SlideShare a Scribd company logo

Hunting for cyber threats targeting weapon systems

Fidelis Cybersecurity
Fidelis Cybersecurity

While traditional cybersecurity defenses focus on prevention, there are many vulnerabilities and potential attacks against weapon systems. While weapon systems are more software dependent and networked than ever before, cybersecurity has not always been prioritized with regards to weapon systems acquisition. Threat actors have advanced in their sophistication as they are well-resourced and highly skilled, oftentimes gathering detailed knowledge of the systems they want to attack. Ensuring stronger detection methods is imperative, but because these types of threats are very targeted and advanced, agencies need the capability to proactively hunt.

Technology
1 of 30
Download to read offline
Hunting for Cyber Threats Targeting Weapon Systems
© Fidelis Cybersecurity Today’s Speakers Robert Henry Technical Security Engineer Fidelis Cybersecurity, Federal Bob Gourley OODA LLC Co-Founder and CTO Editor of CTOvision.com 2
Cyber Threats: A practitioner’s view Bob Gourley 22 Feb 2019
About this presentation… • Perspectives on the cyber threat • From history • And personal experience • Concluding with actionable recommendations
Based On Three Sources: Human History Trusted Analysis Experience • A lesson from every great period of history • The case of Hannibal • Civil War • OODAloop.com • Recorded Future and other open intel sources • Learning from adversaries in government and industry systems
A Brief History If you know human history you have the most important things down already
The Condensed History of the Cyber Threat • 1862 Civil War: Both sides attacked, exploited, hacked. Cyber attack enabled “The Great Locomotive Chase” which also destroyed comms infrastructure • 1998 Moonlight Maze: It takes a nation to fight a nation • 2007 Estonia: Be ready to weather a storm • 2008 Georgia: Expect cyber attacks timed to military ops • 2008 Turkey Pipeline: Large cyber to physical attack • 2011 Wikileaks: Know the human element. Balance info sharing and protection • 2013 DSB Report: Software for most weapon systems stolen • 2013 Mandiant Report: Cyber intel is strategic • 2013 Snowden Leaks: Know the threat before it strikes • 2013/14 Banks and Retail: Nothing stops this adversary • 2014/15 Embedded IT, including in DoD: Threat actors will find a way • 2015 Healthcare and Governments: No sector immune • 2016: Turla Attacks: Telecom sector a target • 2016: Shift to small and mid-sized businesses, supply chain, and home users • 2017/18: Privacy attacks at scale, ICS/SCADA/Telecom, Cyberwar • 2019: Adversary use of AI and Machine Learning7
Now Some Historical Context 8 8 How we think. Today’s hackers are made of the same stuff as the famously persistent Hannibal, who did not give up till he got through the impassible firewall of the Alps
Observations What is going on in cyberspace right now?
What Are We Seeing Today: • Phishing remains dominant path to organizations… exploits human traits of compassion and curiosity. • Adversaries constantly shift tactics. When Phishing doesn’t work there are plenty of other avenues in. • The big breaches get the press, but many criminals prefer mid-sized businesses, individual users (you!), and government agencies. • DDoS attacks evolved. Can be large enough to take companies offline. • IoT is here... But little indication of IoT security solutions (Lots more room for innovation here). • Complex command and control infrastructures leverage unsuspecting companies and their servers/telecom. • Ransomware evolving/becoming harder to prevent/beat. • 28% of breaches involved insiders. The worse were working for criminals or nations so the “outsider” is still a huge threat. • Adversaries also exploiting vulnerabilities in hardware (Spectre and meltdown) • Governments (especially Russia, China, Iran, DPRK) invest in targeting infrastructure and weapon systems 10
Recommended Actions What does all this mean for organizations today?
Actions: Know The Adversary • Be Prepared To Be Surprised: Big lesson from both history and study of current threats. You will be surprised, so have an incident response plan and exercise it. • Know that the adversaries have weaknesses too: They must obey the same laws of physics that constrain defenders. And when they are in your networks they are on your turf which gives you an advantage. Ensure your defenses are agile enough to take advantage of their weaknesses. Be ready to deceive your adversary. 12
Actions: Know Yourself • Know your own organization: Assess and Understand: Know what data, systems and capabilities are most important to the function of your organization, and maintain continuous automated awareness of their status. • It takes teams to beat teams: No organization can match the technical talent of the modern cyber criminal or nation. Build trust based teams now. Leverage the power of other organizations for your defense. Security professionals, law enforcement, cloud service providers, the FBI, the US CERT, and the appropriate ISAC (FS-ISAC for financial sector). • Test yourself: through independent assessment and realistic training/evaluations (table top exercises) 13
Actions: Raise Your Defenses • Enhance Defenses: The adversary in cyberspace is continuing to innovate, which means we must continue to review our defenses and modernize. Automating is key. Automate configuration management, automate detection, automate response, automate deception. • Design for Containment: Early detection and rapid incident response will be aided if systems are designed to contain adversaries. Containment of attacks is especially important in malicious code. IoT devices critical to segment. • Ensure Backup: Every critical system must have a backup, and recovery methods must be defined and tested. 14
Get Your Mental Model Right: Think OODA • Observe: What do you know about the situation, including adversary actions, your own systems and the environment. • Orient: Consider your observations in the context of everything you know including your business objectives, strengths and weaknesses. • Decide: In dynamic situations the speed of decision is critical. • Act: Minimize the gap between decision and action. The loop continues, now observe what changes in the situation your actions caused 15
