The document discusses STIX (Structured Threat Information Expression), a language for characterizing and communicating cyber threat information. STIX was developed to support use cases like analyzing cyber threats, specifying indicator patterns, and sharing threat information. It provides a common mechanism for addressing structured cyber threat data to improve consistency, efficiency, and situational awareness. STIX represents cyber threat details like observables, indicators, incidents, tactics, techniques and procedures (TTPs), exploit targets, and campaigns.
SOC presentation- Building a Security Operations CenterMichael Nickle
Presentation I used to give on the topic of using a SIM/SIEM to unify the information stream flowing into the SOC. This piece of collateral was used to help close the largest SIEM deal (Product and services) that my employer achieved with this product line.
Security operations center 5 security controlsAlienVault
An effective Security Operation Center provides the information necessary for organizations to efficiently detect threats and subsequently contain them. While eliminating the threats we face is an impossible goal, reducing the time it takes to respond and contain them is certainly achievable. Learn 5 security controls for an effective security operations center.
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
SOC presentation- Building a Security Operations CenterMichael Nickle
Presentation I used to give on the topic of using a SIM/SIEM to unify the information stream flowing into the SOC. This piece of collateral was used to help close the largest SIEM deal (Product and services) that my employer achieved with this product line.
Security operations center 5 security controlsAlienVault
An effective Security Operation Center provides the information necessary for organizations to efficiently detect threats and subsequently contain them. While eliminating the threats we face is an impossible goal, reducing the time it takes to respond and contain them is certainly achievable. Learn 5 security controls for an effective security operations center.
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
Building a Next-Generation Security Operations Center (SOC)Sqrrl
So, you need to build a Security Operations Center (SOC)? What does that mean? What does the modern SOC need to do? Learn from Dr. Terry Brugger, who has been doing information security work for over 15 years, including building out a SOC for a large Federal agency and consulting for numerous large enterprises on their security operations.
Watch the presentation with audio here: http://info.sqrrl.com/sqrrl-october-webinar-next-generation-soc
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
In order to effectively defend your organization, you must think about the offensive strategy as well. But before we get ahead of ourselves let’s talk briefly about the building blocks of a good offense. First is an architecture that is built around a security policy that is aligned with the business risk. Risk must be understood and a cookie cutter approach must be avoided here because again every organization is different and so are their risks.
Cyber Security Trends
Business Concerns
Cyber Threats
The Solutions
Security Operation Center
requirement
SOC Architecture model
SOC Implementation
SOC & NOC
SOC & CSIRT
SIEM & Correlation
-----------------------------------------------------------
Definition
Gartner defines a SOC as both a team, often operating in shifts around the clock, and a facility dedicated to and organized to prevent, detect, assess and respond to cybersecurity threats and incidents, and to fulfill and assess regulatory compliance. The term "cybersecurity operation center "is often used synonymously for SOC.
A network operations center (NOC) is not a SOC, which focuses on network device management rather than detecting and responding to cybersecurity incidents. Coordination between the two is common, however.
A managed security service is not the same as having a SOC — although a service provider may offer services from a SOC. A managed service is a shared resource and not solely dedicated to a single organization or entity. Similarly, there is no such thing as a managed SOC.
Most of the technologies, processes and best practices that are used in a SOC are not specific to a SOC. Incident response or vulnerability management remain the same, whether delivered from a SOC or not. It is a meta-topic, involving many security domains and disciplines, and depending on the services and functions that are delivered by the SOC.
Services that often reside in a SOC are:
• Cyber security incident response
• Malware analysis
• Forensic analysis
• Threat intelligence analysis
• Risk analytics and attack path modeling
• Countermeasure implementation
• Vulnerability assessment
• Vulnerability analysis
• Penetration testing
• Remediation prioritization and coordination
• Security intelligence collection and fusion
• Security architecture design
• Security consulting
• Security awareness training
• Security audit data collection and distribution
Alternative names for SOC :
Security defense center (SDC)
Security intelligence center
Cyber security center
Threat defense center
security intelligence and operations center (SIOC)
Infrastructure Protection Centre (IPC)
مرکز عملیات امنیت
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Frameworks" will help you understand why and how the organizations are using the cybersecurity framework to Identify, Protect and Recover from cyber attacks.
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
An in-depth look at:
1. Disruptive Technology and its impact on organizations.
2. Need for a Security Operations Center (SOC) for the 21st century businesses
3. Designing and operating an effective SOC - what it takes to run a successful SOC starting from how we should prepare our minds in terms of approach to the actual implementation and operation.
4. Qualities any SOC Analyst should possess
5. Measuring the success of a SOC - We discuss critical factors to consider when determining the success of a SOC.
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
Security Management is very complex and does not limit itself to products and technologies. It is important to consider alternatives when setting up a Security Operation Center (SOC), from insight into the business plan requirements, ability and the skill set of people who will handle the SOC, the responsibilities for the team, budget and more.
