This document discusses various cybersecurity case studies including network security, data loss prevention, cloud security, intrusion detection systems, ransomware, remote access trojans, and data breaches involving Facebook, Google, WhatsApp, and Wells Fargo. It examines the technical aspects of these security issues and potential discussion points around topics like trust, transparency, data usage, privacy, and responses to security incidents.
2. Moksha Kalyanram Abhiramula
• Commercial Disputes Mediator | Conciliator |
Author | Brand Auditor | Patent Analyst | Intangible
Valuer - (Trademarks, Patents & Copyrights) |
Investor
• My belief - success of any business entity is
directly proportional to the value derived by its
customers.
AboutMe
2
/mokshakalyanramabhiramula
5. NetworkSecurity
5
• Set of Rules & Configurations
• Controls incoming and outgoing
connections
• Prevent threats from entering or
spreading on the network.
6. 6
• Evaluate the efficiency and sufficiency
of Current Set of Rules & Configurations
• Evaluate Risk assessment tools
• Check for vulnerabilities in Fire walls
• Check for vulnerabilities in
• Incoming connections control
• Outgoing connections control
• Verify the updated version of Best
Practices handling security threats
NetworkSecurity
9. 9
• Information leak detection and
prevention (ILDP)
• Information leak prevention (ILP)
• content monitoring and filtering (CMF)
• Information protection and control
(IPC)
• Extrusion prevention system (EPS)
DataLossPrevention(DLP)
10. 10
• Standard security measures
• Firewalls
• Intrusion detection systems (IDSs)
• Antivirus software
• Advanced security measures
• employ machine learning and temporal
reasoning algorithms to detect abnormal
access to data
• Designated systems
• Detect and prevent unauthorized
attempts to copy or send sensitive data,
intentionally or unintentionally
DataLossPrevention(DLP)
11. CloudSecurity
11
• Protection for data online
via cloud computing
platforms from theft,
leakage and deletion.
• Threats
• data breaches
• data loss
• account hijacking
• service traffic hijacking
12. 12
• Possible areas for security breach
• Vulnerabilities in data storage devices
• On-site data guardians
• Security threat detection mechanism
Cloud-native Security Challenges
Increased Attack Surface
Lack of Visibility and Tracking
Ever-Changing Workloads
DevOps, DevSecOps and Automation
Granular Privilege and Key Management
Complex Environments
Cloud Compliance and Governance
CloudSecurity
13. 13
• Evaluate and eradicate opportunities
for hackers
• Efficiency of built-in fire walls
• Identification of cloud assets
• Quantify and control for cloud assets
• Enforcement of protection policies for
cloud assets
• Proper and well designed privilege
grant system
• Geographical distribution analyses
CloudSecurity
14. IntrusionDetectionSystem(IDS)
14
• Monitors a network or
systems for malicious activity
or policy violations.
• Types
• Network intrusion detection
system (NIDS)
• Host-based intrusion detection
system (HIDS)
• Perimeter Intrusion Detection
System (PIDS)
• VM based Intrusion Detection
System (VMIDS)
15. IntrusionDetectionSystem(IDS)
15
• Examines network traffic flows to detect and prevent
vulnerability exploits
• Action points
• Sending an alarm to the administrator (as would be seen in an IDS)
• Dropping the malicious packets
• Blocking traffic from the source address
• Resetting the connection
16. IntrusionDetectionSystem(IDS)
16
• Examines network traffic
flows to detect and prevent
vulnerability exploits
• Action points
• Sending an alarm to the
administrator (as would be seen in
an IDS)
• Dropping the malicious packets
• Blocking traffic from the source
address
• Resetting the connection
22. Ransomware
Add a footer 22
• Technology kidnapping
• Virus infiltrates a computer device, locks
down its data, and won’t release it until
a ransom is paid.
• The most heavily used form of infection
method is via email
26. RemoteAccessTrojan(RAT)
26
• Allows covert surveillance
• Unfettered and unauthorized remote access to a victim’s machine.
• installing and removing programs, manipulating files, hijacking the webcam, reading
data from the keyboard, harvesting login credentials and monitoring the clipboard
31. Point of discussion
Add a footer 31
• Trust & transparency issues
• Tracking of browsing activities across devices
• Storage of categories of users information
• Misappropriation of data of users
• Action taken when you become aware of mishaps
• Users awareness about usage of data by Facebook
34. Point of discussion
Add a footer 34
• Paid Ad campaign significance and spread
• Implications of a curative content
• Civic process non partisan way
• Tracking movements by mobile phone being carried
• Google left China market place – possible access to data
• Search products – security issues
• Content moderation