SlideShare a Scribd company logo

ITSD Division Overview and Cybersecurity Threat Landscape

Download as PPTX, PDF
Abhinav Biswas
Abhinav Biswas

Presentation delivered for Management Development Programme on "Information and Cyber Security" at Institute of Public Enterprise, Hyderabad on 12th September, 2015.

Technology
1 of 23
Information Technology Services Division , ITSD - Abhinav Biswas Alt. CISO, NKN Data Centre, Electronics Corporation of India Limited, ECIL Department of Atomic Energy.
Information Technology Services Division , ITSD   • Corporate Threat Landscape   • Signature Based  • Analytics based (Sandboxing & GTI )  • Log Correlation & Big Data Analysis   • Nessus, Acunetix  
Information Technology Services Division , ITSD  Gathers information secretly and sends to another entity without the user's consent.  Stops from using your PC until you pay a certain amount of money (the ransom). e.g. Encryption Ransomware, CryptoLocker  Psychological manipulation of people into performing actions or divulging confidential information.  Act of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.  Voice-over Phishing
Information Technology Services Division , ITSD  A weakness which allows an attacker to reduce a system's information assurance.  A possible danger that might exploit a vulnerability to breach security and thus cause possible harm.  A piece of software or a sequence of commands that takes advantage of a bug or vulnerability.  An attempt to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset. (A realized Threat using an Exploit on Vulnerability is an Attack.)  An observable change to the normal behavior of a system, environment, process, workflow or person.  An event attributable to a root cause. All incidents are events but many events are not incidents. (An Attack is a series of security incidents.)
Information Technology Services Division , ITSD  - Advanced Persistent Threats (APT) - Zero-day Attacks (ZDA) - Smart Mobile Malware (SMM) - Web-based Plug-in Exploits (WPE)  - Free availability of Root-kits, SpamBots, Phishing Tools etc. - Digital Currencies (BitCoin) & Anonymous Payment Services.  - Strategic Government institutions.  - Polymorphism, Dynamic URLs, Virtualization, Cloud, Smart Phone/ Mobiles, Social Sites, BYOD, Internet Of Things (IOT/IPv6)
Information Technology Services Division , ITSD Lure Redirect Exploit Kit Dropper File Call Home Data Theft Recon
Information Technology Services Division , ITSD 7 Social Media Email Mobile Attack Vectors Web Redirects Malware Recon XSS Dropper Files C n CExploit Kits Phishing
Information Technology Services Division , ITSD • 1a) Identify target • 1b) Determine browsing habits • 2) Select favorite website • 3) Compromise and host exploits • 3)Drop malware • 4)Determine target profile • 4)Wait for opportunity to further compromise
Information Technology Services Division , ITSD Internet Customer Attacker Vuln. ADSL Router Changes the DNS server entries in the modem to rogue DNS servers and changes the password of the DSL router Rogue DNS Server Attacker scans for the DSL router and logs onto Admin console via WAN interface by exploiting vulnerabilities in the router firmware or configuration flaws; or by infecting connected computer
Information Technology Services Division , ITSD 3 FORWARD FACING ONLY, LACK OUTBOUND PROTECTION No contextual analysis of Internal Threats. 2 LACK OF REAL-TIME INLINE CONTENT ANALYSIS No Byte-Range Data Packet Analysis for Data Loss/ Theft Detection 4 LACK OF ADVANCED ANALYTICS & ANOMALY DETECTION No Sandboxing in existing UTMs, NGFWs. No SSL packet inspection. 1 PRIMARILY BASED ON SIGNATURE & REPUTATION Signature history cannot keep up with the dynamic future of threats
Information Technology Services Division , ITSD
Information Technology Services Division , ITSD WEB  Content Analysis  Malware Sandbox  Forensic Reports  SSL Inspection  Video Controls EMAIL  Spear-Phishing  URL Sandboxing  Anti-Spam  TLS Encryption  Image Analysis DATA  Content Aware DLP  Drip Data Theft Detection  OCR of Image Text  Geo-Location MOBILE  Cloud Service  Malicious Apps  BYOD Policy  Reporting/Invent ory Monitor Discover Classify DISCOVER MONITOR CLASSIFY PROTECT WHERE WHATWHO HOW ESSENTIAL INFORMATION PROTECTION External Risks Internal Risks
Information Technology Services Division , ITSD
Information Technology Services Division , ITSD (Similar to Bomb Detonation Sandbox) - Tightly controlled access to resources - URL sandbox/File sandbox - Isolated environment/network - Multiple Detection Environment (Virtual Machines) - Customizable & Realistic Virtual environment - Behavior based classification & Risk scoring - Instrumented Forensic Data Collection - Big log Data interpretation - Post-incident data (SIEM - Security Incident Event Management) - Real-time Threat Intelligence (GTI) - Integration with other sources (local/national/international) - PCAP (Packet Capture) & Replay
Information Technology Services Division , ITSD  - Content & Context Aware logs - Device & Application logs, Authentication & IAM log, Endpoint security devices, user identity, location, VA scan data, Netwrk flows, OS events, DB transaction logs  - Remove redundancy.  - Threat Intelligence & Risk Analysis - Behavior Profiling  
Information Technology Services Division , ITSD
Information Technology Services Division , ITSD  - Concept of the network perimeter evaporates - No Physical Segregation across VMs - Web access to all Resources - VM to VM vulnerability exploitation (Colocation of VMs) - Easy Reconfiguration (Lack of Persistence)  - Still a hot research topic - Instance Isolation in Software Defined Data Centre (SDDC) - Homo-morphic encryption based virtual disks. - Randomized Memory Mapping & Distributed Scheduling.
Information Technology Services Division , ITSD
Information Technology Services Division , ITSD
Information Technology Services Division , ITSD • Use Legal software only • Keep upto-date patches and fixes of the Operating System and Application Software • Exercise caution while opening unsolicited emails and do not click on a link embedded within • Open only email attachments from trusted parties • Use latest browsers having capability to detect phishing/ malicious sites • Harden the Operating System • Whitelist the Applications • Deploy software for controlled use of USB Pen Drives.
Information Technology Services Division , ITSD “Let us not look back in anger or look forward in fear, but look around in awareness.”
Information Technology Services Division , ITSD
Information Technology Services Division , ITSD Abhinav Biswas http://abhinav-biswas.appspot.com Alt. CISO, NKN Data Centre, ITSD, IT&TG, ECIL Hyderabad, Electronics Corporation of India Limited, Dept. of Atomic Energy.