One Slide Summary The Key Takeaways
The State Of Cybersecurity Today 17 The Threat Unique Tech Factors The Situation A great deal is known about who is attacking and what their motivations are. By studying them we can build better defenses before attack and respond smarter during attack. Get the right info for strategic, operational and tactical decisions. Every sector of the economy and every government and every citizen is under almost constant attack. Most suffer ongoing infections with malware. Attackers get in fast and remain undetected for months. But risk can be reduced/mitigated. Your Action Governments, businesses, homes, aircraft, cars, roads, trains, ships increasingly interconnected. But cyberspace is hard to observe. Well instrumented systems overseen by trained/experienced people are key to defense. Lead with understanding that cybersecurity is not just a tech function. Must have executive leadership and engagement by entire team. Ensure external verification and validation of strategy, policy, process and tech. Successful Attacks Are By Organizations Defenders Should Collaborate on Lessons Ensure Tech is Independently Assessed Victory Must Be Earned Nations Crime Groups Extremists Hackers Insiders Encryption ID mgnt SDP 2FA AutoPatching Deception Tools To Consider: Adversaries Are: Attackers are persistent, we must prepare for breach Top Lessons Are: Engage with CSA, Collaborate with Peers, Study Threats Top Actions:
OODA LLC • OODA helps our clients identify, manage, and respond to global risks and uncertainties while exploring emerging opportunities and developing robust and adaptive strategies for the future. We provide advanced intelligence and analysis, strategy and planning support, investment due diligence, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments. • OODA is comprised of a unique team of international experts lead by co-founders Matt Devost and Bob Gourley.
Bob Gourley bob@ooda.com OODA.com
Automate Detection, Hunting, and Response One Platform. Multiple Use Cases. Protecting the World’s Most Sensitive Data
© Fidelis Cybersecurity21 Relied on by 40+ U.S. government agencies Trusted by 12 of the Fortune 50 Depended on by 24 of the Fortune 100 Trusted by the World’s Largest Brands & Government Organizations Protecting the World’s Most Sensitive Data FINANCIAL SERVICES GOVERNMENT RETAIL HEALTHCARE PHARMA & BIO TECHNOLOGY INDUSTRIALS ENERGY TELECOM OTHER
© Fidelis Cybersecurity The Security Objective: Protect Data andAssets In Order to Protect Mission, YOU MUST KNOW YOUR TERRAIN 1. What do we need to secure? 2. What information is of value? 3. What assets do we have? 4. What is their behavior? Adversaries Know How to Exploit Blind Spots in Cyber Terrain 22 Know Your Network Determine most likely paths of: Exfiltration C&C Surveillance Etc.
© Fidelis Cybersecurity23 Agents Sensors Decoys Threat Intelligence Fidelis Insight 3rd Party Threat Intel Customer Defined Intel Sandboxing Execution Analysis File & Web Analysis ML-based Malware Detection ACurated Security Stack— Integrated,Automated & Correlated FIDELIS ELEVATE™ SIEM Real Time Analysis – Detect and Respond Historical Metadata – Hunt and Investigate Response Automation and Analytics Engine Breadcrumbs | Decoys AD | MITM Gateway | Internal |Cloud Email | Web Windows | Linux Mac | Cloud Data Science Statistical analysis Supervised learning models SOAR
© Fidelis Cybersecurity Understanding the Power of Metadata 24 Manual searching, automatic analytics, anomaly detection… At a fraction of the cost of full PCAP storage and much faster response times WHO: Domain user, Webmail user, FTP user, email address, device ID, organization name WHAT: filenames, SHA256, MD5, content tags, malware name, malware type WHEN: From right now back through time – as long as you’re willing to store the data HOW: protocols, applications, file type, User Agent, custom protocols, obfuscated files and scripts WHERE: Source, Destination, country, IP address, organization, URL, Domain
© Fidelis Cybersecurity25 Threat Hunting – Your Last Line of Defense Reduce the Dwell Time of an Attack No YesYes No DetectedPrevented Incident Response Secure Trusted Configuration Attack Dwell Time Threat Hunting
© Fidelis Cybersecurity26 Distribute ▪ Continuously map networks, clouds and assets ▪ Profiles created and updated for asset location, use, type, etc. ▪ Automatically builds deception layer from discovery ▪ Automatically creates decoys based on real assets, services and processes ▪ Automatically deploys decoys in networks and cloud ▪ Seeds breadcrumbs in real assets and Active Directory, plus DNS and ARP poisoning ▪ Alerts from decoy access & engagement, MITM and network traps ▪ Analysis and alerting of poisoned data use (credentials) ▪ Recognizes new assets, network and cloud topologies ▪ Automatic updates to discovery mapping and decoys Agentless automation across on-premise and cloud environments Discover DetectDecoys Adapt
© Fidelis Cybersecurity What You Get With Fidelis Deception 27 UNDERSTAND YOUR TERRAIN ▪ Lure attackers to decoys that divert away from real resources ▪ Detect malware and intruders moving laterally within the network ▪ Active Directory breadcrumbs add privileged users that can be tracked and monitored in the decoys ▪ High-fidelity alerts with very few false positives ▪ Automatically build an accurate deception layer based on the real network ▪ Automatically adapt the deception layer as network changes occur ▪ Rapidly deploy decoys and breadcrumbs for immediate effectiveness – with minimal resources and time required ▪ Understand the network the way an attacker would ▪ Remove the blind spot to discover network assets including legacy systems and shadow IT ▪ Classify all asset types including enterprise IoT ▪ Discover typical internal and external activity including web traffic, browser types, OS in use and IoT connections AUTOMATE THE DECOY LAYER DETECT LATERAL MOVEMENT
Demonstration
© Fidelis Cybersecurity Next Steps: Proof of Concept 29 See Fidelis in Action Map Your Terrain and Find the Blind Spots ▪ Full platform or individual products ▪ Easy-to-implement with flexible deployment options based on your requirements: ▪ VM / Cloud ▪ On-premise ▪ Tactical ▪ You define success criteria and timeline https://www.fidelissecurity.com/contact-us
Thank You

