
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxNikitaBankoti2
 
Mathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptxMathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptxMoumonDas2
 
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyCall Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyPooja Nehwal
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubssamaasim06
 
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxChiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxraffaeleoman
 
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AITatiana Gurgel
 
SaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, YardstickSaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, Yardsticksaastr
 
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Vipesco
 
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024eCommerce Institute
 
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...Sheetaleventcompany
 
Air breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animalsAir breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animalsaqsarehman5055
 
Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Chameera Dedduwage
 
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdfThe workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdfSenaatti-kiinteistöt
 
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesVVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesPooja Nehwal
 

Recently uploaded (20)

BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
 
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxMohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
 
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New Nigeria
 
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
 
Mathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptxMathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptx
 
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyCall Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubs
 
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxChiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
 
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AI
 
SaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, YardstickSaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, Yardstick
 
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510
 
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024
 
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
 
Air breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animalsAir breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animals
 
Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)
 
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdfThe workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
 
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesVVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
 

Science of Security: Cyber Ecosystem Attack Analysis Methodology

  • 1. www.securitytodayinfo.com November 18 &19, 2014 Gaylord Texan │Grapevine, TX Science of Security: Cyber Intelligence Analysis Shawn Riley Executive Vice President, CSCSS Americas
  • 2. www.securitytodayinfo.com About Me • Attack Analysis Scientist, Multisource Cyber Intelligence Analyst, & Sci-Fi Geek • Veteran – US Navy Cryptology Community • Former Lockheed Martin Senior Fellow • Former member UK Cybercrime Experts Working Group (UK Govt CSOC / OCSIA)
  • 3. www.securitytodayinfo.com Outline • Science of Security • Cyber Ecosystem – Cyber Terrain • Cyber Attack Lifecycle • Cyber Ecosystem Attack Analysis Method – Threat Actor’s Cyber Offense Ecosystem • Threat Intelligence Method – Defender’s Cyber Defense Ecosystem • Active Defense Method
  • 4. www.securitytodayinfo.com Science of Security (SoS) • The Science of Security term has been around since 2010 when an independent science and technology advisory committee for the U.S. Department of Defense concluded there is a science of (cyber) security discipline. • The following year, 2011, the White House released “Trustworthy Cyberspace: Strategic Plan For The Federal Cybersecurity Research And Development Program” formally establishing the Science of Security as 1 of 4 key strategic thrusts for U.S. Federal cybersecurity R&D programs. • A cyber security scientist, in a broad sense, is one engaging in a systematic activity to acquire and organize knowledge in the cyber security domain.
  • 5. www.securitytodayinfo.com SoS – Core Themes • In 2011 Canada, United States, and United Kingdom established 7 core, inter-related themes that make up the Science of Security domain. SoS Attack Analysis Common Language Core Principles Measurable Security Agility Risk Human Factors
  • 6. www.securitytodayinfo.com Cyber Ecosystem • Ecosystem is defined as “a community of living organisms in conjunction with the nonliving components of their environment, interacting as a system”. • DHS defines a cyber ecosystem as: “Like natural ecosystems, the cyber ecosystem comprises a variety of diverse participants – private firms, non-profits, governments, individuals, processes, and cyber devices (computers, software, and communication technologies) – that interact for multiple purposes.” People ProcessesTechnology http://www.dhs.gov/xlibrary/assets/nppd-cyber-ecosystem-white-paper-03-23-2011.pdf
