This document discusses the need for Computer Emergency Response Teams (CERTs) in Africa given increasing internet connectivity and cyber threats on the continent. It outlines the changing digital landscape in Africa, including growing broadband infrastructure and more users. This expands the attack surface for malicious actors. The document then describes the objectives of a CERT in enhancing security awareness, building national expertise, assisting with cyber law, and establishing a central point of contact for incident reporting.
The document provides information about the SUMMIT 2016 Mobile Retailing Conference, Mobile Banking Conference, and Mobile Security Conference taking place on May 11-12, 2016 at the Indaba Hotel in Fourways, Johannesburg. The conferences will address topics related to securing mobile experiences, mobile security threats, establishing solutions to counter mobile threats, and fostering strong organizational mobile security practices. Speakers will include experts from Microsoft, IBM, SensePost, and other organizations.
UNICEF Digital Citizenship and Safety- Indonesia presentationAkshay Sinha
This document summarizes information about digital citizenship and safety in Indonesia. It provides an overview of Indonesia's population and economy. It then discusses characteristics of internet usage in Indonesia, including its growth, mobile usage, and digital divide. The document outlines common online activities of Indonesians like social networking, blogging, and streaming. It also examines safety risks such as piracy, sexual content, child exploitation, and terrorism online. The document concludes with recommendations for improving digital safety in Indonesia.
The document provides an overview of Symantec Corporation, a global leader in cybersecurity and data protection. It summarizes Symantec's strategy of securing and managing customers' information-driven world through five engines of growth: growing core businesses, scaling high-growth businesses, seeding emerging trends, growing in fast-growing economies, and using acquisitions. It outlines Symantec's financial objectives of growing revenue above market rates while expanding margins through expense discipline and cash flow growth.
An introduction to SOC (Security Operation Center)Ahmad Haghighi
The document discusses building a security operations center (SOC). It defines a SOC as a centralized unit that deals with security issues on an organizational and technical level. It monitors, assesses, and defends enterprise information systems. The document discusses whether to build an internal SOC or outsource it. It also covers SOC technologies, personnel requirements, and the five generations of SOCs. It provides resources for learning more about designing and maturing a SOC.
The document is the Symantec Internet Security Threat Report Volume XV which analyzes global cybersecurity threats. It finds that (1) malicious activity is taking root in emerging countries like Brazil, India, and Poland; (2) targeted attacks continue to focus on enterprises using Advanced Persistent Threats; and (3) consumers remain plagued by web-based attacks exploiting vulnerabilities in widely used applications like Internet Explorer.
121010_Mobile Banking & Payments for Emerging Asia Summit 2012_COMPLIANCE V/S...spirecorporate
This document discusses mobile banking and payments ecosystems. It outlines the increasing trend of non-cash transactions globally, especially in emerging markets, and the rise of electronic payments. Mobile phones and technology are driving this growth. The document also discusses security challenges, regulatory expectations around compliance, and balancing compliance with customer convenience. It introduces C-SAM, a pioneer in mobile commerce and payments, and their carrier-grade mobile wallet platform.
This document discusses corporate network security threats and solutions. It outlines how companies are losing control over sensitive information due to insecure access, malicious users, and external attacks. The solution presented is Drainware Corporate Service, which uses proprietary Drainware technology for intelligent content analysis and data classification. Key features of Drainware include data leak prevention, web filtering, rights management, and laptop tracking to secure information, comply with regulations, and prevent data loss. Custom rules and severity levels allow for flexible security policies.
The document provides information about the SUMMIT 2016 Mobile Retailing Conference, Mobile Banking Conference, and Mobile Security Conference taking place on May 11-12, 2016 at the Indaba Hotel in Fourways, Johannesburg. The conferences will address topics related to securing mobile experiences, mobile security threats, establishing solutions to counter mobile threats, and fostering strong organizational mobile security practices. Speakers will include experts from Microsoft, IBM, SensePost, and other organizations.
UNICEF Digital Citizenship and Safety- Indonesia presentationAkshay Sinha
This document summarizes information about digital citizenship and safety in Indonesia. It provides an overview of Indonesia's population and economy. It then discusses characteristics of internet usage in Indonesia, including its growth, mobile usage, and digital divide. The document outlines common online activities of Indonesians like social networking, blogging, and streaming. It also examines safety risks such as piracy, sexual content, child exploitation, and terrorism online. The document concludes with recommendations for improving digital safety in Indonesia.
The document provides an overview of Symantec Corporation, a global leader in cybersecurity and data protection. It summarizes Symantec's strategy of securing and managing customers' information-driven world through five engines of growth: growing core businesses, scaling high-growth businesses, seeding emerging trends, growing in fast-growing economies, and using acquisitions. It outlines Symantec's financial objectives of growing revenue above market rates while expanding margins through expense discipline and cash flow growth.
An introduction to SOC (Security Operation Center)Ahmad Haghighi
The document discusses building a security operations center (SOC). It defines a SOC as a centralized unit that deals with security issues on an organizational and technical level. It monitors, assesses, and defends enterprise information systems. The document discusses whether to build an internal SOC or outsource it. It also covers SOC technologies, personnel requirements, and the five generations of SOCs. It provides resources for learning more about designing and maturing a SOC.