Recommended

Insights Into Modern Day Threat Protection
Insights Into Modern Day Threat ProtectionInsights Into Modern Day Threat Protection
Insights Into Modern Day Threat ProtectionAbhinav Biswas
 
Smart Defense: Strategic Approach to fight contemporary Security, Privacy & A...
Smart Defense: Strategic Approach to fight contemporary Security, Privacy & A...Smart Defense: Strategic Approach to fight contemporary Security, Privacy & A...
Smart Defense: Strategic Approach to fight contemporary Security, Privacy & A...Abhinav Biswas
 
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerTouring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerAbhinav Biswas
 
Attacking the cloud with social engineering
Attacking the cloud with social engineeringAttacking the cloud with social engineering
Attacking the cloud with social engineeringPeter Wood
 
Dark - Side of Internet of Things (IOT)
Dark - Side of Internet of Things (IOT)Dark - Side of Internet of Things (IOT)
Dark - Side of Internet of Things (IOT)Abhinav Biswas
 
Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of ThingsChristopher Frenz
 
Privacy and Security in the Internet of Things
Privacy and Security in the Internet of ThingsPrivacy and Security in the Internet of Things
Privacy and Security in the Internet of ThingsJeff Katz
 
ON THE SECURITY AND PRIVACY OF INTERNET OF THINGS ARCHITECTURES
ON THE SECURITY AND PRIVACY OF INTERNET OF THINGS ARCHITECTURESON THE SECURITY AND PRIVACY OF INTERNET OF THINGS ARCHITECTURES
ON THE SECURITY AND PRIVACY OF INTERNET OF THINGS ARCHITECTURESManisha Luthra
 

Recommended

Insights Into Modern Day Threat Protection
Insights Into Modern Day Threat ProtectionInsights Into Modern Day Threat Protection
Insights Into Modern Day Threat ProtectionAbhinav Biswas
 
