Matthew Ancelin, Network Security Specialist, Palo Alto Networks
What has been done in the past worked fine back then, but it doesn’t cut it anymore. What are the problems with the past technology and where are we headed.
Brad Andrews, CEO, RBA Communications
Evaluating DREAD – Applying D.R.E.A.D. to the results of STRIDE.
This session is a continuation of Parts 1 and 2 and will apply the DREAD model to the threats we found in the previous session. We will start by discussing the elements of the DREAD model that is often used to evaluate risks to systems that are identified in threat modeling. These are Damage, Reproducibility, Exploitability, Affected Users, Discoverability. We will then work through the threats found in the previous session. This will continue the focus on Amazon.com and go to other systems if time is available. This session will expect those present to be involved in finding and suggesting values for each of the DREAD elements as they apply to the covered risks.
Brad Andrews, CEO, RBA Communications
Gaining Your STRIDE – Applying S.T.R.I.D.E. to a system
This session is a continuation of Part 1 and will briefly look at the components of the STRIDE model often used as a part of threat modeling. These are Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege. We will then seek to work to find out what threats Amazon.com might face using the diagram we developed in the previous session. This session will expect those present to be involved in raising potential risks. Other systems may also be covered if we have time remaining in the session.
Use of Amazon.com is the only likely experience of most participants, but even that is not required. The goal is to work with something everyone can relate to, not to expose insider information for a specific company.
Brad Andrews, CEO, RBA Communications
Threat Modeling Overview
This session will cover the basic elements of threat modeling, looking at what it does and why it is important. The goal is to provide a high level overview of the process and the use of things like data flow diagrams to look for trust boundaries attacks may come across. We will go through some common threats and hopefully a list of dangers to watch out for when carrying out threat modeling. The session will then work to interactively develop a flow diagram of Amazon.com and possibly another subject if we have time. This will all be based on looking at the system as a user, without any insider knowledge, though Threat Modeling is normally carried out by those who do know the system well.
Ted Gruenloh, Director of Operations, ECONET
The Role of Threat Intelligence and Layered Security for Intrusion Prevention
The term 'Threat Intelligence' is getting a lot of buzz these days, but what does it mean? And, more importantly, how can it help protect your network? In this presentation, we will attempt to answer these questions within the context of a layered security approach that integrates Threat Intelligence with existing security methodologies. We also attempt to demonstrate how Threat Intelligence can improve a network's defenses at the perimeter and allow administrators to gain more visibility on the inside.
Vulnerability assessment is the systematic evaluation of an organization's exposure to threats. It involves identifying assets, evaluating threats against those assets, determining vulnerabilities, assessing risks, and selecting appropriate controls. Various techniques can be used including asset identification, threat modeling, vulnerability scanning, penetration testing, and risk assessment. The goal is to establish a security baseline and mitigate risks through hardening systems and ongoing monitoring.
How to Detect System Compromise & Data Exfiltration with AlienVault USMAlienVault
More information on this webcast: http://ow.ly/IyNdF
Have you ever wondered how the bad guys actually get control of a system? And, how they convert that system into a data-syphoning droid? Then you won't want to miss our next live demo, where AlienVault's security gurus Mark Allen & Garrett Gross will walk you through the steps of a system compromise, including how AlienVault USM detects these nefarious activities every step of the way.
You'll learn:
How attackers exploit vulnerabilities to take control of systems
What they do next to find & exfiltrate valuable data
How to catch them before the damage is done with AlienVault USM
Using a real-world example of a common vulnerability, Mark will show you how USM gives you the evidence you need to stop an attack in its tracks.
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...Lancope, Inc.
The document summarizes the findings of a survey conducted by Ponemon Institute on the state of cyber incident response programs. Some key findings from the survey include: organizations are ill-prepared to respond to cyber threats, cybersecurity budgets dedicate a low percentage to incident response preparedness, and network audit trails are seen as the most effective tool for detecting security breaches. The document recommends that organizations build dedicated incident response teams, assess team readiness, use metrics to measure effectiveness, and foster information sharing.
Vulnerability assessment & Penetration testing Basics Mohammed Adam
In these days of widespread Internet usage, security is of prime importance. The almost universal use of mobile and Web applications makes systems vulnerable to cyber attacks. Vulnerability assessment can help identify the loopholes in a system while penetration testing is a proof-of-concept approach to actually explore and exploit a vulnerability.
Brad Andrews, CEO, RBA Communications
Evaluating DREAD – Applying D.R.E.A.D. to the results of STRIDE.