According to Cisco’s 2018 Cyber security automation Study, organizations overwhelmingly favor specialized tools to get the most robust capabilities across their environment. The more disparate technology a SOC uses, the greater the need for security orchestration and automation platform to help tie everything together.
Visit - https://www.siemplify.co/
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
Learn about Sogeti’s journey of creating a new Security Operation Center, and how and why we leveraged QRadar solutions. We explore the full program lifecycle, from strategic choices to technical analysis and benchmarking on the product. We explain how QRadar accelerates the go-to-market of the SOC, and how we embed IBM Security Intelligence offerings in our solution. Having a strong collaboration between different IBM stakeholders such as Software Group, Global Technology Services, as well as the Labs, was key to client satisfaction and operational effectiveness. We also show the value of integrating new QRadar features in our SOC roadmap, in order to constantly stay ahead in the cyber security game.
STIX, TAXII, CISA: Impact of the Cybersecurity Information Sharing Act of 2015Priyanka Aash
Amid privacy concerns and after a decade-long battle, the U.S. Cybersecurity Information Sharing Act (CISA) of 2015 was passed. Critics claim CISA is a surveillance bill in disguise; proponents claim the act provides a needed legal framework for information sharing. Can CISA actually improve cyberdefense without risking privacy? Are there unforeseen roadblocks? What about STIX/TAXII?
(Source: RSA USA 2016-San Francisco)
Summarize the design and build approach for SOC (Security Operation Center) for both end user company and service providers. Defines the approach flow for SOC building and various components and phases involved. Defines design thumb rules and parameters for SOC Design.
The Cyber Defense Matrix helps people organize and understand gaps in their overall security program. These slides describe several additional use cases of the Cyber Defense Matrix, including how to map the latest startup vendors and security trends, anticipate gaps, develop program roadmaps, capture metrics, reconcile inventories, improve situational awareness, and create a board-level view of their entire program.
See the 2016 version at: http://bit.ly/cyberdefensematrix
See the 2019 version at: http://bit.ly/cyberdefensematrixreloaded
Key takeaways:
What is Cyber Threat Intelligence?
Why should you care about it?
How would you collect it?
How would you generate it?
What would you do with it?
Building a Next-Generation Security Operations Center (SOC)Sqrrl
So, you need to build a Security Operations Center (SOC)? What does that mean? What does the modern SOC need to do? Learn from Dr. Terry Brugger, who has been doing information security work for over 15 years, including building out a SOC for a large Federal agency and consulting for numerous large enterprises on their security operations.
Watch the presentation with audio here: http://info.sqrrl.com/sqrrl-october-webinar-next-generation-soc
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
In order to effectively defend your organization, you must think about the offensive strategy as well. But before we get ahead of ourselves let’s talk briefly about the building blocks of a good offense. First is an architecture that is built around a security policy that is aligned with the business risk. Risk must be understood and a cookie cutter approach must be avoided here because again every organization is different and so are their risks.
Cyber Security Trends
Business Concerns
Cyber Threats
The Solutions
Security Operation Center
requirement
SOC Architecture model
SOC Implementation
SOC & NOC
SOC & CSIRT
SIEM & Correlation
-----------------------------------------------------------
Definition
Gartner defines a SOC as both a team, often operating in shifts around the clock, and a facility dedicated to and organized to prevent, detect, assess and respond to cybersecurity threats and incidents, and to fulfill and assess regulatory compliance. The term "cybersecurity operation center "is often used synonymously for SOC.
A network operations center (NOC) is not a SOC, which focuses on network device management rather than detecting and responding to cybersecurity incidents. Coordination between the two is common, however.
A managed security service is not the same as having a SOC — although a service provider may offer services from a SOC. A managed service is a shared resource and not solely dedicated to a single organization or entity. Similarly, there is no such thing as a managed SOC.
Most of the technologies, processes and best practices that are used in a SOC are not specific to a SOC. Incident response or vulnerability management remain the same, whether delivered from a SOC or not. It is a meta-topic, involving many security domains and disciplines, and depending on the services and functions that are delivered by the SOC.
Services that often reside in a SOC are:
• Cyber security incident response
• Malware analysis
• Forensic analysis
• Threat intelligence analysis
• Risk analytics and attack path modeling
• Countermeasure implementation
• Vulnerability assessment
• Vulnerability analysis
• Penetration testing
• Remediation prioritization and coordination
• Security intelligence collection and fusion
• Security architecture design
• Security consulting
• Security awareness training
• Security audit data collection and distribution
Alternative names for SOC :
Security defense center (SDC)
Security intelligence center
Cyber security center
Threat defense center
security intelligence and operations center (SIOC)
Infrastructure Protection Centre (IPC)
مرکز عملیات امنیت
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Frameworks" will help you understand why and how the organizations are using the cybersecurity framework to Identify, Protect and Recover from cyber attacks.