  • 8. www.securitytodayinfo.com Cyber Terrain – Layers 0-1 • CAPEC-ID:455 – Malicious Logic Insertion via Inclusion of Counterfeit Hardware Components • CAPEC-ID:453 – Malicious Logic Insertion via Counterfeit Hardware • CAPEC-ID:547 – Physical Destruction of Device or Component • CAPEC-ID:397 – Cloning Magnetic Strip Cards • CAPEC-ID:391 – Bypassing Physical Locks • CAPEC-ID:507 – Physical Theft • CAPEC-ID:414 – Pretexting via Delivery Person • CAPEC-ID:413 – Pretexting via Tech Support • CAPEC-ID:407 – Social Information Gathering via Pretexting • CAPEC-ID:406 – Social Information Gathering via Dumpster Diving CAPEC = Common Attack Pattern Enumeration Classification (463 total attack patterns in CAPEC V2.6) Website: http://capec.mitre.org
  • 9. www.securitytodayinfo.com Cyber Terrain – Layers 2-7 • CAPEC-ID:383 – Harvesting Usernames or UserIDs via Application API Event Monitoring (Application Layer) • CAPEC-ID:311 – OS Fingerprinting (Network Layer, Transport Layer, & Application Layer) • CAPEC-ID:291 – DNS Zone Transfers (Application Layer) • CAPEC-ID:315 – TCP/IP Fingerprinting Probes (Network Layer, Transport Layer, & Application Layer) • CAPEC-ID:310 – Scanning for Vulnerable Software (Network Layer, Transport Layer, & Application Layer) • CAPEC-ID:311 – OS Fingerprinting (Network Layer, Transport Layer, & Application Layer) • CAPEC-ID:309 – Network Topology Mapping (Network Layer, Transport Layer, & Application Layer) • CAPEC-ID:293 – Traceroute Route Enumeration (Network Layer & Transport Layer) • CAPEC-ID:316 – ICMP Fingerprinting Probes (Network Layer)
  • 10. www.securitytodayinfo.com Cyber Terrain – Layers 8-11 • CAPEC-ID:37 – Lifting Data Embedded in Client Distributions • CAPEC-ID:205 – Lifting Credential Key Material Embedded in Client • CAPEC-ID:8 – Buffer Overflow in an API Call • CAPEC-ID:14 – Client-side Injection-induced Buffer Overflow • CAPEC-ID:118 – Gather Information • CAPEC-IDS:268 – Audit Log Manipulation • CAPEC-ID:270 – Modification of Registry Run Keys • CAPEC-ID:17 – Accessing, Modifying or Executing Executable Files • CAPEC-ID:69 – Target Programs with Elevated Privileges • CAPEC-ID:76 – Manipulating Input to File System Calls • CAPEC-ID:35 – Leverage Executable Code in Non-Executable Files • CAPEC-ID:472 – Browser Fingerprinting • CAPEC-ID:151 – Identity Spoofing • CAPEC-ID:156 – Deceptive Interactions
  • 11. www.securitytodayinfo.com Cyber Terrain – Layers 12-14 • CAPEC-ID:404 – Social Information Gathering Attacks • CAPEC-ID:410 – Information Elicitation via Social Engineering • CAPEC-ID:416 – Target Influence via Social Engineering • CAPEC-ID:527 – Manipulate System Users • CAPEC-ID:156 – Deceptive Interactions • CAPEC-ID:98 – Phishing • CAPEC-ID:163 – Spear Phishing • CAPEC-ID:164 – Mobile Phishing (aka MobPhishing)
  • 13. www.securitytodayinfo.com Cyber Ecosystem w/ Terrain Persona Layer Software App Layer Operating System Layer Machine Language Layer Logical Layers Communications Ports & Protocols Physical Layer Geographic Layer Organization Layer Government Layer Technology / Cyber Terrain People Processes / TTPs
  • 14. www.securitytodayinfo.com Cyber Attack Lifecycle “Use a cyber attack lifecycle as a framework for observing and understanding an adversary’s actions and for defining an active defense strategy that makes effective use of information available through both internal and external sources throughout the lifecycle.” Recon Weaponize Deliver Exploit Control Execute Maintain Cyber Attack Lifecycle from: http://www.mitre.org/publications/technical-papers/cyber-resiliency-and-nist-special-publication-800-53-rev4-controls Key recommendation from NIST Guide To Cyber Threat Information Sharing (DRAFT) http://csrc.nist.gov/publications/drafts/800-150/sp800_150_draft.pdf
  • 15. www.securitytodayinfo.com Cyber Ecosystem Attack Analysis Persona Layer Software App Layer Operating System Layer Machine Language Layer Logical Layers Communications Ports & Protocols Physical Layer Geographic Layer Geographic Layer Physical Layer Logical Layers Communications Ports & Protocols Machine Language Layer Operating System Layer Software App Layer Persona Layer Organization Layer Organization Layer Government Layer Government Layer Technology / Cyber Terrain Processes / TTPs Threat Actors / People Defenders Threat Actor’s use of technology and observable technical indicators Threat Actor’s Modus Operandi (Methods of Operation) Defender’s technology based mitigations and countermeasures Defender’s process based mitigations and countermeasures Recon Weaponize Deliver Exploit Control Execute Maintain Threat Intelligence is based on analysis of the Threat Actor’s Cyber Offense Ecosystem. Active Defense is based on analysis of the Defender’s Cyber Defense Ecosystem. Offense Defense Offense informs Defense