This session is a continuation of Parts 1 and 2 and will apply the DREAD model to the threats we found in the previous session. We will start by discussing the elements of the DREAD model that is often used to evaluate risks to systems that are identified in threat modeling. These are Damage, Reproducibility, Exploitability, Affected Users, Discoverability. We will then work through the threats found in the previous session. This will continue the focus on Amazon.com and go to other systems if time is available. This session will expect those present to be involved in finding and suggesting values for each of the DREAD elements as they apply to the covered risks.
Brad Andrews, CEO, RBA Communications
Gaining Your STRIDE – Applying S.T.R.I.D.E. to a system
This session is a continuation of Part 1 and will briefly look at the components of the STRIDE model often used as a part of threat modeling. These are Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege. We will then seek to work to find out what threats Amazon.com might face using the diagram we developed in the previous session. This session will expect those present to be involved in raising potential risks. Other systems may also be covered if we have time remaining in the session.
Use of Amazon.com is the only likely experience of most participants, but even that is not required. The goal is to work with something everyone can relate to, not to expose insider information for a specific company.
Brad Andrews, CEO, RBA Communications
Threat Modeling Overview
This session will cover the basic elements of threat modeling, looking at what it does and why it is important. The goal is to provide a high level overview of the process and the use of things like data flow diagrams to look for trust boundaries attacks may come across. We will go through some common threats and hopefully a list of dangers to watch out for when carrying out threat modeling. The session will then work to interactively develop a flow diagram of Amazon.com and possibly another subject if we have time. This will all be based on looking at the system as a user, without any insider knowledge, though Threat Modeling is normally carried out by those who do know the system well.
Ted Gruenloh, Director of Operations, ECONET
The Role of Threat Intelligence and Layered Security for Intrusion Prevention
The term 'Threat Intelligence' is getting a lot of buzz these days, but what does it mean? And, more importantly, how can it help protect your network? In this presentation, we will attempt to answer these questions within the context of a layered security approach that integrates Threat Intelligence with existing security methodologies. We also attempt to demonstrate how Threat Intelligence can improve a network's defenses at the perimeter and allow administrators to gain more visibility on the inside.
Vulnerability assessment is the systematic evaluation of an organization's exposure to threats. It involves identifying assets, evaluating threats against those assets, determining vulnerabilities, assessing risks, and selecting appropriate controls. Various techniques can be used including asset identification, threat modeling, vulnerability scanning, penetration testing, and risk assessment. The goal is to establish a security baseline and mitigate risks through hardening systems and ongoing monitoring.
How to Detect System Compromise & Data Exfiltration with AlienVault USMAlienVault
More information on this webcast: http://ow.ly/IyNdF
Have you ever wondered how the bad guys actually get control of a system? And, how they convert that system into a data-syphoning droid? Then you won't want to miss our next live demo, where AlienVault's security gurus Mark Allen & Garrett Gross will walk you through the steps of a system compromise, including how AlienVault USM detects these nefarious activities every step of the way.
You'll learn:
How attackers exploit vulnerabilities to take control of systems
What they do next to find & exfiltrate valuable data
How to catch them before the damage is done with AlienVault USM
Using a real-world example of a common vulnerability, Mark will show you how USM gives you the evidence you need to stop an attack in its tracks.
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...Lancope, Inc.
The document summarizes the findings of a survey conducted by Ponemon Institute on the state of cyber incident response programs. Some key findings from the survey include: organizations are ill-prepared to respond to cyber threats, cybersecurity budgets dedicate a low percentage to incident response preparedness, and network audit trails are seen as the most effective tool for detecting security breaches. The document recommends that organizations build dedicated incident response teams, assess team readiness, use metrics to measure effectiveness, and foster information sharing.
Vulnerability assessment & Penetration testing Basics Mohammed Adam
In these days of widespread Internet usage, security is of prime importance. The almost universal use of mobile and Web applications makes systems vulnerable to cyber attacks. Vulnerability assessment can help identify the loopholes in a system while penetration testing is a proof-of-concept approach to actually explore and exploit a vulnerability.
Outpost24 webinar - Winning the cybersecurity race with predictive vulnerabil...Outpost24
Our expert panel share their predictions for the vulnerabilities to watch out for in 2021 and explain how machine learning can be used effectively in these unpredictive times to get you ready for the security challenges ahead.
As delusions of effective risk management for application environments continue to spread, companies continue to bleed large amounts of security spending without truly knowing if the amount is warranted, effective, or even elevating security at all. In parallel, hybrid, thought-provoking security strategies are moving beyond conceptual ideas to practical applications within ripe environments. Application Threat Modeling is one of those areas that, beyond the hype, provides practical and sensible security strategy that leverages already existing security efforts for an improved threat model of what is lurking in the shadows.