The document is the Symantec Internet Security Threat Report Volume XV which analyzes global cybersecurity threats. It finds that (1) malicious activity is taking root in emerging countries like Brazil, India, and Poland; (2) targeted attacks continue to focus on enterprises using Advanced Persistent Threats; and (3) consumers remain plagued by web-based attacks exploiting vulnerabilities in widely used applications like Internet Explorer.
121010_Mobile Banking & Payments for Emerging Asia Summit 2012_COMPLIANCE V/S...spirecorporate
This document discusses mobile banking and payments ecosystems. It outlines the increasing trend of non-cash transactions globally, especially in emerging markets, and the rise of electronic payments. Mobile phones and technology are driving this growth. The document also discusses security challenges, regulatory expectations around compliance, and balancing compliance with customer convenience. It introduces C-SAM, a pioneer in mobile commerce and payments, and their carrier-grade mobile wallet platform.
This document discusses corporate network security threats and solutions. It outlines how companies are losing control over sensitive information due to insecure access, malicious users, and external attacks. The solution presented is Drainware Corporate Service, which uses proprietary Drainware technology for intelligent content analysis and data classification. Key features of Drainware include data leak prevention, web filtering, rights management, and laptop tracking to secure information, comply with regulations, and prevent data loss. Custom rules and severity levels allow for flexible security policies.
Introduction - The Smart Protection NetworkAndrew Wong
Trend Micro is introducing its Smart Protection Network, a next-generation security architecture. It collects threat data from various sources and analyzes it using TrendLabs to provide up-to-date threat information to lightweight endpoint clients in near real-time. This network removes the need for pattern monitoring and management on individual endpoints, reducing network traffic and memory usage. It also protects customers faster and with less staff time compared to traditional security solutions.
Fortinet and Windstream presented on debunking common network security myths. They discussed that having only a firewall is not enough protection today given blended attacks. Blocking applications alone is also insufficient; layered protection is needed. Consolidated security solutions are better than stand-alone products due to improved performance, protection and reduced complexity. Staying on top of threats is possible through real-time updates from hundreds of thousands of sensors. Even small businesses are targets, not just large enterprises. Windstream offers a managed network security solution beyond just desktop protection to defend an entire network environment.
This document summarizes an emerging social network platform for emerging markets called Next2. It provides details on the founders, advisors, technology used, potential customers and partners, and future plans. Next2 is a cloud-based, topic-driven social network that allows users to discover and share local solutions via SMS, mobile web, and apps. It has over 350 registered users currently and plans to expand to Nigeria in fall 2011. The document outlines Next2's benefits for publishers, customers, and SMS/mobile marketing partners.
The document summarizes a technology summit hosted by Symantec. It provided an overview of the agenda which included hands-on product training, sessions on topics like virtualization and cyber threats, and keynotes. It also introduced Carahsoft's role in supporting Symantec's government partners and upcoming events.
This document discusses how Natural ID can be used for security, usability, and commerce. It outlines several use cases such as payment, travel, access control, and digital goods. It also discusses how Natural ID can help reduce cart abandonment and fraudulent transactions when integrated with mobile commerce. Finally, it positions Natural ID and fingerprint authentication as playing a key role in reinventing strong user authentication across devices and platforms through standards like FIDO.
The document discusses how the internet is connecting more people, processes, data and things through various devices. By 2020, it is estimated that 50 billion devices will be connected. While only 0.05% of the world's data is currently analyzed, opportunities exist in using big data across various industries like manufacturing, retail, finance and healthcare. For countries and businesses to take advantage of these opportunities, greater internet connectivity through both fixed and mobile networks will be needed. The cloud can help provide this connectivity and allow for collaboration using data.
This document outlines opportunities in the ICT sector in Nigeria, including telecoms, banking, and cyber security. In telecoms, opportunities exist in mobile network operations, infrastructure services, equipment sales and maintenance. In banking, there is demand for mobile money platforms, innovative banking software, and training on cyber fraud. Cyber security presents opportunities for information security outsourcing given rising cyber crime costs and attacks against organizations in Nigeria.
This document discusses the evolution from traditional banking to mobile payments. It notes that while there are 1.8 billion bank accounts, there are over 4.6 billion mobile devices, and 70% of people are underbanked but 70% have mobile phones. This represents a $100 billion disruption opportunity in mobile payments. New players like mobile network operators, banks, payment schemes, and technology companies are entering the mobile payments space. The document then describes the Trusted Service Management partner and its role in secure element, application management, and provisioning services. It outlines Cassis' experience in NFC and mobile payment projects worldwide since 2002 and describes its leadership team.
5G & Edge: High Performance with Zero-Trust SecurityRebekah Rodriguez
5G and edge computing enable new enterprise use cases by providing faster internet speeds, lower latency, and the ability to connect more devices. However, fully realizing the benefits of 5G presents challenges related to regulations, integration of telecom and IT systems, evolving specifications, and security risks from a larger attack surface and network complexity. A zero trust security model that verifies all connections and limits access based on need can help address these risks. Edge computing deployments close to devices and data sources are also needed to achieve the low latency promised by 5G.