Smart Defense: Strategic Approach to fight contemporary Security, Privacy & A...
Smart Defense: Strategic Approach to fight contemporary Security, Privacy & A...Smart Defense: Strategic Approach to fight contemporary Security, Privacy & A...
Smart Defense: Strategic Approach to fight contemporary Security, Privacy & A...Abhinav Biswas
 
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerTouring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerAbhinav Biswas
 
Attacking the cloud with social engineering
Attacking the cloud with social engineeringAttacking the cloud with social engineering
Attacking the cloud with social engineeringPeter Wood
 
Dark - Side of Internet of Things (IOT)
Dark - Side of Internet of Things (IOT)Dark - Side of Internet of Things (IOT)
Dark - Side of Internet of Things (IOT)Abhinav Biswas
 
Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of ThingsChristopher Frenz
 
Privacy and Security in the Internet of Things
Privacy and Security in the Internet of ThingsPrivacy and Security in the Internet of Things
Privacy and Security in the Internet of ThingsJeff Katz
 
ON THE SECURITY AND PRIVACY OF INTERNET OF THINGS ARCHITECTURES
ON THE SECURITY AND PRIVACY OF INTERNET OF THINGS ARCHITECTURESON THE SECURITY AND PRIVACY OF INTERNET OF THINGS ARCHITECTURES
ON THE SECURITY AND PRIVACY OF INTERNET OF THINGS ARCHITECTURESManisha Luthra
 
Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018Will Adams
 
IoT Security Middleware: evaluating the threats and protecting against them
IoT Security Middleware: evaluating the threats and protecting against them IoT Security Middleware: evaluating the threats and protecting against them
IoT Security Middleware: evaluating the threats and protecting against themNick Allott
 
Darktrace Proof of Value
Darktrace Proof of ValueDarktrace Proof of Value
Darktrace Proof of ValueDarktrace
 
Cryptography summary
Cryptography summaryCryptography summary
Cryptography summaryNi
 
IOT privacy and Security
IOT privacy and SecurityIOT privacy and Security
IOT privacy and Securitynoornabi16
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythSecurity Innovation
 
Generic threats to mobile application
Generic threats to mobile applicationGeneric threats to mobile application
Generic threats to mobile applicationVikrant Kansal
 
GTB DLP - Content Aware Security Suite
GTB DLP - Content Aware Security SuiteGTB DLP - Content Aware Security Suite
GTB DLP - Content Aware Security SuiteVCW Security Ltd
 
Technical Challenges in Cyber Forensics
Technical Challenges in Cyber ForensicsTechnical Challenges in Cyber Forensics
Technical Challenges in Cyber ForensicsOllie Whitehouse
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityrahulbhardwaj312501
 
Seminar-Two Factor Authentication
Seminar-Two Factor AuthenticationSeminar-Two Factor Authentication
Seminar-Two Factor AuthenticationDilip Kr. Jangir
 
IoT Hardware Teardown, Security Testing & Control Design
IoT Hardware Teardown, Security Testing & Control DesignIoT Hardware Teardown, Security Testing & Control Design
IoT Hardware Teardown, Security Testing & Control DesignPriyanka Aash
 
Data security
Data securityData security
Data securitySoumen Mondal
 
IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9Arvind Tiwary
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersRishabh Gupta
 
Cyber security and cyber law
Cyber security and cyber lawCyber security and cyber law
Cyber security and cyber lawDivyank Jindal
 
Securing Your Digital Files from Legal Threats
Securing Your Digital Files from Legal ThreatsSecuring Your Digital Files from Legal Threats
Securing Your Digital Files from Legal ThreatsAbbie Hosta
 
Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Mukesh Chinta
 
GTB Data Leakage Prevention Use Cases 2014
GTB Data Leakage Prevention Use Cases 2014GTB Data Leakage Prevention Use Cases 2014
GTB Data Leakage Prevention Use Cases 2014Ravindran Vasu
 
BYOD / Mobile-Device Security Guidelines for CxO's
BYOD / Mobile-Device Security Guidelines for CxO'sBYOD / Mobile-Device Security Guidelines for CxO's
BYOD / Mobile-Device Security Guidelines for CxO'sPatrick Angel - MBA, CISSP(c) CISM(c) CRISC(c) CISA(c)
 
DNS Data Exfiltration Detection
DNS Data Exfiltration DetectionDNS Data Exfiltration Detection
DNS Data Exfiltration DetectionIRJET Journal
 