Recommended

PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On Lab
Teymur Kheirkhabarov
 
Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scanner
Ajit Dadresa
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptx
SandeshUprety4
 
Tenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud SecurityTenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud Security
MarketingArrowECS_CZ
 
Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration
Fidelis Cybersecurity
 
Implementing Vulnerability Management
Implementing Vulnerability Management Implementing Vulnerability Management
Implementing Vulnerability Management
Argyle Executive Forum
 
8. Software Development Security
8. Software Development Security8. Software Development Security
8. Software Development Security
Sam Bowne
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
CrowdStrike
 

Recommended

PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On Lab
Teymur Kheirkhabarov
 
Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scanner
Ajit Dadresa
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptx
SandeshUprety4
 
Tenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud SecurityTenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud Security
MarketingArrowECS_CZ
 
Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration
Fidelis Cybersecurity
 
Implementing Vulnerability Management
Implementing Vulnerability Management Implementing Vulnerability Management
Implementing Vulnerability Management
Argyle Executive Forum
 
8. Software Development Security
8. Software Development Security8. Software Development Security
8. Software Development Security
Sam Bowne
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
CrowdStrike
 
Brute Force Attack Security Use Case Guide
Brute Force Attack Security Use Case Guide Brute Force Attack Security Use Case Guide
Brute Force Attack Security Use Case Guide
Protect724manoj
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
PECB
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security Management
Mayur Nanotkar
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
AlienVault
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
Yvonne Marambanyika
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
Muhammad Sahputra
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware Analysis
Andrew McNicol
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and Tools
Yulian Slobodyan
 