Slides presenting the attractiveness of Eastern Europe for Venture investors and highlighting market opportunities around Big Data, Cloud Computing and Mobile
The Internet of Things - beyond the hype and towards ROIPerry Lea
How do you move beyond the hype of IoT and towards profitability? This short lecture examines the hype and origin of IoT and the reality of the industry. It then talks about my experiences with the industry, customers, and technologists. Some have outright failed in IoT projects, others are succeeding.
Get beyond the prototype and lab experiment.
Ireland - The location of choice for International Payments firmsMartina Naughton
This document discusses Ireland as a location for international payments firms. It highlights Ireland's strong portfolio of financial services firms, leadership in software and ICT, and convergence of financial technology. Ireland has over 800 software firms, 24,000 employees in the sector, and 8 of the top 10 ICT companies have operations there. Financial regulation supports the payments market. Several large payments firms have partnerships and operations in Ireland, taking advantage of the business environment and government support through agencies like IDA Ireland.
Using Graphs to Take Down Fraudsters in Real TimeNeo4j
Todo1 Services uses Neo4j graphs to detect banking fraud in real time. They process over 7.5 billion transactions annually for 15 million customers. Neo4j allows Todo1 to generate features and analyze relationships faster, handle high transaction volumes with low latency, and adapt models to changing fraud patterns. Their system uses Neo4j to store over 250 million nodes and 2.2 billion relationships to help prevent over $40 million in losses annually while responding to queries in under 100 milliseconds.
The document discusses AVG Technologies' strategy to expand globally. It aims to acquire free users across multiple platforms and products, retain them by creating sticky products, and monetize users through understanding their behaviors and experimenting with various monetization methods. Key aspects of the strategy include expanding into high growth markets like China, India, Brazil, and Mexico; managing a dispersed workforce through acquisitions and organic growth; and overcoming challenges of penetrating beyond free users by selecting the right technology, localization, marketing and distribution approaches. The overall goal is to build an internet platform with an engaged global user community and leverage the large market opportunity.
This document discusses various topics related to cyber crime including:
- The evolution of cyber crime and how internet usage has increased opportunities for cyber threats.
- Different types of cyber crimes such as financial crimes, intellectual property crimes, cyber bullying, and web defacement.
- Common targets of cyber crimes like individuals, businesses, and governments.
- Trends showing India has a significant problem with cyber crimes and ranks high globally in areas like spam generation.
- The document emphasizes that cyber crime prevention is important as internet usage continues to grow rapidly around the world.
The document discusses how the Information Technology Act was intended to facilitate e-commerce but instead has given rise to more cyber crimes. It notes that rather than providing information and technology, the Act has led to increased criminal activity online. The summary highlights how the Act focused on enabling electronic transactions and records but that the amendments focused more on cyber terrorism and cyber crime.
IDC is a leading global market intelligence and advisory firm providing technology industry analysis and insights from over 1,000 analysts in over 110 countries. IDC surveys over 300,000 technology users annually to deliver unrivaled market coverage and fact-based insights. IDC aims to help clients understand technology opportunities and trends to make informed business planning decisions at every stage.
IDC is a leading global market intelligence and advisory firm providing technology industry analysis and market data to clients since 1964. With over 1,000 analysts located in over 50 countries, IDC surveys over 300,000 technology users annually to deliver insights into IT, telecom, and consumer technology markets worldwide. IDC aims to provide expertise across all stages of business planning from market intelligence to consulting and partnerships.
IDC is a global market intelligence and advisory firm providing information and analysis on technology and industry trends to clients in over 110 countries. With over 1000 analysts located worldwide, IDC surveys over 300,000 technology users annually to deliver insights on IT, telecommunications, and consumer technology markets. IDC has been delivering market data and strategic guidance to clients since its founding in 1964.
Dealing with security threats, the director discusses:
1) The current threat landscape including threats to governments, consumers, and examples of security breaches.
2) The anatomy of a security breach including disruption of operations and different types of insiders like well-meaning or malicious.
3) The need for operationalizing security through establishing in-depth defense at the network periphery and endpoints to effectively defend interconnected systems and information sharing.
This document discusses cyber security strategies and approaches used by various governments and organizations. It outlines national strategies from the UK, US, Estonia, and Singapore, as well as approaches at the European Union level. Common themes across strategies include recognizing the interconnected nature of IT systems, moving from attack detection to prevention, and the need for joint public-private collaboration to develop regulations, share intelligence, and protect critical infrastructure and society.
More Related Content
Similar to Anatomy of a CERT - Gordon Love, Symantec
Introduction - The Smart Protection NetworkAndrew Wong
Trend Micro is introducing its Smart Protection Network, a next-generation security architecture. It collects threat data from various sources and analyzes it using TrendLabs to provide up-to-date threat information to lightweight endpoint clients in near real-time. This network removes the need for pattern monitoring and management on individual endpoints, reducing network traffic and memory usage. It also protects customers faster and with less staff time compared to traditional security solutions.