Empowering Telecom Resilience - SecurityGen's GSMA SS7 Security Unveiled.pdf
Empowering Telecom Resilience - SecurityGen's GSMA SS7 Security Unveiled.pdfEmpowering Telecom Resilience - SecurityGen's GSMA SS7 Security Unveiled.pdf
Empowering Telecom Resilience - SecurityGen's GSMA SS7 Security Unveiled.pdfSecurityGen1
 

More Related Content

What's hot

Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018Will Adams
 
IoT Security Middleware: evaluating the threats and protecting against them
IoT Security Middleware: evaluating the threats and protecting against them IoT Security Middleware: evaluating the threats and protecting against them
IoT Security Middleware: evaluating the threats and protecting against themNick Allott
 
Darktrace Proof of Value
Darktrace Proof of ValueDarktrace Proof of Value
Darktrace Proof of ValueDarktrace
 
Cryptography summary
Cryptography summaryCryptography summary
Cryptography summaryNi
 
IOT privacy and Security
IOT privacy and SecurityIOT privacy and Security
IOT privacy and Securitynoornabi16
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythSecurity Innovation
 
Generic threats to mobile application
Generic threats to mobile applicationGeneric threats to mobile application
Generic threats to mobile applicationVikrant Kansal
 
GTB DLP - Content Aware Security Suite
GTB DLP - Content Aware Security SuiteGTB DLP - Content Aware Security Suite
GTB DLP - Content Aware Security SuiteVCW Security Ltd
 
Technical Challenges in Cyber Forensics
Technical Challenges in Cyber ForensicsTechnical Challenges in Cyber Forensics
Technical Challenges in Cyber ForensicsOllie Whitehouse
 
Seminar-Two Factor Authentication
Seminar-Two Factor AuthenticationSeminar-Two Factor Authentication
Seminar-Two Factor AuthenticationDilip Kr. Jangir
 
IoT Hardware Teardown, Security Testing & Control Design
IoT Hardware Teardown, Security Testing & Control DesignIoT Hardware Teardown, Security Testing & Control Design
IoT Hardware Teardown, Security Testing & Control DesignPriyanka Aash
 
IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9Arvind Tiwary
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersRishabh Gupta
 
Cyber security and cyber law
Cyber security and cyber lawCyber security and cyber law
Cyber security and cyber lawDivyank Jindal
 
Securing Your Digital Files from Legal Threats
Securing Your Digital Files from Legal ThreatsSecuring Your Digital Files from Legal Threats
Securing Your Digital Files from Legal ThreatsAbbie Hosta
 
Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Mukesh Chinta
 
GTB Data Leakage Prevention Use Cases 2014
GTB Data Leakage Prevention Use Cases 2014GTB Data Leakage Prevention Use Cases 2014
GTB Data Leakage Prevention Use Cases 2014Ravindran Vasu
 

What's hot (20)

Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018
 
IoT Security Middleware: evaluating the threats and protecting against them
IoT Security Middleware: evaluating the threats and protecting against them IoT Security Middleware: evaluating the threats and protecting against them
IoT Security Middleware: evaluating the threats and protecting against them
 
Darktrace Proof of Value
Darktrace Proof of ValueDarktrace Proof of Value
Darktrace Proof of Value
 
Cryptography summary
Cryptography summaryCryptography summary
Cryptography summary
 
IOT privacy and Security
IOT privacy and SecurityIOT privacy and Security
IOT privacy and Security
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" Myth
 
Generic threats to mobile application
Generic threats to mobile applicationGeneric threats to mobile application
Generic threats to mobile application
 
GTB DLP - Content Aware Security Suite
GTB DLP - Content Aware Security SuiteGTB DLP - Content Aware Security Suite
GTB DLP - Content Aware Security Suite
 
Technical Challenges in Cyber Forensics
Technical Challenges in Cyber ForensicsTechnical Challenges in Cyber Forensics
Technical Challenges in Cyber Forensics
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Seminar-Two Factor Authentication
Seminar-Two Factor AuthenticationSeminar-Two Factor Authentication
Seminar-Two Factor Authentication
 
IoT Hardware Teardown, Security Testing & Control Design
IoT Hardware Teardown, Security Testing & Control DesignIoT Hardware Teardown, Security Testing & Control Design
IoT Hardware Teardown, Security Testing & Control Design
 
