Today’s Speakers                   Dr. Eric Cole                   Founder/President                   Secure Anchor Consu...
You Can’t Stop Stupid -- Revisited                  Dr. Eric Cole          Secure Anchor Consulting, LLC© 2010 Secure Anch...
Why Is This Happening? – People               Phone          Script      Cyber         Cyber         CyberOutsiders       ...
Why Is This Happening? –       Technology© 2010 Secure Anchor Consulting. All rights reserved.
What Is the Outlook?© 2010 Secure Anchor Consulting. All rights reserved.
Threat Landscape•   500% increase•   80% for $$•   20% > malicious•   25K sample/day      Malware      Attacks            ...
Threat Landscape            •   1.5M sites/month            •   DNS attacks            •   Cross Site Scripting           ...
Threat Landscape                           • 400K zombies a day                           • Conficker / Korea             ...
Threat Landscape                                          •   $1 trillion/year                                          • ...
Threat Landscape                                                       •   Spam = malware                                 ...
Data Driven Threats                                         1997       End of 2007   Mid 2010             Vulnerabilities ...
While it is a hard problem, many       attackers make mistakes•   Leaving a footprint on the system•   Trying to target an...
Sophisticated – Yes and No                Attackers have             completed access to                User receives emai...
Cyber Jutitzu 101• Know thy system by base lining your environment   • Rapid baselining and continuous monitoring• It is 1...
Trend 1: More focus on Data         Correlation © 2010 Secure Anchor Consulting. All rights reserved.
Trend 2: Threat intelligence analysis will become more          important© 2010 Secure Anchor Consulting. All rights reser...
Trend 3: Endpoint security   becomes foundation
Trend 4: Focusing in onproactive forensics instead of        being reactive © 2010 Secure Anchor Consulting. All rights re...
Trend 5: Moving beyond   signature detection© 2010 Secure Anchor Consulting. All rights reserved.
Must Make Better Use Of Existing Data              “We consistently find that nearly 90% of              the time logs are...
Raw Log DataAm I Secure?                                  Is Policy Impacted?          change event                       ...
Example: Correlating Log & Change Events    5 failed logins     Login successful     Windows event log cleared     Logging...
Tripwire VIA     VISIBILITY          INTELLIGENCE       AUTOMATION     Across the entire   Enable better,     Reduce manua...
Tripwire VIA: IT Security & Compliance Automation                   Event Database    Correlate to                        ...
THANK YOU!                                                                      Dr. Eric Cole                  Mark Evertz...
Answers For Your Questions
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Upcoming SlideShare
Loading in …5
×

Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02

282 views

Published on

Cyber Threat Jujitsu 101 Presentation with Mark Evertz and Dr. Eric Cole, IT Security Consultant and founder of Secure Anchor.
Catch the webcast with audio on Tripwire.com here: http://bit.ly/g27pJ6