Fortinet and Windstream presented on debunking common network security myths. They discussed that having only a firewall is not enough protection today given blended attacks. Blocking applications alone is also insufficient; layered protection is needed. Consolidated security solutions are better than stand-alone products due to improved performance, protection and reduced complexity. Staying on top of threats is possible through real-time updates from hundreds of thousands of sensors. Even small businesses are targets, not just large enterprises. Windstream offers a managed network security solution beyond just desktop protection to defend an entire network environment.
This document summarizes an emerging social network platform for emerging markets called Next2. It provides details on the founders, advisors, technology used, potential customers and partners, and future plans. Next2 is a cloud-based, topic-driven social network that allows users to discover and share local solutions via SMS, mobile web, and apps. It has over 350 registered users currently and plans to expand to Nigeria in fall 2011. The document outlines Next2's benefits for publishers, customers, and SMS/mobile marketing partners.
The document summarizes a technology summit hosted by Symantec. It provided an overview of the agenda which included hands-on product training, sessions on topics like virtualization and cyber threats, and keynotes. It also introduced Carahsoft's role in supporting Symantec's government partners and upcoming events.
This document discusses how Natural ID can be used for security, usability, and commerce. It outlines several use cases such as payment, travel, access control, and digital goods. It also discusses how Natural ID can help reduce cart abandonment and fraudulent transactions when integrated with mobile commerce. Finally, it positions Natural ID and fingerprint authentication as playing a key role in reinventing strong user authentication across devices and platforms through standards like FIDO.
The document discusses how the internet is connecting more people, processes, data and things through various devices. By 2020, it is estimated that 50 billion devices will be connected. While only 0.05% of the world's data is currently analyzed, opportunities exist in using big data across various industries like manufacturing, retail, finance and healthcare. For countries and businesses to take advantage of these opportunities, greater internet connectivity through both fixed and mobile networks will be needed. The cloud can help provide this connectivity and allow for collaboration using data.
This document outlines opportunities in the ICT sector in Nigeria, including telecoms, banking, and cyber security. In telecoms, opportunities exist in mobile network operations, infrastructure services, equipment sales and maintenance. In banking, there is demand for mobile money platforms, innovative banking software, and training on cyber fraud. Cyber security presents opportunities for information security outsourcing given rising cyber crime costs and attacks against organizations in Nigeria.
This document discusses the evolution from traditional banking to mobile payments. It notes that while there are 1.8 billion bank accounts, there are over 4.6 billion mobile devices, and 70% of people are underbanked but 70% have mobile phones. This represents a $100 billion disruption opportunity in mobile payments. New players like mobile network operators, banks, payment schemes, and technology companies are entering the mobile payments space. The document then describes the Trusted Service Management partner and its role in secure element, application management, and provisioning services. It outlines Cassis' experience in NFC and mobile payment projects worldwide since 2002 and describes its leadership team.
5G & Edge: High Performance with Zero-Trust SecurityRebekah Rodriguez
5G and edge computing enable new enterprise use cases by providing faster internet speeds, lower latency, and the ability to connect more devices. However, fully realizing the benefits of 5G presents challenges related to regulations, integration of telecom and IT systems, evolving specifications, and security risks from a larger attack surface and network complexity. A zero trust security model that verifies all connections and limits access based on need can help address these risks. Edge computing deployments close to devices and data sources are also needed to achieve the low latency promised by 5G.
Slides presenting the attractiveness of Eastern Europe for Venture investors and highlighting market opportunities around Big Data, Cloud Computing and Mobile
The Internet of Things - beyond the hype and towards ROIPerry Lea
How do you move beyond the hype of IoT and towards profitability? This short lecture examines the hype and origin of IoT and the reality of the industry. It then talks about my experiences with the industry, customers, and technologists. Some have outright failed in IoT projects, others are succeeding.
Get beyond the prototype and lab experiment.
Ireland - The location of choice for International Payments firmsMartina Naughton
This document discusses Ireland as a location for international payments firms. It highlights Ireland's strong portfolio of financial services firms, leadership in software and ICT, and convergence of financial technology. Ireland has over 800 software firms, 24,000 employees in the sector, and 8 of the top 10 ICT companies have operations there. Financial regulation supports the payments market. Several large payments firms have partnerships and operations in Ireland, taking advantage of the business environment and government support through agencies like IDA Ireland.
Using Graphs to Take Down Fraudsters in Real TimeNeo4j
Todo1 Services uses Neo4j graphs to detect banking fraud in real time. They process over 7.5 billion transactions annually for 15 million customers. Neo4j allows Todo1 to generate features and analyze relationships faster, handle high transaction volumes with low latency, and adapt models to changing fraud patterns. Their system uses Neo4j to store over 250 million nodes and 2.2 billion relationships to help prevent over $40 million in losses annually while responding to queries in under 100 milliseconds.