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
An in-depth look at:
1. Disruptive Technology and its impact on organizations.
2. Need for a Security Operations Center (SOC) for the 21st century businesses
3. Designing and operating an effective SOC - what it takes to run a successful SOC starting from how we should prepare our minds in terms of approach to the actual implementation and operation.
4. Qualities any SOC Analyst should possess
5. Measuring the success of a SOC - We discuss critical factors to consider when determining the success of a SOC.
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
Security Management is very complex and does not limit itself to products and technologies. It is important to consider alternatives when setting up a Security Operation Center (SOC), from insight into the business plan requirements, ability and the skill set of people who will handle the SOC, the responsibilities for the team, budget and more.
According to Cisco’s 2018 Cyber security automation Study, organizations overwhelmingly favor specialized tools to get the most robust capabilities across their environment. The more disparate technology a SOC uses, the greater the need for security orchestration and automation platform to help tie everything together.
Visit - https://www.siemplify.co/
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
Learn about Sogeti’s journey of creating a new Security Operation Center, and how and why we leveraged QRadar solutions. We explore the full program lifecycle, from strategic choices to technical analysis and benchmarking on the product. We explain how QRadar accelerates the go-to-market of the SOC, and how we embed IBM Security Intelligence offerings in our solution. Having a strong collaboration between different IBM stakeholders such as Software Group, Global Technology Services, as well as the Labs, was key to client satisfaction and operational effectiveness. We also show the value of integrating new QRadar features in our SOC roadmap, in order to constantly stay ahead in the cyber security game.
STIX, TAXII, CISA: Impact of the Cybersecurity Information Sharing Act of 2015Priyanka Aash
Amid privacy concerns and after a decade-long battle, the U.S. Cybersecurity Information Sharing Act (CISA) of 2015 was passed. Critics claim CISA is a surveillance bill in disguise; proponents claim the act provides a needed legal framework for information sharing. Can CISA actually improve cyberdefense without risking privacy? Are there unforeseen roadblocks? What about STIX/TAXII?
(Source: RSA USA 2016-San Francisco)
Summarize the design and build approach for SOC (Security Operation Center) for both end user company and service providers. Defines the approach flow for SOC building and various components and phases involved. Defines design thumb rules and parameters for SOC Design.
The Cyber Defense Matrix helps people organize and understand gaps in their overall security program. These slides describe several additional use cases of the Cyber Defense Matrix, including how to map the latest startup vendors and security trends, anticipate gaps, develop program roadmaps, capture metrics, reconcile inventories, improve situational awareness, and create a board-level view of their entire program.
See the 2016 version at: http://bit.ly/cyberdefensematrix
See the 2019 version at: http://bit.ly/cyberdefensematrixreloaded
Key takeaways:
What is Cyber Threat Intelligence?
Why should you care about it?
How would you collect it?
How would you generate it?
What would you do with it?
"Cyberhunting" actively looks for signs of compromise within an organization and seeks to control and minimize the overall damage. These rare, but essential, breed of enterprise cyber defenders give proactive security a whole new meaning.
Check out the accompanying webinar: http://www.hosting.com/resources/webinars/?commid=228353
SIEM-plifying security monitoring: A different approach to security visibilityAlienVault
Despite investments in preventative security technology and teams, devastating data breaches continue to occur, and the threats we face only grow more advanced all the time. If even the largest companies are struggling to avoid breaches, how can teams with more limited security staff and budgets hope to avoid that same fate? Organizations need to invest more in detection and proactive threat intelligence. SIEM products have been widely deployed for this purpose, however much of the technology remains unwieldy and difficult to use.
Join Dave Shackleford, founder of Voodoo Security and a Senior SANS Instructor, and Joe Schreiber, Solution Architect with AlienVault for this session covering:
Key security intelligence insights you need to defend against modern threats
"Tales from the trenches" of challenges getting the insights you need from SIEM
Fundamentals for evaluating a security approach that will work for you, not against you.
How a unified approach to security visibility can help you get from install to insight more quickly
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)Shawn Tuma
Cybersecurity & Data Privacy Attorney Shawn Tuma presents the lunch keynote on the Legal Case for Cybersecurity at SecureWorld-Dallas in 2017.
Here is a link directly to the YouTube video of this presentation: https://youtu.be/3ZeJ86Ebas0
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, DohaSyed Peer
“Securing the Critical Infrastructure Networks Effectively” - Is OT the Weakest Link in Securing the Critical Infrastructure?