Tony UcedaVelez, Managing Director
An experienced security management professional, Tony has more than 10 years of hands-on security and technology experience and is a vocal advocate of security process engineering – a term that describes the design and development of secure processes and controls working symbiotically to create a unique business workflow. Tony currently serves as Managing Director for an Atlanta based risk advisory firm that focuses on security strategy and delivering effective means for risk mitigation and security process engineering. He has worked and consulted for the Fortune 500, as well as federal agencies in the U.S. on the topic of application security and security process engineering.
Ransomware has not gone away. In fact, ransomware criminals have evolved their malware so they can encrypt more data before detection and increase the likelihood you will pay their ransom.
CylancePROTECT is a next-generation antivirus product that leverages artificial intelligence to detect and prevent malware from executing in real time without requiring daily signature updates or an internet connection. It uses automated static code analysis and machine learning to evaluate files and determine if they are malicious within 100 milliseconds to control execution. This provides a more effective approach than traditional antivirus methods that rely on outdated signature-based detection and post-infection analysis.
A Brief Introduction to Penetration TestingEC-Council
The document discusses penetration testing and provides details on:
1. The 5 stages of a penetration test: planning and reconnaissance, scanning, gaining access, maintaining access, and analysis and WAF configuration.
2. Penetration testing methods like external testing, internal testing, blind testing, and double-blind testing.
3. How penetration testing and web application firewalls (WAFs) work together, with testers using WAF data to find vulnerabilities and WAFs then being updated based on test results.
EC-Council, a globally recognized cybersecurity credentialing body, offers the Certified Ethical Hacker (CEH) and Certified Penetration Testing Professional (CPENT) certifications to help you acquire the skills you need to be a part of Red and Blue Teams. CEH is the most desired cybersecurity training program, upping your ethical hacking skills to the next level. CPENT takes off from where CEH leaves off, giving you a real-world, hands-on penetration testing experience.
Josh Dean, OPSWAT's Director of IT, recently created a slide deck providing users a brief overview of network security then and now, along with simple steps they can take to protect essential data and maintain the security their network. Feel free to share within your organization, and contact us if you have any questions!
The document discusses reducing security risks for small businesses through vulnerability assessments. It notes that small businesses are increasingly targeted by hackers. A vulnerability assessment includes a one-time scan of a business's security exposure across devices on its network to identify issues like out-of-date software. The assessment provides a report on findings prioritized by risk level and recommendations to remedy problems to help businesses strengthen their security before facing attacks.
Watering Hole Attacks: Detect End-User Compromise Before the Damage is DoneAlienVault
Attackers are becoming increasingly skilled at planting malicious code on websites frequented by their desired targets, commonly called "watering hole" attacks. These can be very difficult to detect since they happen as users are going about their normal business. Join us a technical demo to watch a live example of this attack and how to detect it immediately using AlienVault USM.
This document provides an overview of an awareness training for executives on information security. It discusses:
1) Conducting a security assessment of the company's people, processes, and technology to understand current vulnerabilities. Assessments can be done internally or through a third party and usually take 90 days.
2) Expecting security threats to become more complex and widespread globally as web applications and hacker motivations evolve.
3) Tips for executives including conducting security assessments promptly and staying aware of the latest hacker techniques.
Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Los...EC-Council
This document discusses developing a robust data loss prevention strategy to thwart insider threats. It begins by noting that 64% of data loss is caused by well-meaning insiders and 50% of employees leave with data, costing companies an average of $5.4 million per breach. The document then provides definitions and an overview of data loss prevention strategies before outlining a 10-step strategy that includes identifying sensitive data owners, locating where data resides, monitoring how data is used, implementing real-time enforcement of policies, educating users, and wrapping additional security around sensitive data to prevent leaks. The goal is to safeguard organizations' most sensitive data and reputation from both unintentional and malicious insider threats.
Boxing legend Joe Louis famously said, "Everyone has a plan... until they get hit." While grizzled incident response veterans can relate to this sentiment, they all know that thorough preparation is crucial to success. Response procedures that are so thoroughly ingrained that executing them is like muscle memory have a chance, even in the fog of battle.
Have you thoroughly prepared your organization to respond when the inevitable happens? How confident are you that it will work in a real-world situation? Proper incident response preparation is key to answering these questions and is frankly the foundation of any incident response capability.
This webinar will review critical components of IR preparation including:
- IR Underpinnings
- Flexible Frameworks
- Leadership Challenges
Our featured speakers for this webinar will be:
- Ted Julian, Chief Marketing Officer, Co3 Systems
- Sean Mason, Global Incident Response Leader, CSC
Webinar notes: Welcome to your worst day everSophia Price
This document provides information about building an effective ransomware defense program. It discusses the large costs ransomware attacks have had on the healthcare industry, with the average cost of an attack being over $60 million. A case study is presented on a 200 bed facility that was impacted by a ransomware attack, with their cash reserves being depleted, claims processing stopping, and revenue reductions of $2 million. The document outlines the operational impact of typical ransomware attacks, including two full weeks of downtime and multiple impacted systems. It stresses the importance of having ransomware runbooks, testing controls, and establishing communication plans to prepare and respond to such attacks.
Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...Outpost24
Our experts discuss the key considerations for implementing security training and application security into the SDLC, how to engage with developers through gamified learning and embed security testing without any downtime and costing the earth.
Title: Welcome to the world of Cyber Threat Intelligence!
Abstract: Welcome to the world of Cyber Threat Intelligence (CTI)! During this presentation, we will discuss about some of the basic concepts within CTI domain and we will have a look at the current threat landscape as observed from the trenches. The presentation is split into 3 parts: a) Intro to CTI, b) A view at the current threat landscape, and c) CTI analyst skillset.
Short Bio: Andreas Sfakianakis is a Cyber Threat Intelligence and Incident Response professional and works for Standard and Poors' CTI team. He is also a member of ENISA’s CTI Stakeholders’ Group and Incident Response Working Group. He is the author of a number of CTI reports and an instructor of CTI. In the past, Andreas has worked within the Financial and Oil & Gas sectors as well as an external reviewer for European Commission. Andreas' Twitter handle is @asfakian and his website is www.threatintel.eu
Skills that make network security training easyEC-Council
Network security is an entry point to cybersecurity and is highly preferred by companies due to its cost-effective and result-driven nature. With its growing demand in the market, it is wise to pursue it as a profession.
Read more to learn the top 5 skills needed for network security training: https://www.eccouncil.org/programs/certified-network-security-course/
This document discusses incident tracking using the VERIS framework. It begins by introducing VERIS as an open-source framework for describing security incidents using a common vocabulary to help with detection, response, and data sharing. It then discusses how VERIS can be implemented through either integrating it with an IT ticketing tool, though this requires customization that is difficult, or through a manual custom system, which is not scalable. The document concludes that properly tracking security incidents requires integrating VERIS classifications into an IT ticketing system through programming, unless a custom solution is developed.
Using Hackers’ Own Methods and Tools to Defeat Persistent AdversariesEC-Council
This document discusses using hackers' methods and tools to defeat persistent adversaries. It summarizes Michael Davis's background in cybersecurity and agenda for the presentation, which includes why attackers are winning, why defenders aren't keeping up, and new approaches that can solve this problem. The presentation will cover compromising users, enterprise security concerns, complexity challenges, how companies make decisions, and tools like Failure Mode and Effects Analysis (FMEA) that can help manage risk and prioritize security issues.
Proatively Engaged: Questions Executives Should Ask Their Security TeamsFireEye, Inc.
Jim Aldridge from FireEye discusses what executives should ask their security teams. This is available on the FireEye Blog www.fireeye.com/blog/executive-perspective/2015/11/proactively_engaged.html
This document discusses bring your own device (BYOD) policies in enterprises. It notes that the mobile device market is thriving, with growing usage of personal devices for work purposes by physicians and other professionals. It outlines considerations for allowing employee-owned devices onto corporate networks, including how to provide secure access while protecting data and delivering mobile apps. The document discusses developing a holistic enterprise mobility strategy and solution that provides security, manageability, scalability and support for multiple mobile operating systems. It also raises questions that organizations should address around compliance, risk tolerance and device support when developing a BYOD policy.
The document discusses the evolution of demilitarized zones (DMZs) in networking and IT infrastructure. It describes how the basic principles of a DMZ, such as controlling access, limiting risk, and containing security incidents, have remained the same over time, from medieval walled towns to modern bank lobbies and IT networks. The document also addresses how some aspects of DMZs have progressed, such as the use of virtualization, management of partner/cloud connections, and virtual private networks for remote access. Finally, it reinforces that while technology changes, the core principles of examining all traffic, granting only necessary access, and facilitating secure and compliant operations continue to define effective DMZ implementation.
Outpost24 webinar - Winning the cybersecurity race with predictive vulnerabil...Outpost24
Our expert panel share their predictions for the vulnerabilities to watch out for in 2021 and explain how machine learning can be used effectively in these unpredictive times to get you ready for the security challenges ahead.
As delusions of effective risk management for application environments continue to spread, companies continue to bleed large amounts of security spending without truly knowing if the amount is warranted, effective, or even elevating security at all. In parallel, hybrid, thought-provoking security strategies are moving beyond conceptual ideas to practical applications within ripe environments. Application Threat Modeling is one of those areas that, beyond the hype, provides practical and sensible security strategy that leverages already existing security efforts for an improved threat model of what is lurking in the shadows.