Data security
Data securityData security
Data security
 
IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommuters
 
Cyber security and cyber law
Cyber security and cyber lawCyber security and cyber law
Cyber security and cyber law
 
Securing Your Digital Files from Legal Threats
Securing Your Digital Files from Legal ThreatsSecuring Your Digital Files from Legal Threats
Securing Your Digital Files from Legal Threats
 
Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2
 
GTB Data Leakage Prevention Use Cases 2014
GTB Data Leakage Prevention Use Cases 2014GTB Data Leakage Prevention Use Cases 2014
GTB Data Leakage Prevention Use Cases 2014
 
BYOD / Mobile-Device Security Guidelines for CxO's
BYOD / Mobile-Device Security Guidelines for CxO'sBYOD / Mobile-Device Security Guidelines for CxO's
BYOD / Mobile-Device Security Guidelines for CxO's
 

Similar to ITSD Division Overview and Cybersecurity Threat Landscape

DNS Data Exfiltration Detection
DNS Data Exfiltration DetectionDNS Data Exfiltration Detection
DNS Data Exfiltration DetectionIRJET Journal
 
Empowering Telecom Resilience - SecurityGen's GSMA SS7 Security Unveiled.pdf
Empowering Telecom Resilience - SecurityGen's GSMA SS7 Security Unveiled.pdfEmpowering Telecom Resilience - SecurityGen's GSMA SS7 Security Unveiled.pdf
Empowering Telecom Resilience - SecurityGen's GSMA SS7 Security Unveiled.pdfSecurityGen1
 
SecurityGen Bolsters Defenses with State-of-the-Art Intrusion Detection Syste...
SecurityGen Bolsters Defenses with State-of-the-Art Intrusion Detection Syste...SecurityGen Bolsters Defenses with State-of-the-Art Intrusion Detection Syste...
SecurityGen Bolsters Defenses with State-of-the-Art Intrusion Detection Syste...SecurityGen1
 
IDS: INTRUSION DETECTION SYSTEM PLATFORM
IDS: INTRUSION DETECTION SYSTEM PLATFORMIDS: INTRUSION DETECTION SYSTEM PLATFORM
IDS: INTRUSION DETECTION SYSTEM PLATFORMSecurity Gen
 
Fortifying Telecom Networks: Exploring GSMA SS7 Security
Fortifying Telecom Networks: Exploring GSMA SS7 SecurityFortifying Telecom Networks: Exploring GSMA SS7 Security
Fortifying Telecom Networks: Exploring GSMA SS7 SecuritySecurityGen1
 
Securing data today and in the future - Oracle NYC
Securing data today and in the future - Oracle NYCSecuring data today and in the future - Oracle NYC
Securing data today and in the future - Oracle NYCUlf Mattsson
 
Mobile application security and threat modeling
Mobile application security and threat modelingMobile application security and threat modeling
Mobile application security and threat modelingShantanu Mitra
 
Discover advanced threats with threat intelligence - Jeremy Li
Discover advanced threats with threat intelligence - Jeremy LiDiscover advanced threats with threat intelligence - Jeremy Li
Discover advanced threats with threat intelligence - Jeremy LiJeremy Li
 
Big data, Security, or Privacy in IoT: Choice is Yours
Big data, Security, or Privacy in IoT: Choice is YoursBig data, Security, or Privacy in IoT: Choice is Yours
Big data, Security, or Privacy in IoT: Choice is YoursDilum Bandara
 
Malicious Topologies of IPv4
Malicious Topologies of IPv4Malicious Topologies of IPv4
Malicious Topologies of IPv4Bob Rudis
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Managementipspat
 
Protecting Your Data in the Cloud - CSO - Conference 2011
Protecting Your Data in the Cloud - CSO - Conference 2011 Protecting Your Data in the Cloud - CSO - Conference 2011
Protecting Your Data in the Cloud - CSO - Conference 2011 Ulf Mattsson
 
IoT security-arrow-roadshow #iotconfua
IoT security-arrow-roadshow #iotconfuaIoT security-arrow-roadshow #iotconfua
IoT security-arrow-roadshow #iotconfuaAndy Shutka
 