The document discusses AVG Technologies' strategy to expand globally. It aims to acquire free users across multiple platforms and products, retain them by creating sticky products, and monetize users through understanding their behaviors and experimenting with various monetization methods. Key aspects of the strategy include expanding into high growth markets like China, India, Brazil, and Mexico; managing a dispersed workforce through acquisitions and organic growth; and overcoming challenges of penetrating beyond free users by selecting the right technology, localization, marketing and distribution approaches. The overall goal is to build an internet platform with an engaged global user community and leverage the large market opportunity.
This document discusses various topics related to cyber crime including:
- The evolution of cyber crime and how internet usage has increased opportunities for cyber threats.
- Different types of cyber crimes such as financial crimes, intellectual property crimes, cyber bullying, and web defacement.
- Common targets of cyber crimes like individuals, businesses, and governments.
- Trends showing India has a significant problem with cyber crimes and ranks high globally in areas like spam generation.
- The document emphasizes that cyber crime prevention is important as internet usage continues to grow rapidly around the world.
The document discusses how the Information Technology Act was intended to facilitate e-commerce but instead has given rise to more cyber crimes. It notes that rather than providing information and technology, the Act has led to increased criminal activity online. The summary highlights how the Act focused on enabling electronic transactions and records but that the amendments focused more on cyber terrorism and cyber crime.
IDC is a leading global market intelligence and advisory firm providing technology industry analysis and insights from over 1,000 analysts in over 110 countries. IDC surveys over 300,000 technology users annually to deliver unrivaled market coverage and fact-based insights. IDC aims to help clients understand technology opportunities and trends to make informed business planning decisions at every stage.
IDC is a leading global market intelligence and advisory firm providing technology industry analysis and market data to clients since 1964. With over 1,000 analysts located in over 50 countries, IDC surveys over 300,000 technology users annually to deliver insights into IT, telecom, and consumer technology markets worldwide. IDC aims to provide expertise across all stages of business planning from market intelligence to consulting and partnerships.
IDC is a global market intelligence and advisory firm providing information and analysis on technology and industry trends to clients in over 110 countries. With over 1000 analysts located worldwide, IDC surveys over 300,000 technology users annually to deliver insights on IT, telecommunications, and consumer technology markets. IDC has been delivering market data and strategic guidance to clients since its founding in 1964.
Similar to Anatomy of a CERT - Gordon Love, Symantec (20)
Dealing with security threats, the director discusses:
1) The current threat landscape including threats to governments, consumers, and examples of security breaches.
2) The anatomy of a security breach including disruption of operations and different types of insiders like well-meaning or malicious.
3) The need for operationalizing security through establishing in-depth defense at the network periphery and endpoints to effectively defend interconnected systems and information sharing.
This document discusses cyber security strategies and approaches used by various governments and organizations. It outlines national strategies from the UK, US, Estonia, and Singapore, as well as approaches at the European Union level. Common themes across strategies include recognizing the interconnected nature of IT systems, moving from attack detection to prevention, and the need for joint public-private collaboration to develop regulations, share intelligence, and protect critical infrastructure and society.
This document outlines several DNS attack scenarios that will be demonstrated for educational purposes. The scenarios include cache poisoning targeting a nameserver, nameserver redelegation exploiting a vulnerability in a registry system, and malicious use targeting individual systems. Rules of engagement are provided to assure participants that while the demonstrations show potential attacks, no actual malicious activity will occur. Attendees are invited to observe the effects through DNS queries, simulated phishing emails, and traffic analysis on provided virtual machines.
- The document describes how DNS can be used maliciously for botnet command and control or amplification attacks, using a demonstration of a DNS bot.
- It provides the case study of the Conficker worm which used randomly generated domain names for instructions. A working group registered domains to prevent its activity until it switched to P2P.
- The demonstration shows a rogue DNS server instructing the bot to execute commands and post results via DNS queries, which can be seen in Wireshark.
- Mitigation strategies include domain blackholes, strengthening registration validation, detection mechanisms, and takedown policies developed with other organizations.
- The document discusses nameserver redirection attacks and SQL injection attacks against domain name registry systems.
- It provides examples of how attackers can change domain name registrations through SQL injection or by directly modifying registry databases to redirect traffic to malicious sites.
- A live demonstration shows how SQL injection can be used to enumerate and modify a registry database, redirecting a domain to a rogue IP address and server.
- Mitigation strategies include securing web applications, validating input, using authentication for changes, and information sharing about attacks.
- The document describes a demonstration of a DNS cache poisoning attack. It provides instructions for setting up the attack using tools on a Ubuntu VM. The attack spoofs DNS responses to redirect traffic from a domain to a malicious IP address controlled by the attacker. This could enable realistic phishing attacks. Mitigation strategies include DNSSEC, SSL, and monitoring recursive DNS servers, but user awareness remains important.
This document discusses organizational structures and policies related to DNS security. It outlines the various entities involved in managing DNS, including ICANN, IANA, RIRs, registries and registrars. It describes different registry models and where customer data is stored. It emphasizes that policies govern how registries operate and deal with issues like registrant requirements, dispute resolution, information release and takedown procedures. Developing comprehensive policies is important but also controversial as there are many stakeholders with differing needs.