Tony UcedaVelez, Managing Director
An experienced security management professional, Tony has more than 10 years of hands-on security and technology experience and is a vocal advocate of security process engineering – a term that describes the design and development of secure processes and controls working symbiotically to create a unique business workflow. Tony currently serves as Managing Director for an Atlanta based risk advisory firm that focuses on security strategy and delivering effective means for risk mitigation and security process engineering. He has worked and consulted for the Fortune 500, as well as federal agencies in the U.S. on the topic of application security and security process engineering.
Ransomware has not gone away. In fact, ransomware criminals have evolved their malware so they can encrypt more data before detection and increase the likelihood you will pay their ransom.
CylancePROTECT is a next-generation antivirus product that leverages artificial intelligence to detect and prevent malware from executing in real time without requiring daily signature updates or an internet connection. It uses automated static code analysis and machine learning to evaluate files and determine if they are malicious within 100 milliseconds to control execution. This provides a more effective approach than traditional antivirus methods that rely on outdated signature-based detection and post-infection analysis.
A Brief Introduction to Penetration TestingEC-Council
The document discusses penetration testing and provides details on:
1. The 5 stages of a penetration test: planning and reconnaissance, scanning, gaining access, maintaining access, and analysis and WAF configuration.
2. Penetration testing methods like external testing, internal testing, blind testing, and double-blind testing.
3. How penetration testing and web application firewalls (WAFs) work together, with testers using WAF data to find vulnerabilities and WAFs then being updated based on test results.
EC-Council, a globally recognized cybersecurity credentialing body, offers the Certified Ethical Hacker (CEH) and Certified Penetration Testing Professional (CPENT) certifications to help you acquire the skills you need to be a part of Red and Blue Teams. CEH is the most desired cybersecurity training program, upping your ethical hacking skills to the next level. CPENT takes off from where CEH leaves off, giving you a real-world, hands-on penetration testing experience.
Josh Dean, OPSWAT's Director of IT, recently created a slide deck providing users a brief overview of network security then and now, along with simple steps they can take to protect essential data and maintain the security their network. Feel free to share within your organization, and contact us if you have any questions!
The document discusses reducing security risks for small businesses through vulnerability assessments. It notes that small businesses are increasingly targeted by hackers. A vulnerability assessment includes a one-time scan of a business's security exposure across devices on its network to identify issues like out-of-date software. The assessment provides a report on findings prioritized by risk level and recommendations to remedy problems to help businesses strengthen their security before facing attacks.
Watering Hole Attacks: Detect End-User Compromise Before the Damage is DoneAlienVault
Attackers are becoming increasingly skilled at planting malicious code on websites frequented by their desired targets, commonly called "watering hole" attacks. These can be very difficult to detect since they happen as users are going about their normal business. Join us a technical demo to watch a live example of this attack and how to detect it immediately using AlienVault USM.
This document provides an overview of an awareness training for executives on information security. It discusses:
1) Conducting a security assessment of the company's people, processes, and technology to understand current vulnerabilities. Assessments can be done internally or through a third party and usually take 90 days.
2) Expecting security threats to become more complex and widespread globally as web applications and hacker motivations evolve.
3) Tips for executives including conducting security assessments promptly and staying aware of the latest hacker techniques.
Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Los...EC-Council
This document discusses developing a robust data loss prevention strategy to thwart insider threats. It begins by noting that 64% of data loss is caused by well-meaning insiders and 50% of employees leave with data, costing companies an average of $5.4 million per breach. The document then provides definitions and an overview of data loss prevention strategies before outlining a 10-step strategy that includes identifying sensitive data owners, locating where data resides, monitoring how data is used, implementing real-time enforcement of policies, educating users, and wrapping additional security around sensitive data to prevent leaks. The goal is to safeguard organizations' most sensitive data and reputation from both unintentional and malicious insider threats.
Boxing legend Joe Louis famously said, "Everyone has a plan... until they get hit." While grizzled incident response veterans can relate to this sentiment, they all know that thorough preparation is crucial to success. Response procedures that are so thoroughly ingrained that executing them is like muscle memory have a chance, even in the fog of battle.
Have you thoroughly prepared your organization to respond when the inevitable happens? How confident are you that it will work in a real-world situation? Proper incident response preparation is key to answering these questions and is frankly the foundation of any incident response capability.