Cyber Attacks has consistently ranked among the top threats faced by businesses. Cyber Security as a subject that has now reached boardroom agendas. There have been proposals to link Cyber Security to CEO performance and pays. The point only underlines the critical nature and importance of Cyber Security to Businesses.
In an OT environment, the threat is amplified much more because it can have ramifications that impact human lives and their safety.
Cyber Security Management in a Highly Innovative WorldSafeNet
Cyber attacks are reaching pandemic levels. State-sponsored groups and organized crime are successfully stealing valuable intellectual property—including critical infrastructure and operational readiness information, businesses’ and consumers’ financial data—often without anyone realizing the attack has occurred!
But preparedness cannot be delegated solely to the IT department. The involvement of the entire enterprise, armed with an understanding of the highly dynamic landscape, is vital for warding off potential threats.
Author: David Etue, VP of CorpDev Strategy, SafeNet
Watch the webcast on demand: https://www.brighttalk.com/webcast/6319/75109
Palestra do evento "Cybersecurity: a nova era em resposta a incidentes e auditoria de dados"
Sam Maccherola - VP and General Manager Public Sector Guidance Software Inc.
Brasília, 04 de agosto de 2010
With each passing year, the security threats facing computer networks have become more technically sophisticated, better organized and harder to detect. At the same time, the consequences of failure to block these attacks have increased. In addition to the economic consequences of financial fraud, we are seeing real-world attacks that impact the reliability of critical infrastructure and national security.
Join Lancope's Director of Security Research to learn about five key challenges that computer security professionals face in 2013, including:
1. State-sponsored espionage and sabotage of computer networks
2. Monster DDoS attacks
3. The loss of visibility and control created by IT consumerization and the cloud
4. The password debacle
5. Insider threats
How Do Get Police, Fire, Paramedics and Others to Share Information? Built T...ForgeRock
Presented by Darrell O'Donnell, P.Eng, President, Continuum Loop Inc. at ForgeRock Open Stack Identity Summit, June 2013
Learn more about ForgeRock Access Management:
https://www.forgerock.com/platform/access-management/
Learn more about ForgeRock Identity Management:
https://www.forgerock.com/platform/identity-management/
Learn from the experts! Tune into this webinar to hear Doug Copley, Deputy CISO/Security & Privacy Strategist for Forcepoint, talk about What It Takes to be a CISO in 2017: expectations, challenges, partnerships, the roadmap,critical activities and more.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Welcome to the first live UiPath Community Day Dubai! Join us for this unique occasion to meet our local and global UiPath Community and leaders. You will get a full view of the MEA region's automation landscape and the AI Powered automation technology capabilities of UiPath. Also, hosted by our local partners Marc Ellis, you will enjoy a half-day packed with industry insights and automation peers networking.
📕 Curious on our agenda? Wait no more!
10:00 Welcome note - UiPath Community in Dubai
Lovely Sinha, UiPath Community Chapter Leader, UiPath MVPx3, Hyper-automation Consultant, First Abu Dhabi Bank
10:20 A UiPath cross-region MEA overview
Ashraf El Zarka, VP and Managing Director MEA, UiPath
10:35: Customer Success Journey
Deepthi Deepak, Head of Intelligent Automation CoE, First Abu Dhabi Bank
11:15 The UiPath approach to GenAI with our three principles: improve accuracy, supercharge productivity, and automate more
Boris Krumrey, Global VP, Automation Innovation, UiPath
12:15 To discover how Marc Ellis leverages tech-driven solutions in recruitment and managed services.
Brendan Lingam, Director of Sales and Business Development, Marc Ellis
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Epistemic Interaction - tuning interfaces to provide information for AI support
Introduction to STIX 101
1. HS SEDI is a trademark of the U.S. Department of Homeland Security (DHS)
The HS SEDI FFRDC is managed and operated by The MITRE Corporation for DHS
STIX Introduction
What is STIX and why is it relevant?
2. HS SEDI is a trademark of the U.S. Department of Homeland Security (DHS)
The HS SEDI FFRDC is managed and operated by The MITRE Corporation for DHS
Balance of Inward & Outward Focus
Traditional approach to security has been inward focused
– Understand ourselves: find all vulnerabilities, fix all vulnerabilities, et
voila we are magically “secure”
– This is based on a fallacy that we can know and/or fix all vulnerabilities
– Inward focus (hygiene) is necessary but inadequate.
Need for a balancing outward focus on understanding the
adversary, their motivation, tactics, activity to make intelligent and
realistic defense decisions.
| 1 |
3. HS SEDI is a trademark of the U.S. Department of Homeland Security (DHS)
The HS SEDI FFRDC is managed and operated by The MITRE Corporation for DHS
Proactive & Reactive Actions Needed
Many attacks today are increasingly complex and multistage.