Nessus Basics
Nessus BasicsNessus Basics
Nessus Basics
amiable_indian
 
SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOC
Priyanka Aash
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Raffael Marty
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021
Amrit Chhetri
 
Critical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyCritical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You Buy
Fidelis Cybersecurity
 
2021/0/15 - Solarwinds supply chain attack: why we should take it sereously
2021/0/15 - Solarwinds supply chain attack: why we should take it sereously2021/0/15 - Solarwinds supply chain attack: why we should take it sereously
2021/0/15 - Solarwinds supply chain attack: why we should take it sereously
Sirris
 
Secure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPSecure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLP
Fidelis Cybersecurity
 
Static Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and YouStatic Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and You
Kevin Fealey
 
Debunked: 5 Myths About Zero Trust Security
Debunked: 5 Myths About Zero Trust SecurityDebunked: 5 Myths About Zero Trust Security
Debunked: 5 Myths About Zero Trust Security
Centrify Corporation
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
Nessus Software
Nessus SoftwareNessus Software
Nessus Software
Megha Sahu
 
Cybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaCybersecurity - Sam Maccherola
Cybersecurity - Sam Maccherola
TechBiz Forense Digital
 
7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank
shreemala1
 

More Related Content

What's hot

Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
AlienVault
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
Yvonne Marambanyika
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and Tools
Yulian Slobodyan
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Raffael Marty
 
Static Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and YouStatic Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and You
Kevin Fealey
 

What's hot (20)

Brute Force Attack Security Use Case Guide
Brute Force Attack Security Use Case Guide Brute Force Attack Security Use Case Guide
Brute Force Attack Security Use Case Guide
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security Management
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware Analysis
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and Tools
 
Nessus Basics
Nessus BasicsNessus Basics
Nessus Basics
 
SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOC
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021
 
Critical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyCritical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You Buy
 
2021/0/15 - Solarwinds supply chain attack: why we should take it sereously
2021/0/15 - Solarwinds supply chain attack: why we should take it sereously2021/0/15 - Solarwinds supply chain attack: why we should take it sereously
2021/0/15 - Solarwinds supply chain attack: why we should take it sereously
 
Secure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPSecure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLP
 
Static Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and YouStatic Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and You
 
Debunked: 5 Myths About Zero Trust Security
Debunked: 5 Myths About Zero Trust SecurityDebunked: 5 Myths About Zero Trust Security
Debunked: 5 Myths About Zero Trust Security
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
Nessus Software
Nessus SoftwareNessus Software
Nessus Software
 

Similar to Hunting for cyber threats targeting weapon systems

7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank
shreemala1
 
Francesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityFrancesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber security
Andrea Rossetti
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Stephanie McVitty
 
wp-us-cities-exposed
wp-us-cities-exposedwp-us-cities-exposed
wp-us-cities-exposed
Numaan Huq
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
IBM Security
 
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
alinainglis
 

Similar to Hunting for cyber threats targeting weapon systems (20)

Cybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaCybersecurity - Sam Maccherola
Cybersecurity - Sam Maccherola
 
7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank
 
Francesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityFrancesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber security
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
 
Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012
 
Dell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbookDell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbook
 
Cyber War ( World War 3 )
Cyber War ( World War 3 )Cyber War ( World War 3 )
Cyber War ( World War 3 )
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
 
wp-us-cities-exposed
wp-us-cities-exposedwp-us-cities-exposed
wp-us-cities-exposed
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
 
Module 1- Introduction to Cybercrime.pptx
Module 1- Introduction to Cybercrime.pptxModule 1- Introduction to Cybercrime.pptx
Module 1- Introduction to Cybercrime.pptx
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaper
 
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
 
Brooks18
Brooks18Brooks18
Brooks18
 
Insider threats
Insider threatsInsider threats
Insider threats
 
Cyber security by Gaurav Singh
Cyber security by Gaurav SinghCyber security by Gaurav Singh
Cyber security by Gaurav Singh
 
India is Cyber Vulnerable
India is Cyber VulnerableIndia is Cyber Vulnerable
India is Cyber Vulnerable
 
Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...
 