This webinar will review critical components of IR preparation including:
- IR Underpinnings
- Flexible Frameworks
- Leadership Challenges
Our featured speakers for this webinar will be:
- Ted Julian, Chief Marketing Officer, Co3 Systems
- Sean Mason, Global Incident Response Leader, CSC
Webinar notes: Welcome to your worst day everSophia Price
This document provides information about building an effective ransomware defense program. It discusses the large costs ransomware attacks have had on the healthcare industry, with the average cost of an attack being over $60 million. A case study is presented on a 200 bed facility that was impacted by a ransomware attack, with their cash reserves being depleted, claims processing stopping, and revenue reductions of $2 million. The document outlines the operational impact of typical ransomware attacks, including two full weeks of downtime and multiple impacted systems. It stresses the importance of having ransomware runbooks, testing controls, and establishing communication plans to prepare and respond to such attacks.
Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...Outpost24
Our experts discuss the key considerations for implementing security training and application security into the SDLC, how to engage with developers through gamified learning and embed security testing without any downtime and costing the earth.
Title: Welcome to the world of Cyber Threat Intelligence!
Abstract: Welcome to the world of Cyber Threat Intelligence (CTI)! During this presentation, we will discuss about some of the basic concepts within CTI domain and we will have a look at the current threat landscape as observed from the trenches. The presentation is split into 3 parts: a) Intro to CTI, b) A view at the current threat landscape, and c) CTI analyst skillset.
Short Bio: Andreas Sfakianakis is a Cyber Threat Intelligence and Incident Response professional and works for Standard and Poors' CTI team. He is also a member of ENISA’s CTI Stakeholders’ Group and Incident Response Working Group. He is the author of a number of CTI reports and an instructor of CTI. In the past, Andreas has worked within the Financial and Oil & Gas sectors as well as an external reviewer for European Commission. Andreas' Twitter handle is @asfakian and his website is www.threatintel.eu
Skills that make network security training easyEC-Council
Network security is an entry point to cybersecurity and is highly preferred by companies due to its cost-effective and result-driven nature. With its growing demand in the market, it is wise to pursue it as a profession.
Read more to learn the top 5 skills needed for network security training: https://www.eccouncil.org/programs/certified-network-security-course/
This document discusses incident tracking using the VERIS framework. It begins by introducing VERIS as an open-source framework for describing security incidents using a common vocabulary to help with detection, response, and data sharing. It then discusses how VERIS can be implemented through either integrating it with an IT ticketing tool, though this requires customization that is difficult, or through a manual custom system, which is not scalable. The document concludes that properly tracking security incidents requires integrating VERIS classifications into an IT ticketing system through programming, unless a custom solution is developed.
Using Hackers’ Own Methods and Tools to Defeat Persistent AdversariesEC-Council
This document discusses using hackers' methods and tools to defeat persistent adversaries. It summarizes Michael Davis's background in cybersecurity and agenda for the presentation, which includes why attackers are winning, why defenders aren't keeping up, and new approaches that can solve this problem. The presentation will cover compromising users, enterprise security concerns, complexity challenges, how companies make decisions, and tools like Failure Mode and Effects Analysis (FMEA) that can help manage risk and prioritize security issues.
Proatively Engaged: Questions Executives Should Ask Their Security TeamsFireEye, Inc.
Jim Aldridge from FireEye discusses what executives should ask their security teams. This is available on the FireEye Blog www.fireeye.com/blog/executive-perspective/2015/11/proactively_engaged.html
This document discusses bring your own device (BYOD) policies in enterprises. It notes that the mobile device market is thriving, with growing usage of personal devices for work purposes by physicians and other professionals. It outlines considerations for allowing employee-owned devices onto corporate networks, including how to provide secure access while protecting data and delivering mobile apps. The document discusses developing a holistic enterprise mobility strategy and solution that provides security, manageability, scalability and support for multiple mobile operating systems. It also raises questions that organizations should address around compliance, risk tolerance and device support when developing a BYOD policy.
The document discusses the evolution of demilitarized zones (DMZs) in networking and IT infrastructure. It describes how the basic principles of a DMZ, such as controlling access, limiting risk, and containing security incidents, have remained the same over time, from medieval walled towns to modern bank lobbies and IT networks. The document also addresses how some aspects of DMZs have progressed, such as the use of virtualization, management of partner/cloud connections, and virtual private networks for remote access. Finally, it reinforces that while technology changes, the core principles of examining all traffic, granting only necessary access, and facilitating secure and compliant operations continue to define effective DMZ implementation.
Jon Murphy, National Practice Lead, AOS
Top 10 Trends for 2015 in Information Tech Risk Management
ITRM is more than merely security hardware and apps under the control of an overworked network admin. It is strategic and tactical process, technology, and people in various roles and levels working collaboratively to protect vital organizational assets like data, information, ability to delivery timely, and reputation. Organizations need continuous, current, Actionable InsightSM about probable sources of majorly impactful risks and threats. Then and only then are they adequately prepared to make the smartest investments in continuing education, process improvement, and procedures for the proper use of the right technology for their situation. This multi-media, interactive presentation will cover the current top trends for 2015 in ITRM and that Actionable InsightSM - what your organization can and should do about likely and impactful IT risks and vulnerabilities.