This document discusses lessons learned from large scale cyber attacks in Hungary and Estonia and proposes policy recommendations. It summarizes a large phishing attack against Hungarian banks coordinated from abroad and distributed denial of service attacks against Estonia from compromised international machines. It describes the national and international responses to these incidents, highlighting coordination between CERT teams. Key lessons identified include the need for improved preparedness, early warning systems, resources for incident response, and international cooperation. The document proposes establishing national cybersecurity strategies, coordination bodies, and regular exercises in countries. It also discusses the value of information sharing organizations in critical infrastructure sectors.
- CERT-Hungary started as a project under the Ministry of IT and Communications and is now under the Prime Minister's Office. It has partnership agreements with several government agencies and is responsible for the security of the e-government backbone network.
- The Theodore Puskás Government Foundation, founded in 1993, is governed by civil code and oversees CERT-Hungary. It engages in technology transfer, information security, and other activities.
- The e-Commerce Act and Ministerial Decree on National Alert Service for Communications establish CERT-Hungary's role in critical infrastructure protection and incident reporting for communications providers.
The document provides an introduction to setting up a Computer Security Incident Response Team (CSIRT). It discusses the history of CERTs and internet security incidents. The document outlines the key components of establishing a CSIRT, including developing an overall strategy, business plan, operational procedures, training, and project plan. It also covers defining the CSIRT's services, organizational structure, and information security policies. The goal is to provide guidance on effectively planning and implementing a CSIRT to respond to cybersecurity incidents.
This document discusses cooperation between CERT-Hungary and banks from a cybersecurity perspective. It describes CERT-Hungary's role in information sharing, exercises, and recommendations to improve cybersecurity in the banking sector. It outlines various agreements and information sharing centers established between CERT-Hungary, banks, and financial regulators. It also discusses cybersecurity exercises conducted between 2007-2009 to test communication and response procedures for banks in the event of cyberattacks.
AppSec PNW: Android and iOS Application Security with MobSFAjin Abraham
Mobile Security Framework - MobSF is a free and open source automated mobile application security testing environment designed to help security engineers, researchers, developers, and penetration testers to identify security vulnerabilities, malicious behaviours and privacy concerns in mobile applications using static and dynamic analysis. It supports all the popular mobile application binaries and source code formats built for Android and iOS devices. In addition to automated security assessment, it also offers an interactive testing environment to build and execute scenario based test/fuzz cases against the application.
This talk covers:
Using MobSF for static analysis of mobile applications.
Interactive dynamic security assessment of Android and iOS applications.
Solving Mobile app CTF challenges.
Reverse engineering and runtime analysis of Mobile malware.
How to shift left and integrate MobSF/mobsfscan SAST and DAST in your build pipeline.
How information systems are built or acquired puts information, which is what they should be about, in a secondary place. Our language adapted accordingly, and we no longer talk about information systems but applications. Applications evolved in a way to break data into diverse fragments, tightly coupled with applications and expensive to integrate. The result is technical debt, which is re-paid by taking even bigger "loans", resulting in an ever-increasing technical debt. Software engineering and procurement practices work in sync with market forces to maintain this trend. This talk demonstrates how natural this situation is. The question is: can something be done to reverse the trend?
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving
Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!
"Choosing proper type of scaling", Olena SyrotaFwdays
Imagine an IoT processing system that is already quite mature and production-ready and for which client coverage is growing and scaling and performance aspects are life and death questions. The system has Redis, MongoDB, and stream processing based on ksqldb. In this talk, firstly, we will analyze scaling approaches and then select the proper ones for our system.
"Scaling RAG Applications to serve millions of users", Kevin GoedeckeFwdays
How we managed to grow and scale a RAG application from zero to thousands of users in 7 months. Lessons from technical challenges around managing high load for LLMs, RAGs and Vector databases.
Discover top-tier mobile app development services, offering innovative solutions for iOS and Android. Enhance your business with custom, user-friendly mobile applications.
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving
What began over 115 years ago as a supplier of precision gauges to the automotive industry has evolved into being an industry leader in the manufacture of product branding, automotive cockpit trim and decorative appliance trim. Value-added services include in-house Design, Engineering, Program Management, Test Lab and Tool Shops.
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsDianaGray10
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
We’ll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
What is an RPA CoE? Session 1 – CoE VisionDianaGray10
In the first session, we will review the organization's vision and how this has an impact on the COE Structure.