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Andris Soroka
 
Presentation data security solutions certified ibm business partner for ibm...
Presentation data security solutions certified ibm business partner for ibm...Presentation data security solutions certified ibm business partner for ibm...
Presentation data security solutions certified ibm business partner for ibm...xKinAnx
 

Similar to ITSD Division Overview and Cybersecurity Threat Landscape (20)

DNS Data Exfiltration Detection
DNS Data Exfiltration DetectionDNS Data Exfiltration Detection
DNS Data Exfiltration Detection
 
Empowering Telecom Resilience - SecurityGen's GSMA SS7 Security Unveiled.pdf
Empowering Telecom Resilience - SecurityGen's GSMA SS7 Security Unveiled.pdfEmpowering Telecom Resilience - SecurityGen's GSMA SS7 Security Unveiled.pdf
Empowering Telecom Resilience - SecurityGen's GSMA SS7 Security Unveiled.pdf
 
SecurityGen Bolsters Defenses with State-of-the-Art Intrusion Detection Syste...
SecurityGen Bolsters Defenses with State-of-the-Art Intrusion Detection Syste...SecurityGen Bolsters Defenses with State-of-the-Art Intrusion Detection Syste...
SecurityGen Bolsters Defenses with State-of-the-Art Intrusion Detection Syste...
 
IDS: INTRUSION DETECTION SYSTEM PLATFORM
IDS: INTRUSION DETECTION SYSTEM PLATFORMIDS: INTRUSION DETECTION SYSTEM PLATFORM
IDS: INTRUSION DETECTION SYSTEM PLATFORM
 
Fortifying Telecom Networks: Exploring GSMA SS7 Security
Fortifying Telecom Networks: Exploring GSMA SS7 SecurityFortifying Telecom Networks: Exploring GSMA SS7 Security
Fortifying Telecom Networks: Exploring GSMA SS7 Security
 
Securing data today and in the future - Oracle NYC
Securing data today and in the future - Oracle NYCSecuring data today and in the future - Oracle NYC
Securing data today and in the future - Oracle NYC
 
Mobile application security and threat modeling
Mobile application security and threat modelingMobile application security and threat modeling
Mobile application security and threat modeling
 
Discover advanced threats with threat intelligence - Jeremy Li
Discover advanced threats with threat intelligence - Jeremy LiDiscover advanced threats with threat intelligence - Jeremy Li
Discover advanced threats with threat intelligence - Jeremy Li
 
Big data, Security, or Privacy in IoT: Choice is Yours
Big data, Security, or Privacy in IoT: Choice is YoursBig data, Security, or Privacy in IoT: Choice is Yours
Big data, Security, or Privacy in IoT: Choice is Yours
 
DDS Secure Intro
DDS Secure IntroDDS Secure Intro
DDS Secure Intro
 
Malicious Topologies of IPv4
Malicious Topologies of IPv4Malicious Topologies of IPv4
Malicious Topologies of IPv4
 
Iot(security)
Iot(security)Iot(security)
Iot(security)
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Management
 
Sect f43
Sect f43Sect f43
Sect f43
 
Protecting Your Data in the Cloud - CSO - Conference 2011
Protecting Your Data in the Cloud - CSO - Conference 2011 Protecting Your Data in the Cloud - CSO - Conference 2011
Protecting Your Data in the Cloud - CSO - Conference 2011
 
IoT security-arrow-roadshow #iotconfua
IoT security-arrow-roadshow #iotconfuaIoT security-arrow-roadshow #iotconfua
IoT security-arrow-roadshow #iotconfua
 
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
 
Security and-visibility
Security and-visibilitySecurity and-visibility
Security and-visibility
 
Information security
Information securityInformation security
Information security
 
Presentation data security solutions certified ibm business partner for ibm...
Presentation data security solutions certified ibm business partner for ibm...Presentation data security solutions certified ibm business partner for ibm...
Presentation data security solutions certified ibm business partner for ibm...
 