Monty McDougal, Cyber Engineering Fellow, Intelligence, Information and Services, Raytheon
Kid Proofing the Internet of Things
This presentation is intended to address the unique challenges parents face in securing their home networks both against their kids and in order to protect their kids from the evils of the Internet. It is particularly focused on the problems the Internet of Things brings to us as parents.
Harold Toomey, Principal Product Security Architect; McAfee, Part of Intel Security
My Other Marathon
When it comes to enterprise IT applications, what happens before you purchase the software can significantly impact your business even after it is installed with the best security controls. Learn what software developers should be doing to ensure their code is free from vulnerabilities before you ever put their products into an operational environment. People, processes, and technology needed to run a successful software security program and incident response team (PSIRT) will be covered. The tasks required to do this have been adapted to both waterfall and agile development methodologies. Each task will be compared to my recent journey of running my first 100 mile ultra-marathon. I will answer the question: “Which is less painful, developing secure software or running a 100 mile race?”
Info Sec Opportunity – Embracing Big Data with People, Process, & Technology
Increased awareness for participants to begin and/or expand upon channels for utilizing Big Data to enhance their respective programs via People, Process & Technology.
Doug Landoll, CEO, Lantego
Why Lead with Risk?
There are many approaches to establishing, maintaining and improving information security programs: technology-centric, policy-driven, framework-based, audit-driven, compliance-driven, or risk-based. Mr. Landoll will discuss these each of these approaches and give concrete examples of why the only effective approach is to lead with risk. The presentation will also give pointers on conducting an effective security risk assessment and establishing a risk management process. Many of these approaches are based on Mr. Landoll's book: The Security Risk Assessment Handbook (2011).
Brian Wrozek, Chief Security Officer, Alliance Data
Information Security Program Essentials by the Texas CISO Council
Security frameworks and control- specific guidance abound for organizations to utilize for technology risk management and information security operations. The lack of a strategic and business- oriented approach for establishing an effective and sustainable program, however, has forced organizations to define unique and in some cases limited approaches to the ongoing challenge of managing technology risk. As program leaders, we are often forced to blaze our own unique trail in the pursuit of stronger security and better protection of our organization’s information resources.
The Texas CISO Council has addressed this problem by capturing the essential elements of a complete program, and through the Information Security Program Essentials Guide has provided a reference that can benefit every organization. This Guide will help bridge the gap for small or large organizations that have immature or well established security programs.
John Whited, Principal Engineer, Raytheon
Software Assurance
Software Assurance (SwA) is also known by many other names -- application security, software security, secure application development, and others. The numbers vary from study to study, but a vast majority of cyber-attacks at least involve an element of attack on one or more software applications. Fundamentally, SwA provides a level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its lifecycle, and that the software functions in the intended manner. SwA is a development lifecycle endeavor requiring the participation of many disciplines. This presentation will explore some of the best practices in secure software development across its lifecycle.
Steven Hatfield, Vulnerability Management Senior Advisor, Dell
Social Engineering 101 or the Art of How You Got Owned by That Stranger
Steven will be covering the basics of Social Engineering, different attack vectors that have worked with real world examples from friends currently conducting such tests, provide different sources to gather information on this topic, and present ways to prevent such attacks from happening in the future.
Social media can have both positive and negative impacts on individuals and society. The document discusses some of the benefits of social media, such as enabling connection with friends and family, facilitating information sharing, and aiding in business and political organizing. However, it also notes potential downsides like reduced privacy, spread of misinformation, distraction from work/study, and increased stress from social comparison. The author presents arguments both supporting the idea that social media is good for society by enhancing communication, and counterarguments about ways it could undermine well-being, relationships, and productivity.
Kevin Wheeler, Founder and Managing Director, InfoDefense
Securing Industrial Control Systems
Our nation’s critical infrastructure is controlled by SCADA and other industrial control technologies. Water utilities, petroleum refineries, oil pipelines, food processors, manufacturers and power companies all use SCADA systems to control and monitor operations. The vast majority of these industrial control systems have been in place for decades with few, if any, enhancements to effectively protect against today’s advanced threats. As a result, industrial control system vulnerabilities are currently a major concern.
Legacy SCADA systems can be secured using many of the same best practices that are used to protect the enterprise. This presentation provides an overview of SCADA threats as well as practical solutions for protecting industrial control systems.