Current visibility and ability to act is typically after exploit has
occurred
– Response is important but inadequate alone
Need to balance response with proactive detection and
prevention of pre-exploit activity
| 2 |
Recon
Weaponize
Deliver
Exploit
Control
Execute
Maintain
Kill Chain or Cyber Attack Lifecycle
4. HS SEDI is a trademark of the U.S. Department of Homeland Security (DHS)
The HS SEDI FFRDC is managed and operated by The MITRE Corporation for DHS
Need for Holistic Threat Intelligence
Effective understanding, decision-making and action require a
holistic picture of both ourselves and the adversary.
– What are our assets? What are our missions and activities? What is our
attack surface? Where are we vulnerable?
– Who is the adversary? Where are they acting? How are they acting? What
does it look like when they act? What are they targeting? What actions
should we take to mitigate their actions?
This is holistic threat intelligence
| 3 |
5. HS SEDI is a trademark of the U.S. Department of Homeland Security (DHS)
The HS SEDI FFRDC is managed and operated by The MITRE Corporation for DHS
Need for Information Sharing
Holistic threat intelligence is not a single player sport
It depends on access to a wide range of information and no single
entity, no matter how large, has the full picture to be consistently
predictive or effective in prevention.
It requires sharing of information between interested parties.
– Sharing applies both internally and externally
– Sharing is not completely new but is typically focused on very atomic, limited-
sophistication indicators (IP lists, file hashes, URLS, email addresses, etc.)
– Most sharing is unstructured and human-to-human
– There is a need to share more sophisticated behavioral and contextual information
How can my detection today aid your prevention tomorrow?
| 4 |
6. HS SEDI is a trademark of the U.S. Department of Homeland Security (DHS)
The HS SEDI FFRDC is managed and operated by The MITRE Corporation for DHS
Cost to Adversary
Trivial/cheap
to hop between
IP addresses
Slightly more
expensive to hop
between
domains
Difficult &
expensive:
Changing tactics and
procedures to evade
behavioral detection
| 5 |
7. HS SEDI is a trademark of the U.S. Department of Homeland Security (DHS)
The HS SEDI FFRDC is managed and operated by The MITRE Corporation for DHS
Need for Automation
Massive amounts of information, diverse sharing partners, rapid
tempo of attack and need to respond at machine speed require
automation
Human interpretation and decision will always be involved but
we need to assist them in this by letting machines do what
machines do well.
| 6 |
8. HS SEDI is a trademark of the U.S. Department of Homeland Security (DHS)
The HS SEDI FFRDC is managed and operated by The MITRE Corporation for DHS
Pulling it All Together
Pursuing holistic threat intelligence
Sharing of information among a diverse set of players
Leveraging automation throughout
Standardized Representation of
Cyber Threat Information
STIX is intended to address this issue
| 7 |
9. HS SEDI is a trademark of the U.S. Department of Homeland Security (DHS)
The HS SEDI FFRDC is managed and operated by The MITRE Corporation for DHS
What is STIX?
A language for the characterization and communication of
cyber threat information
– NOT a sharing program, database, or tool
…but supports all of those uses and more
Developed with open community feedback
Supports
– Clear understandings of cyber threat information
– Consistent expression of threat information
– Automated processing based on collected intelligence
– Advance the state of practice in threat analytics
| 8 |
10. HS SEDI is a trademark of the U.S. Department of Homeland Security (DHS)
The HS SEDI FFRDC is managed and operated by The MITRE Corporation for DHS
Analyzing Cyber Threats
Specifying Indicator Patterns for Cyber Threats
Managing Cyber Threat Operations/Response Activities
– Cyber Threat Prevention
– Cyber Threat Detection
– Incident Response (investigation, digital forensics, malware analysis,
etc.)
Sharing Cyber Threat Information (internally and externally)
| 9 |
Use Cases
11. HS SEDI is a trademark of the U.S. Department of Homeland Security (DHS)
The HS SEDI FFRDC is managed and operated by The MITRE Corporation for DHS
STIX provides a common mechanism for addressing structured cyber threat
information across and among this full range of use cases improving consistency,
efficiency, interoperability, and overall situational awareness.
STIX Use Cases Cover a Broad Spectrum
| 10 |
12. HS SEDI is a trademark of the U.S. Department of Homeland Security (DHS)
The HS SEDI FFRDC is managed and operated by The MITRE Corporation for DHS
What is “Cyber (Threat) Intelligence?”
Consider these questions:
What activity are we seeing?
What threats should I look for on my
networks and systems and why?
Where has this threat been seen?
What does it do?
What weaknesses does this threat exploit?
Why does it do this?
Who is responsible for this threat?