Recently uploaded

Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 

Recently uploaded (20)

Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 

ITSD Division Overview and Cybersecurity Threat Landscape

  • 1. Information Technology Services Division , ITSD - Abhinav Biswas Alt. CISO, NKN Data Centre, Electronics Corporation of India Limited, ECIL Department of Atomic Energy.
  • 2. Information Technology Services Division , ITSD   • Corporate Threat Landscape   • Signature Based  • Analytics based (Sandboxing & GTI )  • Log Correlation & Big Data Analysis   • Nessus, Acunetix  
  • 3. Information Technology Services Division , ITSD  Gathers information secretly and sends to another entity without the user's consent.  Stops from using your PC until you pay a certain amount of money (the ransom). e.g. Encryption Ransomware, CryptoLocker  Psychological manipulation of people into performing actions or divulging confidential information.  Act of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.  Voice-over Phishing
  • 4. Information Technology Services Division , ITSD  A weakness which allows an attacker to reduce a system's information assurance.  A possible danger that might exploit a vulnerability to breach security and thus cause possible harm.  A piece of software or a sequence of commands that takes advantage of a bug or vulnerability.  An attempt to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset. (A realized Threat using an Exploit on Vulnerability is an Attack.)  An observable change to the normal behavior of a system, environment, process, workflow or person.  An event attributable to a root cause. All incidents are events but many events are not incidents. (An Attack is a series of security incidents.)
  • 5. Information Technology Services Division , ITSD  - Advanced Persistent Threats (APT) - Zero-day Attacks (ZDA) - Smart Mobile Malware (SMM) - Web-based Plug-in Exploits (WPE)  - Free availability of Root-kits, SpamBots, Phishing Tools etc. - Digital Currencies (BitCoin) & Anonymous Payment Services.  - Strategic Government institutions.  - Polymorphism, Dynamic URLs, Virtualization, Cloud, Smart Phone/ Mobiles, Social Sites, BYOD, Internet Of Things (IOT/IPv6)
  • 6. Information Technology Services Division , ITSD Lure Redirect Exploit Kit Dropper File Call Home Data Theft Recon
  • 7. Information Technology Services Division , ITSD 7 Social Media Email Mobile Attack Vectors Web Redirects Malware Recon XSS Dropper Files C n CExploit Kits Phishing
  • 8. Information Technology Services Division , ITSD • 1a) Identify target • 1b) Determine browsing habits • 2) Select favorite website • 3) Compromise and host exploits • 3)Drop malware • 4)Determine target profile • 4)Wait for opportunity to further compromise
  • 9. Information Technology Services Division , ITSD Internet Customer Attacker Vuln. ADSL Router Changes the DNS server entries in the modem to rogue DNS servers and changes the password of the DSL router Rogue DNS Server Attacker scans for the DSL router and logs onto Admin console via WAN interface by exploiting vulnerabilities in the router firmware or configuration flaws; or by infecting connected computer
  • 10. Information Technology Services Division , ITSD 3 FORWARD FACING ONLY, LACK OUTBOUND PROTECTION No contextual analysis of Internal Threats. 2 LACK OF REAL-TIME INLINE CONTENT ANALYSIS No Byte-Range Data Packet Analysis for Data Loss/ Theft Detection 4 LACK OF ADVANCED ANALYTICS & ANOMALY DETECTION No Sandboxing in existing UTMs, NGFWs. No SSL packet inspection. 1 PRIMARILY BASED ON SIGNATURE & REPUTATION Signature history cannot keep up with the dynamic future of threats
  • 12. Information Technology Services Division , ITSD WEB  Content Analysis  Malware Sandbox  Forensic Reports  SSL Inspection  Video Controls EMAIL  Spear-Phishing  URL Sandboxing  Anti-Spam  TLS Encryption  Image Analysis DATA  Content Aware DLP  Drip Data Theft Detection  OCR of Image Text  Geo-Location MOBILE  Cloud Service  Malicious Apps  BYOD Policy  Reporting/Invent ory Monitor Discover Classify DISCOVER MONITOR CLASSIFY PROTECT WHERE WHATWHO HOW ESSENTIAL INFORMATION PROTECTION External Risks Internal Risks
  • 14. Information Technology Services Division , ITSD (Similar to Bomb Detonation Sandbox) - Tightly controlled access to resources - URL sandbox/File sandbox - Isolated environment/network - Multiple Detection Environment (Virtual Machines) - Customizable & Realistic Virtual environment - Behavior based classification & Risk scoring - Instrumented Forensic Data Collection - Big log Data interpretation - Post-incident data (SIEM - Security Incident Event Management) - Real-time Threat Intelligence (GTI) - Integration with other sources (local/national/international) - PCAP (Packet Capture) & Replay
  • 15. Information Technology Services Division , ITSD  - Content & Context Aware logs - Device & Application logs, Authentication & IAM log, Endpoint security devices, user identity, location, VA scan data, Netwrk flows, OS events, DB transaction logs  - Remove redundancy.  - Threat Intelligence & Risk Analysis - Behavior Profiling  
  • 17. Information Technology Services Division , ITSD  - Concept of the network perimeter evaporates - No Physical Segregation across VMs - Web access to all Resources - VM to VM vulnerability exploitation (Colocation of VMs) - Easy Reconfiguration (Lack of Persistence)  - Still a hot research topic - Instance Isolation in Software Defined Data Centre (SDDC) - Homo-morphic encryption based virtual disks. - Randomized Memory Mapping & Distributed Scheduling.
  • 20. Information Technology Services Division , ITSD • Use Legal software only • Keep upto-date patches and fixes of the Operating System and Application Software • Exercise caution while opening unsolicited emails and do not click on a link embedded within • Open only email attachments from trusted parties • Use latest browsers having capability to detect phishing/ malicious sites • Harden the Operating System • Whitelist the Applications • Deploy software for controlled use of USB Pen Drives.
  • 21. Information Technology Services Division , ITSD “Let us not look back in anger or look forward in fear, but look around in awareness.”
  • 23. Information Technology Services Division , ITSD Abhinav Biswas http://abhinav-biswas.appspot.com Alt. CISO, NKN Data Centre, ITSD, IT&TG, ECIL Hyderabad, Electronics Corporation of India Limited, Dept. of Atomic Energy.