  • 16. www.securitytodayinfo.com Boyd Cycle / OODA Loop • Decision cycle developed by USAF Colonel John Boyd who applied it to combat operations. Often applied to understand commercial operations and learning processes. http://en.wikipedia.org/wiki/OODA_loop
  • 17. www.securitytodayinfo.com Threat Intelligence Method 1. Observe – Observe each stage of the attack, collect and process available data and information about the attack for each layer of the cyber ecosystem. 2. Orient – Analyze and synthesize the attack data and information for each stage and layer. Orient on the Threat Actor’s methods of operation and use of technology to identify observable indicators in the attack data for each stage across one or more layers of the cyber ecosystem. 3. Decide – Based on the Threat Actor’s modus operandi identify observables and indicators, decide if this attack is from a new threat actor or if the attack is part of a larger campaign. Produce threat intelligence report. 4. Act – Disseminate the threat intelligence report.
  • 18. www.securitytodayinfo.com Pivot & Chain Into Campaigns Attack 1 Attack 2 Attack 3 APT 1 Attack 1 Attack 2 Attack 3 Attack 4 Attack 1 Attack 2 Attack 3 Attack 4 Attack5 Attack 1 Attack 2 Attack 3 Attack 4 Attack 5 Attack 6 APT 2 APT 1 APT 1 APT 2 APT 2 APT 2 CC1 CC1 CC1 CC1 CC1 CC2 CC2 CC2 CC2 CC2 CC2
  • 19. www.securitytodayinfo.com PDCA – Plan Do Check Act • Iterative four-step management method used in business for the control and continuous improvement of processes and products. AKA Deming circle/cycle/wheel, Shewhart cycle, or as seen in ISO 9001. http://en.wikipedia.org/wiki/PDCA
  • 20. www.securitytodayinfo.com Active Defense Method 1. Plan – Plan active defense courses of action based on threat intelligence for each stage of the Threat Actor’s attack, consider both technical and process based mitigations and countermeasures for each layer of the Defender’s cyber defense ecosystem. 2. Do – Implement the intelligence based courses of action to mitigate and counter the Threat Actor’s attack and to increase the defender’s resilience to future attacks by this threat actor. 3. Check – Measure the quality of the threat intelligence and effectiveness of the mitigations and countermeasures over time. 4. Act – Provide feedback on the quality of the threat intelligence and effectiveness of the mitigations and countermeasures, take action to continuously improve the security and resilience of the cyber ecosystem.
  • 21. www.securitytodayinfo.com Methods Combined 2009 | | | | | | | | | | | | 2010 | | | | | | | | | | | | 2011 | | | | | | | | | | | | 2012 | | | | | | | | | | | | 2013 | | | | | | | | | | | | 2014 | | | | | | | | | | | | 2015 | | | | | | | | | | | Threat Intelligence Cycle Active Defense Cycle
  • 22. www.securitytodayinfo.com Cyber Ecosystem Attack Analysis Methodology Persona Layer Software App Layer Operating System Layer Machine Language Layer Logical Layers Communications Ports & Protocols Physical Layer Geographic Layer Geographic Layer Physical Layer Logical Layers Communications Ports & Protocols Machine Language Layer Operating System Layer Software App Layer Persona Layer Organization Layer Organization Layer Government Layer Government Layer Technology / Cyber Terrain Processes / TTPs Threat Actors / People Defenders Threat Actor’s use of technology and observable technical indicators Threat Actor’s Modus Operandi (Methods of Operation) Defender’s technology based mitigations and countermeasures Defender’s process based mitigations and countermeasures Recon Weaponize Deliver Exploit Control Execute Maintain Offense Defense Threat Intelligence Cycle Active Defense Cycle
  • 23. www.securitytodayinfo.com Benefits • Takes a more holistic approach by considering the attack across both the Threat Actor’s cyber offense ecosystem and the Defender’s defense ecosystem. • Enables the Defender to better identify, chain, and track Threat Actors and Campaigns over time. • Enables a more resilient cyber defense ecosystem by having multiple observable indicators for each stage of attack across different layers of the ecosystem. • Costs the Threat Actor considerable more to defeat layered intelligence based mitigations and countermeasures.
  • 24. www.securitytodayinfo.com Additional Recommendations • Adopt STIX, TAXII, and CYBOX for Threat Intelligence with MAEC, CAPEC, CWE, CVE, CCE extensions. (http://msm.mitre.org) – Automation – Interoperability • Semantic Interoperability • Technical Interoperability • Policy Interoperability http://www.dhs.gov/xlibrary/assets/nppd-cyber-ecosystem-white-paper-03-23-2011.pdf
  • 25. www.securitytodayinfo.com Summary • Following this methodology will reduce the defender’s cost per attack while increasing the threat actor’s cost to overcome • Based on methods used by many organizations already - OSI Model, OODA Loop, and PDCA cycle • Maturing from a reactive, passive defense posture to a more proactive, active defense posture
  • 26. www.securitytodayinfo.com Thank You! • Please feel free to reach out with any questions or comments. • You can find me on LinkedIn at: www.linkedin.com/in/shawnriley71/