More from Fidelis Cybersecurity

Extend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in AzureExtend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in Azure
Fidelis Cybersecurity
 
Extending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSExtending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWS
Fidelis Cybersecurity
 
Capture the Flag Exercise Using Active Deception Defense
Capture the Flag Exercise Using Active Deception DefenseCapture the Flag Exercise Using Active Deception Defense
Capture the Flag Exercise Using Active Deception Defense
Fidelis Cybersecurity
 
Fidelis - Live Demonstration of Deception Solution
Fidelis - Live Demonstration of Deception SolutionFidelis - Live Demonstration of Deception Solution
Fidelis - Live Demonstration of Deception Solution
Fidelis Cybersecurity
 

More from Fidelis Cybersecurity (13)

Putting Cyber Attackers on the Defensive
Putting Cyber Attackers on the DefensivePutting Cyber Attackers on the Defensive
Putting Cyber Attackers on the Defensive
 
Threat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchThreat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and Research
 
Extend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in AzureExtend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in Azure
 
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis ElevateInsider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
 
Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019
 
Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology
 
Extending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSExtending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWS
 
The State of Threat Detection 2019
The State of Threat Detection 2019The State of Threat Detection 2019
The State of Threat Detection 2019
 
You can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainYou can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chain
 
Capture the Flag Exercise Using Active Deception Defense
Capture the Flag Exercise Using Active Deception DefenseCapture the Flag Exercise Using Active Deception Defense
Capture the Flag Exercise Using Active Deception Defense
 
Fidelis - Live Demonstration of Deception Solution
Fidelis - Live Demonstration of Deception SolutionFidelis - Live Demonstration of Deception Solution
Fidelis - Live Demonstration of Deception Solution
 
Cybersecurity Operations: Examining the State of the SOC
Cybersecurity Operations: Examining the State of the SOCCybersecurity Operations: Examining the State of the SOC
Cybersecurity Operations: Examining the State of the SOC
 
Applying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksApplying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacks
 

Recently uploaded

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Recently uploaded (20)