What can I do about it?
| 11 |
13. HS SEDI is a trademark of the U.S. Department of Homeland Security (DHS)
The HS SEDI FFRDC is managed and operated by The MITRE Corporation for DHS
STIX Architecture
| 12 |
14. HS SEDI is a trademark of the U.S. Department of Homeland Security (DHS)
The HS SEDI FFRDC is managed and operated by The MITRE Corporation for DHS
| 13 |
Observable
Primary intent:
Primary content:
– Title/Description
– Information source
Who, when, where, how (tools), etc.
– Object, Event or Composition
Object
– Description
– Properties (extensible with
different object types)
» Each property can
express observed
value or rich
patterning for potential
observations
– Location
– Related Objects
Event
– Type
– Description
– Actions
» Type
» Name
» Arguments
» Location
» Associated objects
» Related actions
– Location
Composition
– Observables combined
using logical operators
(And/Or)
– Convey specific instances of cyber observation (either static or dynamic) or
patterns of what could potentially be observed.
15. HS SEDI is a trademark of the U.S. Department of Homeland Security (DHS)
The HS SEDI FFRDC is managed and operated by The MITRE Corporation for DHS
■ Account
■ Address
■ API
■ Archive File
■ ARP Cache Entry
■ Artifact
■ Autonomous System
■ Code
■ Custom
■ Device
■ Disk
■ Disk Partition
■ DNS Query
■ DNS Record
■ DNS Cache
■ Domain Name
■ Email Message
■ File
■ GUI
■ GUI Dialog Box
■ GUI Window
■ Hostname
■ HTTP Session
■ Image
■ Library
■ Link
■ Linux Package
■ Memory
■ Mutex
■ Network Connection
■ Network Flow
■ Network Packet
■ Network Route Entry
■ Network Route
■ Network Subnet
■ PDF File
■ Pipe
■ Port
■ Process
■ Product
■ Semaphore
■ SMS
■ Socket
■ Socket Address
■ System
■ Unix File
■ Unix Network Route Entry
■ Unix Pipe
■ Unix Process
■ Unix User Account
■ Unix Volume
■ URI
■ URL History
■ User Account
■ User Session
■ Volume
■ Whois
■ Win Computer Account
■ Win Critical Section
■ Win Driver
CybOX v2.1 Objects
■ Win Event
■ Win Event Log
■ Win Executable File
■ Win File
■ Win Filemapping
■ Win Handle
■ Win Hook
■ Win Kernel
■ Win Kernel Hook
■ Win Mailslot
■ Win Memory Page Region
■ Win Mutex
■ Win Network Route Entry
■ Win Pipe
■ Win Network Share
■ Win Prefetch
■ Win Process
■ Win Registry Key
■ Win Semaphore
■ Win Service
■ Win System
■ Win System Restore
■ Win Task
■ Win Thread
■ Win User Account
■ Win Volume
■ Win Waitable Timer
■ X509 Certificate
(more on the way)
| 14 |
16. HS SEDI is a trademark of the U.S. Department of Homeland Security (DHS)
The HS SEDI FFRDC is managed and operated by The MITRE Corporation for DHS
| 15 |
Observable
Simple examples
– A file with particular MD5 hash is seen
– An incoming network connection is seen from a particular IP address
– A particular registry key is modified
– A particular process is killed
– A pattern that might be seen for an email with a particular subject line and with a
.PDF file attached
– A pattern for an HTTP Get with a particular user agent
17. HS SEDI is a trademark of the U.S. Department of Homeland Security (DHS)
The HS SEDI FFRDC is managed and operated by The MITRE Corporation for DHS
| 16 |
Indicator
Primary intent:
Primary content:
– Title/Description/ShortDescription
– Type of Indicator
– Valid time range
– Observable pattern
– Indicated TTP
– Test mechanisms
Non-CybOX pattern representation
(e.g. Snort, Yara, OpenIOC)
– Suggested course of action
– Confidence
– Sightings
– Kill chain phases
– Handling
– Information source
– Convey specific Observable patterns with contextual information intended to
represent artifacts and/or behaviors of interest (“indicated” TTPs) within a cyber
security context
18. HS SEDI is a trademark of the U.S. Department of Homeland Security (DHS)
The HS SEDI FFRDC is managed and operated by The MITRE Corporation for DHS
| 17 |
Indicator
Simple examples
– If network traffic is seen from a particular range of IP addresses it indicates a
DDoS attack
– If a file is seen with a particular SHA256 hash it indicates the presence of Poison
Ivy
– If an email is seen with an attached file that has a particular string in the filename
and has a particular MD5 hash it indicates a phishing attack associated with a
particular campaign
– If an outgoing network connection to 218.077.079.034 is seen within the next week
there is a medium confidence that it indicates exfiltration from a Zeus infection
– If HTTP traffic is seen with particular characteristics including a particular user
agent it indicates a particular form of data exfiltration is occuring.