Editor's Notes

  1. Security Challenges faced by todays security administrators. APT – New model of targetted attacks. Tradition Defense – Why they fail in present scenario? Focus on new technology – SIEM Virtual – New threats emerging from adoption of VMs VA/PT – Why they are necessary?
  2. I assume, - Aware of basic terminologies like, malware, virus, trojans, rootkits etc. Spyware - New form of malware. – Very stealthy in nature with No symptoms Social Engg – People are much more social online than offline becoz of platforms lik FB, watsapp. - friendly conversation, digging out sensitive info. Spear-Phishing mail – Online SBI Vishing – Abrupt way of psychological manipulation – Call from MD & send mail
  3. APT – Targetted attacks which specific goals 0-day - vulnerabilities which are not yet detected or no patch available. Bad guys. Mobile – App Permissions : Chat App - access to mail, browsing history etc. - Not save Payment credentials. Plugins- Wordpress – developed by third party – not tested Free – Tools like Metasploit Stuxnet – Designed by america in collaboration with Israel for Iraninan nuclear reactors- 0-day flaws of Siemens PLC software - Increased the spinning speed of centrifuges and got burnt, whole plant came down
  4. APT – Sophisticated attack targetted to a specific organisation for steal confidential info like IP Not 1 or 3 people – Organisation of people working together It’s not just spread malware and say spread it to 10 million people if there’s a 1% hit that’s fine no. Specific to a particular system or person. Drip data – bit by bit – different locations Strength of a chain depends on weakest link. Weakest link is human, lets see how. Stealthy Can span across a duration of days to years. Common cold vs Cancer
  5. Stuxnet- PLC technician went inside with laptops which were infected. They were not aware. Other ways, - Throw Pendrives.
  6. Browser fingerprinting. Ads based on browsing history. Discounts on product.
  7. www.ipeindia.org How DNS works?
  8. How Antivirus works? Only Packet Headers Inspection. Insider threats. Bad guy with malicious intention. Mail Administrators can check mail if not encrypted.
  9. 3 aspects of Data – CIA App – Unnecessary services & ports Network – NAC, NMS, ECIL SNAS No access to datacentre, DC & DR security
  10. Some advanced techniques. Content – Not just headers. Full packet inspection Video - Websense SSH, Remote shell login Drip Data
  11. Apart from them, New Advanced Technologies
  12. Market leaders – HP & IBM
  13. Both Good and Bad guys use it. Ethical hacking.
  14. System integrity – Tripwire VPN UTM How much is it worth investing> Criticality of data. Famous Quote – “If someone steals your password, you can change it. But if someone steals your thumbprint, you can’t get a new thumb.”
  15. Last part of the presentation.