Topics covered:
• The role of a steering committee
• How do the organization’s priorities determine CoE Structure?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
1. Anatomy of a CERT
Gordon Love
Regional Director for Africa
March 2010
1
2. Agenda
• The African landscape is changing
• Why do we need a CERT – Threat Landscape
• Steps in building a CERT
• The role of a CSIRT
• Q&A
Symantec DeepSight Early Warning Services 8.0 2
4. Lessons Learned – increased broadband capacity
• Africa is currently updating its broadband infrastructure
• There is an increase in malicious activity in countries with rapidly
emerging Internet infrastructures
• Malicious activity usually affects computers that are connected to
high-speed broadband Internet because these connections are
attractive targets for attackers
• With cheaper and faster Internet, more Africans will be “always-
on” or continually connected
• There will be many “new” internet users that are not security-
savvy
6. Symantec Security Response – How do we know?
Symantec Response Lab Symantec Monitored Countries
Symantec Secure Operations Center Over 25,000 Registered Data Partners, From Over 180 Countries
Dublin, Ireland
Calgary, Canada
Waltham, MA
American Fork, UT
Alexandria, VA
Redwood City, CA
Newport News, VA
Santa Monica, CA
London, England
Tokyo, Japan San Antonio, TX
Berlin, Germany
Sydney, Australia
6 – 2002 Symantec Corporation, All Rights Reserved
Rapid Detection
Attack Activity Malware Intelligence Vulnerabilities Spam/Phishing
• 240,000 sensors • 130M client, server, • 32,000+ vulnerabilities • 2.5M decoy accounts
• 200+ countries gateways monitored • 11,000 vendors • 8B+ email messages/day
• Global coverage • 72,000 technologies • 1B+ web requests/day
11. Kenya review
Analyst Opinion
In Kenya, the IT market reached a value of $ 352.7 million and is expected to grow albeit slowly
at 6.1% in 2009 to reach $ 374.0 million. Over a five-year period, IDC forecasts that the market
will increase at a CAGR of 14.6% to reach $ 615.9 million by 2012.
11
12. ISTR XIV Key Trends
Threat Landscape
Web-based Cyber criminals Increased Rapid adaptation to
malicious activity want YOUR sophistication of the security measures
has accelerated information Underground Economy
• Primary vector for • Focus on exploits • Well-established • Relocating operations
malicious activity targeting end- infrastructure for to new geographic
• Target reputable, users for financial monetizing stolen areas
high-traffic websites gain information • Evade traditional
security protection
* Symantec Internet Security Threat Report, Volume X!V
13. Highlights
Key Trends – Global Activity
Threat Activity Vulnerabilities Malicious Code Spam/Phishing
• Data breaches can • Documented • Trojans made up 68 • 76% phishing lures target
lead to identity theft vulnerabilities up percent of the Financial services (up
• Theft and loss top 19% (5491) volume of the top 50 24%)
cause of data • Top attacked malicious code • Detected 55,389 phishing
leakage for overall vulnerability: • 66% of potential website hosts (up 66%)
data breaches and Exploits by malicious code • Detected 192% increase
identities exposed Downadup infections in spam across the
• Threat activity • 95% vulnerabilities propagated as Internet with 349.6 billion
increases with attacked were client- shared executable messages
growth in side files • 90% spam email
Internet/Broadband distributed by Bot
usage networks
* Symantec Internet Security Threat Report, Volume XIV
22. How do we respond at a Regional /
National level…
22
23. Objectives of a CERT
• Enhance information security awareness
• Build national expertise in information security, incident
management and computer forensics
• Enhance the cyber security law and assist in the creation of
new laws
• Provide a central trusted point of contact for cyber security
incident reporting
• Establish a national centre to disseminate information about
threats, vulnerabilities, and cyber security incidents
• Foster the establishment of and provide assistance to sector-
based Computer Security Incident Response Teams (CSIRTs)
• Coordinate with domestic and international CSIRTs and
related organizations
• Become an active member of recognized security
organizations and forums
26. CERT Framework – Mandate, Charter & Constituents
02
Cert Framework designed
FUNCTIONALITY Mandate & Implemented
Constituent database with Global Cert
defined roles & responsibilities in Affiliations Charter
place and equipped to Constituents &
leverage strategic partnerships Strategic
and affiliations Partnerships
Strategic Constituent
Identification
Partnerships
& Classification
Service
Offerings
STRUCTURE
DELIVERY Constituent campaigning
and Memberships
Phased delivery of
services
· Mutually beneficial 01
alliances
established
Emerging FY '11 Planning Information Security Through Committed Partnership
27. Constituent Tier System
• TIER 1
– damage to which would cause critical harm to the critical
information infrastructure. For example: regulated
electronic communications providers; federal ministries
responsible for the critical national infrastructure; national
security organizations
• Government Departments with direct responsibility
Public for an area of CNI.
• Providers of Communications Infrastructure
• National Security
TIER 3
• Must have incident response capability
• TIER 2
TIER 2 – damage to which would cause serious harm to the
critical information infrastructure. For example: providers
of utilities and other parts of the critical infrastructure
such as banking
• Providers of CNI Services
TIER 1
• Government Departments not involved in CNI
• Must have incident response capability
• TIER 3
– damage to which would cause some harm to the critical
information infrastructure. For example: other
government departments, agencies, councils and
commissions; logistics and transport providers
• General Commerce
• Other Government Departments
• Special Councils & Commissions
• PUBLIC
– all other sectors and the wider public
• General Public
• Anyone not covered in Tier 1 - 3
35. Objectives
Why is it important ?