19. HS SEDI is a trademark of the U.S. Department of Homeland Security (DHS)
The HS SEDI FFRDC is managed and operated by The MITRE Corporation for DHS
Primary intent:
Primary content:
– Title/Description/ShortDescriptio
n
– Granular milestone timestamps
– Categories
– Role identities (CIQ extensible)
Reporter/Responder/Coordinator
– Victim identity (CIQ extensible)
– Affected assets
– Impact assessment
– Status
– Related Indicators
– Related Observables
– Leveraged TTPs
| 18 |
Incident
– Attributed Threat Actor
– Intended effect
– Security compromise
– Course of Action requested/taken
– Confidence
– Contact information
– History
Action entries
Journal entries
– Handling
– Information source
– Convey details of specific security events affecting an organization(s) along with
information discovered or decided during an incident response investigation
20. HS SEDI is a trademark of the U.S. Department of Homeland Security (DHS)
The HS SEDI FFRDC is managed and operated by The MITRE Corporation for DHS
Simple example
– A laptop assigned to Joe Smith was found on 4/30/14 to be
infected with a specific variant of Zeus using a specific range of
IPs for C2.
– The investigation coordinated by Jane Jones found that the initial
infection came from a phishing attack with malicious attachment
on 4/28/14.
– Authentication credentials to the FooBar system were found to
be compromised and exfiltrated to 123.54.33.234 on 4/29/14.
| 19 |
Incident
21. HS SEDI is a trademark of the U.S. Department of Homeland Security (DHS)
The HS SEDI FFRDC is managed and operated by The MITRE Corporation for DHS
Primary intent:
Primary content:
– Title/Description/ShortDescription
– Intended effect
– Behavior
Attack patterns (CAPEC
extensible)
Malware (MAEC extensible)
Exploits
– Resources
Tools
Infrastructure
Personas (CIQ extensible)
| 20 |
Tactics, Techniques & Procedures (TTP)
– Victim targeting
Identity (CIQ extensible)
Targeted systems
Targeted information
Technical targeting
– Exploit targets
– Related TTP
– Kill chains
– Handling
– Information source
– Convey details of the behavior or modus operandi of cyber adversaries (e.g. what do
they do, what do they use to do it, who do they target, what do they target)
22. HS SEDI is a trademark of the U.S. Department of Homeland Security (DHS)
The HS SEDI FFRDC is managed and operated by The MITRE Corporation for DHS
Simple examples
– Characterization of a particular variant of Zeus
– Characterization of a particular attack pattern leveraging a
particular form of system misconfiguration for post-exploit lateral
movement and privilege escalation
– Characterization of particular range of IP address used for C2
infrastructure
– Characterization of LOIC as a tool used for DoS attacks
– Characterization of project managers on a particular defense
program being targeted
– Characterization of HR information on Oracle 10i systems being
targeted
| 21 |
Tactics, Techniques & Procedures (TTP)
23. HS SEDI is a trademark of the U.S. Department of Homeland Security (DHS)
The HS SEDI FFRDC is managed and operated by The MITRE Corporation for DHS
Primary intent:
Primary content:
– Title/Description/ShortDescription
– Vulnerability (CVRF extensible)
Title/Description/ShortDescription
CVE ID
OSVDB ID
Source
CVSS score
Discovered date/time
Published date/time
Affected software
| 22 |
Exploit Target
– Weakness
– Configuration
– Potential Courses of Action
– Handling
– Information source
– Convey vulnerabilities or weaknesses in software, systems, networks or
configurations that may be targeted for exploitation by the TTP of a ThreatActor
24. HS SEDI is a trademark of the U.S. Department of Homeland Security (DHS)
The HS SEDI FFRDC is managed and operated by The MITRE Corporation for DHS
Simple example
– CVE-2014-0160 (Heartbleed vulnerability in OpenSSL)
– Characterization of a 0-day vulnerability in a particular Industrial
Control System valve actuator
– Characterization of a system design weakness enabling
asymmetric resource consumption (amplification) attacks (CWE-
405)
– Characterization of a particular configuration of MongoDB that
makes its management console vulnerable to particular injection
attacks
| 23 |
Exploit Target
25. HS SEDI is a trademark of the U.S. Department of Homeland Security (DHS)
The HS SEDI FFRDC is managed and operated by The MITRE Corporation for DHS
Primary intent:
Primary content:
– Title/Description/ShortDescription
– Names
– Intended effect
– Status
– Related TTPs
– Related Incidents
| 24 |
Campaign
– Attribution (Threat Actor(s))
– Associated Campaigns
– Confidence
– Handling
– Information source
– Convey perceived instances of Threat Actors pursuing an intent, as observed through
sets of Incidents and/or TTP, potentially across targeted organizations
26. HS SEDI is a trademark of the U.S. Department of Homeland Security (DHS)
The HS SEDI FFRDC is managed and operated by The MITRE Corporation for DHS
Simple example
– Characterization of the Operation Aurora campaign including
Its victim targeting of Google, Adobe, Juniper, Rackspace, etc.