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02

  1. 1. Today’s Speakers Dr. Eric Cole Founder/President Secure Anchor Consulting LLC Mark Evertz Security Solutions Manager Tripwire, Inc.
  2. 2. You Can’t Stop Stupid -- Revisited Dr. Eric Cole Secure Anchor Consulting, LLC© 2010 Secure Anchor Consulting. All rights reserved.
  3. 3. Why Is This Happening? – People Phone Script Cyber Cyber CyberOutsiders Phreakers Kiddies Crime Terror Warfare Low Risk + High Reward = Opportunity © 2010 Secure Anchor Consulting. All rights reserved.
  4. 4. Why Is This Happening? – Technology© 2010 Secure Anchor Consulting. All rights reserved.
  5. 5. What Is the Outlook?© 2010 Secure Anchor Consulting. All rights reserved.
  6. 6. Threat Landscape• 500% increase• 80% for $$• 20% > malicious• 25K sample/day Malware Attacks © 2010 Secure Anchor Consulting. All rights reserved.
  7. 7. Threat Landscape • 1.5M sites/month • DNS attacks • Cross Site Scripting • DefacingMalware WebAttacks Attacks © 2010 Secure Anchor Consulting. All rights reserved.
  8. 8. Threat Landscape • 400K zombies a day • Conficker / Korea • Critical InfrastructureMalware Web DDOSAttacks Attacks Attacks © 2010 Secure Anchor Consulting. All rights reserved.
  9. 9. Threat Landscape • $1 trillion/year • Autorun.exe • USB & phones • ComplianceMalware Web DDOS DataAttacks Attacks Attacks Attacks © 2010 Secure Anchor Consulting. All rights reserved.
  10. 10. Threat Landscape • Spam = malware • Up 10% a year • Spear phishing • New protocolsMalware Web DDOS Data EmailAttacks Attacks Attacks Attacks Attacks © 2010 Secure Anchor Consulting. All rights reserved.
  11. 11. Data Driven Threats 1997 End of 2007 Mid 2010 Vulnerabilities 440 28,500 34,100 Password Stealers 400 80,000 380,000 (Main variants) Potentially 1 24,000 26,000 Unwanted Programs Malware (families) 17,000 358,000 484,000 (DAT related) Malware (main variants) 18,000 (?) 586,000 2,700,000 Malware Zoo 30,000 (?) 5,800,000 16,300,000 (Collection)© 2010 Secure Anchor Consulting. All rights reserved.
  12. 12. While it is a hard problem, many attackers make mistakes• Leaving a footprint on the system• Trying to target and find key information• Making an outbound connection for command and control• Sending out sensitive information• Utilizing encryption to hide• Cutting edge or not so cutting edge • Running standard tools and techniques © 2010 Secure Anchor Consulting. All rights reserved.
  13. 13. Sophisticated – Yes and No Attackers have completed access to User receives email/IM internal systems with malicious link Back door is set up and connects to C&C servers User clicks on link Browser Binary disguised downloads/executes as an image is malicious javascript downloaded and executes
  14. 14. Cyber Jutitzu 101• Know thy system by base lining your environment • Rapid baselining and continuous monitoring• It is 10pm, do you know where your data is?• Focus on outbound traffic • Firewall filtering • Dropped packets • Clipping levels• Understand the entry point for attack • It has and will always be about the user • While you cannot stop stupid, you can contain it © 2010 Secure Anchor Consulting. All rights reserved.
  15. 15. Trend 1: More focus on Data Correlation © 2010 Secure Anchor Consulting. All rights reserved.
  16. 16. Trend 2: Threat intelligence analysis will become more important© 2010 Secure Anchor Consulting. All rights reserved.
  17. 17. Trend 3: Endpoint security becomes foundation
  18. 18. Trend 4: Focusing in onproactive forensics instead of being reactive © 2010 Secure Anchor Consulting. All rights reserved.
  19. 19. Trend 5: Moving beyond signature detection© 2010 Secure Anchor Consulting. All rights reserved.
  20. 20. Must Make Better Use Of Existing Data “We consistently find that nearly 90% of the time logs are available but discovery [of breaches] via log analysis remains under 5% ” 2010
  21. 21. Raw Log DataAm I Secure? Is Policy Impacted? change event log event Events of Interest!
  22. 22. Example: Correlating Log & Change Events 5 failed logins Login successful Windows event log cleared Logging turned off Host not generating events Policy test fails
  23. 23. Tripwire VIA VISIBILITY INTELLIGENCE AUTOMATION Across the entire Enable better, Reduce manual, IT infrastructure faster decisions repetitive tasks24
  24. 24. Tripwire VIA: IT Security & Compliance Automation Event Database Correlate to Correlate to Bad Changes Suspicious Events
  25. 25. THANK YOU! Dr. Eric Cole Mark Evertz President Security Solutions Manager Secure Anchor Consulting, LLC Direct: 503.269. 2639 www.tripwire.com E-mail : drcole@secure-E-mail : mevertz@tripwire.com anchor.com
  26. 26. Answers For Your Questions

×