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 

Hunting for cyber threats targeting weapon systems

  • 1. Hunting for Cyber Threats Targeting Weapon Systems
  • 2. © Fidelis Cybersecurity Today’s Speakers Robert Henry Technical Security Engineer Fidelis Cybersecurity, Federal Bob Gourley OODA LLC Co-Founder and CTO Editor of CTOvision.com 2
  • 3. Cyber Threats: A practitioner’s view Bob Gourley 22 Feb 2019
  • 4. About this presentation… • Perspectives on the cyber threat • From history • And personal experience • Concluding with actionable recommendations
  • 5. Based On Three Sources: Human History Trusted Analysis Experience • A lesson from every great period of history • The case of Hannibal • Civil War • OODAloop.com • Recorded Future and other open intel sources • Learning from adversaries in government and industry systems
  • 6. A Brief History If you know human history you have the most important things down already
  • 7. The Condensed History of the Cyber Threat • 1862 Civil War: Both sides attacked, exploited, hacked. Cyber attack enabled “The Great Locomotive Chase” which also destroyed comms infrastructure • 1998 Moonlight Maze: It takes a nation to fight a nation • 2007 Estonia: Be ready to weather a storm • 2008 Georgia: Expect cyber attacks timed to military ops • 2008 Turkey Pipeline: Large cyber to physical attack • 2011 Wikileaks: Know the human element. Balance info sharing and protection • 2013 DSB Report: Software for most weapon systems stolen • 2013 Mandiant Report: Cyber intel is strategic • 2013 Snowden Leaks: Know the threat before it strikes • 2013/14 Banks and Retail: Nothing stops this adversary • 2014/15 Embedded IT, including in DoD: Threat actors will find a way • 2015 Healthcare and Governments: No sector immune • 2016: Turla Attacks: Telecom sector a target • 2016: Shift to small and mid-sized businesses, supply chain, and home users • 2017/18: Privacy attacks at scale, ICS/SCADA/Telecom, Cyberwar • 2019: Adversary use of AI and Machine Learning7
  • 8. Now Some Historical Context 8 8 How we think. Today’s hackers are made of the same stuff as the famously persistent Hannibal, who did not give up till he got through the impassible firewall of the Alps
  • 9. Observations What is going on in cyberspace right now?
  • 10. What Are We Seeing Today: • Phishing remains dominant path to organizations… exploits human traits of compassion and curiosity. • Adversaries constantly shift tactics. When Phishing doesn’t work there are plenty of other avenues in. • The big breaches get the press, but many criminals prefer mid-sized businesses, individual users (you!), and government agencies. • DDoS attacks evolved. Can be large enough to take companies offline. • IoT is here... But little indication of IoT security solutions (Lots more room for innovation here). • Complex command and control infrastructures leverage unsuspecting companies and their servers/telecom. • Ransomware evolving/becoming harder to prevent/beat. • 28% of breaches involved insiders. The worse were working for criminals or nations so the “outsider” is still a huge threat. • Adversaries also exploiting vulnerabilities in hardware (Spectre and meltdown) • Governments (especially Russia, China, Iran, DPRK) invest in targeting infrastructure and weapon systems 10
  • 11. Recommended Actions What does all this mean for organizations today?
  • 12. Actions: Know The Adversary • Be Prepared To Be Surprised: Big lesson from both history and study of current threats. You will be surprised, so have an incident response plan and exercise it. • Know that the adversaries have weaknesses too: They must obey the same laws of physics that constrain defenders. And when they are in your networks they are on your turf which gives you an advantage. Ensure your defenses are agile enough to take advantage of their weaknesses. Be ready to deceive your adversary. 12
  • 13. Actions: Know Yourself • Know your own organization: Assess and Understand: Know what data, systems and capabilities are most important to the function of your organization, and maintain continuous automated awareness of their status. • It takes teams to beat teams: No organization can match the technical talent of the modern cyber criminal or nation. Build trust based teams now. Leverage the power of other organizations for your defense. Security professionals, law enforcement, cloud service providers, the FBI, the US CERT, and the appropriate ISAC (FS-ISAC for financial sector). • Test yourself: through independent assessment and realistic training/evaluations (table top exercises) 13
  • 14. Actions: Raise Your Defenses • Enhance Defenses: The adversary in cyberspace is continuing to innovate, which means we must continue to review our defenses and modernize. Automating is key. Automate configuration management, automate detection, automate response, automate deception. • Design for Containment: Early detection and rapid incident response will be aided if systems are designed to contain adversaries. Containment of attacks is especially important in malicious code. IoT devices critical to segment. • Ensure Backup: Every critical system must have a backup, and recovery methods must be defined and tested. 14
  • 15. Get Your Mental Model Right: Think OODA • Observe: What do you know about the situation, including adversary actions, your own systems and the environment. • Orient: Consider your observations in the context of everything you know including your business objectives, strengths and weaknesses. • Decide: In dynamic situations the speed of decision is critical. • Act: Minimize the gap between decision and action. The loop continues, now observe what changes in the situation your actions caused 15
  • 16. One Slide Summary The Key Takeaways