Specific Incidents in the campaign
Particular malware and attack pattern TTPs leveraged
Particular IP addresses and Domain Names used infrastructure (TTP)
Asserted attribution to particular Chinese Threat Actors with ties to the
PLA
Asserted intent/motivation to access and potentially modify source code
repositories
| 25 |
Campaign
27. HS SEDI is a trademark of the U.S. Department of Homeland Security (DHS)
The HS SEDI FFRDC is managed and operated by The MITRE Corporation for DHS
Primary intent:
Primary content:
– Title/Description/ShortDescription
– Identity (CIQ extensible)
– Type of actor
– Motivation
– Sophistication
– Intended effect
– Planning and operational support
| 26 |
Threat Actor
– Observed TTPs
– Associated Campaigns
– Associated Threat Actors
– Confidence
– Handling
– Information source
– Convey characterizations of malicious actors (or adversaries) representing a cyber
attack threat including presumed intent and historically observed behavior
28. HS SEDI is a trademark of the U.S. Department of Homeland Security (DHS)
The HS SEDI FFRDC is managed and operated by The MITRE Corporation for DHS
Simple example
– Characterization of Mandiant-dubbed APT1 including
Assertions of it identity as Unit 61398 within the Chinese PLA
Assertions to specific locations associated (address in Shanghai)
Assertions to region (China), languages (Chinese&English), targeted
qualifications, etc.
Assertions that it is the same Threat Actor also known by the names
Comment Crew, Comment Group and Shady Rat
Assertions identifying particular individual Threat Actors associated with
APT1
Asserted characterization of the intent/motivation oriented around trade
secrets and business advantage
Assertions of particular TTP observed leveraged by APT1
| 27 |
Threat Actor
29. HS SEDI is a trademark of the U.S. Department of Homeland Security (DHS)
The HS SEDI FFRDC is managed and operated by The MITRE Corporation for DHS
Primary intent:
Primary content:
– Title/Description/ShortDescription
– Stage (preventative or responsive)
– Type of action to be taken
– Parameter Observables
Structured parameters for the action
– Objective
| 28 |
Course of Action
– Impact
– Cost
– Efficacy
– Handling
– Information source
– Convey specific actions to address threat whether preventative to address Exploit
Targets, or responsive to counter or mitigate the potential impacts of Incidents
30. HS SEDI is a trademark of the U.S. Department of Homeland Security (DHS)
The HS SEDI FFRDC is managed and operated by The MITRE Corporation for DHS
Simple examples
– Block outgoing network traffic to 218.077.079.034
– Redirect network traffic to/from 218.077.079.034 to denial/deception network
– Quarantine system containing file with MD5 = 2d75cc1bf8e57872781f9cd04a529256
– Reimage system to baseline
| 29 |
Course of Action
31. HS SEDI is a trademark of the U.S. Department of Homeland Security (DHS)
The HS SEDI FFRDC is managed and operated by The MITRE Corporation for DHS
Expressing Relationships
“Bad Guy”
ObservedTTP
Backdoor
Infrastructure
Badurl.com,
10.3.6.23, …
“BankJob23”
RelatedTo
Indicator-985
Observables
MD5 hash…
RelatedTo
CERT-2013-03…
Indicator-9742
Observables
Email-Subject:
“Follow-up”
| 30 |
32. HS SEDI is a trademark of the U.S. Department of Homeland Security (DHS)
The HS SEDI FFRDC is managed and operated by The MITRE Corporation for DHS
Pamina Republic
Army
Unit 31459
l33t007@badassin.com
Associated ActorLeet
Electronic Address
Initial Compromise
Indicator Observable
Spear Phishing Email
Establish Foothold
Observed TTP
Observed TTP
WEBC2
Malware
Behavior
Escalate Privilege
Observed TTP
Uses Tool
Uses Tool
cachedump
lslsass
MD5:
d8bb32a7465f55c368230bb52d52d885
Indicator
Observed TTP
Internal
Reconnaissance
Attack Pattern
ipconfig
net view
net group “domain admins”
Observed TTP
Exfiltration
Uses Tool
GETMAIL
Targets
Khaffeine
Bronxistan
Perturbia
Blahniks
. . .
Leverages
Infrastructure
IP Range:
172.24.0.0-112.25.255.255
C2 Servers
Observable
Sender: John Smith
Subject: Press Release
Expressing Relationships in STIX
| 31 |