Benefits of CSIRT
• Relevant & timeous security data aggregated into one location
• 24 x 7 x 365 Real-time response capability
• Coordination of preventative and response actions
• Reduced complexity/cost through standardisation / integration
• In-depth reporting at strategic, tactical and operational level
• Compliance with governance / regulatory requirements
• Business continuity
• Customer confidence & brand protection
• Improved accountability and management efficiencies
36. Find the right information
• Millions of security alerts per day, only a few are relevant
– Filtering, aggregation, prioritisation, …
• Find one needle in a needle stack!
36
37. Aggregation and Correlation
1. Analytics – Correlation, Threat
and business impact ratings
2. Event Detection, IDS, VA 100’s
FW, Policy, & Vulnerability • Prioritized lists
Scans • Actionable Items
Incidents • CIA Business Impact Ratings
1.
1 000 000’s
Events • Aggregated event data
• Disbursed
• Heterogeneous
2.
10 000 000’s
Security Data • Raw log Data
38. Incident NOT Event!
Event:
The smallest unit of security
information. Can be positive,
negative or informational.
.
Incident:
A collection of
events grouped
together to form a
single unit that
requires actions
from identification
to closure.
39. Incident Prioritisation and Allocation
Priorities: Business impact is based on:
• As Incidents are formed
they are automatically • Confidentiality
prioritised. • Integrity.
• Availability
• Prioritisation is based on
the business impact of
each encompassed event
on the system.
40. A Comprehensive Solution
•Multi-vendor security systems generate overwhelming numbers of raw logs, events
and alerts
•Security professionals analyze & evaluate the results
•Security Analysts through the Secure Interface, keep in constant touch with their
assigned Clients, with proactive commentary and recommendations on threats
impacting their network.
Vulnerability Mgmt.
AV/Filtering
IDS
Firewalls
Security
Analyst
41. Typical Design
What does it look like ?
CSIRT Security Operations Centre
Users / Stakeholders
External Stakeholders
Staff Suppliers Customers Investors
Law Enforcement Regulators Intelligence Government Strategic
Security Partners
Mobile PDA Laptop Computer
Vulnerability Global Pentest /
Assessment Inteliigence Audit
Service Service Feed Process
Business Intelligence
Systems
Storage Group
Firewall
Remediation
Identity SOC
Management Technology
File Platform
Gateway
Routers Other
Content
Change SOC Central Processes Security Regions
Operational Support
Management Technology Data
Systems
E-mail Network IPS Feeds
Monitoring and Specialist
Analysis Resources CIS
Hubs Anti-Virus Regions
Data
Trading Problem Feeds
Policy Management 4
5
Compliance 1
2
3
PHASE1
DEPLOYMENT CHART
PHASE2 PHASE3 PHASE4 PHASE5
DEPT1
DEPT2
Cabling DEPT3
DEPT4
DEPT5
Business Support
DEPT6
Host
Systems
DB
IPS Incident Management Incident Management
Security Control Layer
Enterprise
Infrastructure Layer
Remediation
Applications Layer
IT Operations Layer
Mitigation Escalation Analysis Reporting
Endpoint Specialist
Process Process Dashboard
Compliance
Server Layer
Web
Messaging
Security
Supporting Processes, Procedures and Standards across Infrastructure, Services, Users and Technologies
required to deliver fully integrated Security Enterprise Management Function
42. Requirements
What are the Key Success Factors ?
Key Components for Building a CSIRT
Infrastructure Data and Specialist Best Practice Partnership
supporting Intelligence Skills and Policies and Stakeholder
Technologies Sources Capacity Processes Management
43. Security Operations Centre
Response Console
Security Operations Centre
(SOC)
Expert System & Anomaly Query
Engine
Continuous Data
Mining Process
Security Analysts
Analysis
Secure Interface Relational DB Infrastructure
Authenticate
Encrypt
Import Facilities Verify
Normalize
Internet
VPN
Firewalls IDS AV/Content Vulnerability Policy
Scanning Compliance
44. Implementation
Where do we start ?
Decide on the basic delivery model
In-Sourced
Outsourced
Co-Sourced
Virtual Extension Model
On-site Managed Security Support
45. Deliverables
What will the CSIRT deliver ?
Top-10 functions of the CSIRT SOC
Proactive vulnerability scanning
Analysis of Global Threat Intelligence
Communication of Alerts/Advisories
Compliance monitoring / management
Incident response & remediation
BCM / DR support & validation
Vulnerability management
Forensic support / Logging
Collaboration & Awareness (Law/ISP)
Report Generation & Dashboard
46. Partnership
Who can help us achieve this ?
Symantec Value Proposition
People Process Technology
o World Class o Globally Consistent ► Market Leading
Engineering Staff Operational Correlation
o Industry Leading Execution ► Proven scalability
Security Response o ITIL best practices ► Breadth of device
Team o Transparent, support
o Unparalleled SOC Measurable, ► Secure Web portal to
Expertise Auditable Process provide clarity into
for Continual your security posture
Improvement