  • 17. The State Of Cybersecurity Today 17 The Threat Unique Tech Factors The Situation A great deal is known about who is attacking and what their motivations are. By studying them we can build better defenses before attack and respond smarter during attack. Get the right info for strategic, operational and tactical decisions. Every sector of the economy and every government and every citizen is under almost constant attack. Most suffer ongoing infections with malware. Attackers get in fast and remain undetected for months. But risk can be reduced/mitigated. Your Action Governments, businesses, homes, aircraft, cars, roads, trains, ships increasingly interconnected. But cyberspace is hard to observe. Well instrumented systems overseen by trained/experienced people are key to defense. Lead with understanding that cybersecurity is not just a tech function. Must have executive leadership and engagement by entire team. Ensure external verification and validation of strategy, policy, process and tech. Successful Attacks Are By Organizations Defenders Should Collaborate on Lessons Ensure Tech is Independently Assessed Victory Must Be Earned Nations Crime Groups Extremists Hackers Insiders Encryption ID mgnt SDP 2FA AutoPatching Deception Tools To Consider: Adversaries Are: Attackers are persistent, we must prepare for breach Top Lessons Are: Engage with CSA, Collaborate with Peers, Study Threats Top Actions:
  • 18. OODA LLC • OODA helps our clients identify, manage, and respond to global risks and uncertainties while exploring emerging opportunities and developing robust and adaptive strategies for the future. We provide advanced intelligence and analysis, strategy and planning support, investment due diligence, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments. • OODA is comprised of a unique team of international experts lead by co-founders Matt Devost and Bob Gourley.
  • 20. Automate Detection, Hunting, and Response One Platform. Multiple Use Cases. Protecting the World’s Most Sensitive Data
  • 21. © Fidelis Cybersecurity21 Relied on by 40+ U.S. government agencies Trusted by 12 of the Fortune 50 Depended on by 24 of the Fortune 100 Trusted by the World’s Largest Brands & Government Organizations Protecting the World’s Most Sensitive Data FINANCIAL SERVICES GOVERNMENT RETAIL HEALTHCARE PHARMA & BIO TECHNOLOGY INDUSTRIALS ENERGY TELECOM OTHER
  • 22. © Fidelis Cybersecurity The Security Objective: Protect Data andAssets In Order to Protect Mission, YOU MUST KNOW YOUR TERRAIN 1. What do we need to secure? 2. What information is of value? 3. What assets do we have? 4. What is their behavior? Adversaries Know How to Exploit Blind Spots in Cyber Terrain 22 Know Your Network Determine most likely paths of: Exfiltration C&C Surveillance Etc.
  • 23. © Fidelis Cybersecurity23 Agents Sensors Decoys Threat Intelligence Fidelis Insight 3rd Party Threat Intel Customer Defined Intel Sandboxing Execution Analysis File & Web Analysis ML-based Malware Detection ACurated Security Stack— Integrated,Automated & Correlated FIDELIS ELEVATE™ SIEM Real Time Analysis – Detect and Respond Historical Metadata – Hunt and Investigate Response Automation and Analytics Engine Breadcrumbs | Decoys AD | MITM Gateway | Internal |Cloud Email | Web Windows | Linux Mac | Cloud Data Science Statistical analysis Supervised learning models SOAR
  • 24. © Fidelis Cybersecurity Understanding the Power of Metadata 24 Manual searching, automatic analytics, anomaly detection… At a fraction of the cost of full PCAP storage and much faster response times WHO: Domain user, Webmail user, FTP user, email address, device ID, organization name WHAT: filenames, SHA256, MD5, content tags, malware name, malware type WHEN: From right now back through time – as long as you’re willing to store the data HOW: protocols, applications, file type, User Agent, custom protocols, obfuscated files and scripts WHERE: Source, Destination, country, IP address, organization, URL, Domain
  • 25. © Fidelis Cybersecurity25 Threat Hunting – Your Last Line of Defense Reduce the Dwell Time of an Attack No YesYes No DetectedPrevented Incident Response Secure Trusted Configuration Attack Dwell Time Threat Hunting
  • 26. © Fidelis Cybersecurity26 Distribute ▪ Continuously map networks, clouds and assets ▪ Profiles created and updated for asset location, use, type, etc. ▪ Automatically builds deception layer from discovery ▪ Automatically creates decoys based on real assets, services and processes ▪ Automatically deploys decoys in networks and cloud ▪ Seeds breadcrumbs in real assets and Active Directory, plus DNS and ARP poisoning ▪ Alerts from decoy access & engagement, MITM and network traps ▪ Analysis and alerting of poisoned data use (credentials) ▪ Recognizes new assets, network and cloud topologies ▪ Automatic updates to discovery mapping and decoys Agentless automation across on-premise and cloud environments Discover DetectDecoys Adapt
  • 27. © Fidelis Cybersecurity What You Get With Fidelis Deception 27 UNDERSTAND YOUR TERRAIN ▪ Lure attackers to decoys that divert away from real resources ▪ Detect malware and intruders moving laterally within the network ▪ Active Directory breadcrumbs add privileged users that can be tracked and monitored in the decoys ▪ High-fidelity alerts with very few false positives ▪ Automatically build an accurate deception layer based on the real network ▪ Automatically adapt the deception layer as network changes occur ▪ Rapidly deploy decoys and breadcrumbs for immediate effectiveness – with minimal resources and time required ▪ Understand the network the way an attacker would ▪ Remove the blind spot to discover network assets including legacy systems and shadow IT ▪ Classify all asset types including enterprise IoT ▪ Discover typical internal and external activity including web traffic, browser types, OS in use and IoT connections AUTOMATE THE DECOY LAYER DETECT LATERAL MOVEMENT
  • 29. © Fidelis Cybersecurity Next Steps: Proof of Concept 29 See Fidelis in Action Map Your Terrain and Find the Blind Spots ▪ Full platform or individual products ▪ Easy-to-implement with flexible deployment options based on your requirements: ▪ VM / Cloud ▪ On-premise ▪ Tactical ▪ You define success criteria and timeline https://www.fidelissecurity.com/contact-us