Doug Landoll, CEO, Lantego
Four Deadly Traps in Using Information Security Frameworks
Frameworks can be used to effectively build or assess information security programs, but applied incorrectly and they effectively mask major program gaps. During this talk, Mr. Landoll will explain the four framework traps and how to avoid them and how to effectively utilize a framework to build or assess an information security program. Mr. Landoll will focus on the NIST 800-53 framework as an example.
Detecting and Catching the Bad Guys Using Deception
Traditional controls are well known for their short comings in the face of modern cyber-attacks. Cyber security technologies will make use of signature based, behavioral, Next Generation capabilities or attempt to augment capabilities by leveraging cloud based or on premise cyber analytics warehouse and threat intelligence feeds via indicator of compromise (IOC) or other mechanisms. Although the later efforts have increased organizational cyber capabilities, they only do so with proper investments in people, process and technology. Additionally, as attackers adapt to defenses, these controls begin to experience decreasing marginal rates of defensive capability.
Deception programs, architectures and technologies endeavor to augment existing cyber security capabilities through the use of honeypots or honey net (decoys) or breadcrumbs or broken glass (deceptions).
Advanced deception technologies are differentiated by the use of distributed deception technology which features agentless, simple deployment capabilities with lightweight deceptions that leverage operating system objects deceive attackers into triggering alerts. Normal users would never trigger the deceptions as an attacker would, resulting in high fidelity alerting with near-zero false positives. Such technology consequently serves to not only augment cyber security capabilities post-breach but provides a new, highly effective post-breach cyber security capability along with precise real-time forensics.
James Muren is a strategist and delivers workshops in cyber security strategy, GRC and security architecture that are used to develop long-term strategies and tactical roadmaps for customers that addresses security for legacy and cloud architectures. As a strategic management consultant and having built fully capable cyber programs in the past, he helps mentor and lead teams for programs & projects in information technology & cyber security. James is primarily focused on the business benefits of cyber security, and the demonstration of those benefits through metrics that can be quickly communicated to executive leadership. By properly integrating security controls within a regulatory and policy context, security programs such as breach and incident response, data governance, forensics, etc. can properly demonstrate value, receive proper investment and adequately secure organizations.
James is also a researcher. His areas of research include: Continuous GRC, cyber analytics, Trusted Computing Group (TCG), Security Automation, Hardware & Software Security, ICS, SCADA, IOT, Malware Research, Full System Security Design Lifecycle and Leap Ahead technology.
This document discusses the changing landscape of security and how approaches must change to address modern threats. It makes three key points:
1. Complexity is the enemy of security, as more devices and borderless networks increase potential vulnerabilities.
2. Today's security risks have become borderless across devices, locations, and networks, making perimeters more difficult to define and defend.
3. Infrastructure and security can no longer be slow, as business speed demands real-time protection from both known and unknown threats. A new, seamless approach is needed to provide security without compromise to network performance.
Monty McDougal, Cyber Engineering Fellow, Intelligence, Information and Services, Raytheon
Advanced Persistent Threat Life Cycle Management
This presentation will cover the full Advanced Persistent Threat (APT) Life Cycle and Management of the resulting intrusions. It will cover both what the APTs are doing as attackers and what we as defenders should be doing for both the APT Mission Flows and the Computer Network Defense (CND) Mission Flows.
Array Networks - A Layered Approach to Web and Application Security
Encryption creates the need for at least two levels of security. ADC’s provide high availability and a secure layer for SSL traffic termination, decryption, inspection and forwarding to advanced security appliances for further inspection.
Ed Keiper is a senior systems engineer with Array Networks. His background includes 10+ years of experience in cloud computing, infrastructure and security.
Mitigating Security Risks in Vendor Agreements
Providers of software, software-as-a-service, managed services, and professional services have varying degrees of sophistication in addressing security in their form contracts. Learn from an experienced technology attorney how to understand key clauses, or discover when they are missing, to ensure that the company's vendors are compliant with the appropriate security measures before signing the deal.
Brian Kirkpatrick is the founding shareholder of Kirkpatrick Law PC and a business attorney with a technology focus. He also serves as Of Counsel to Mullin Law PC for matters involving technology and information security.
His practice revolves around clients needing assistance in technology transactions, data privacy, cyber security, software compliance and audits, and general counsel related to business matters. Brian was voted 2015 Top Technology Attorney in Tarrant County by his peers as published in Fort Worth Texas Magazine.
Brian has published numerous articles and lectured nationally on legal topics such as software as a service, software licensing, contract negotiation, cyber security and legal considerations when starting a business. He is also featured in radio news interviews, as a conference panelist, a featured speaker, and is featured in an instructional video series about conducting negotiations. Before entering the legal profession, Brian was a Vice President commercial banker.
Brian is a graduate of Texas A&M University School of Law where he was inducted into the National Order of Barristers. He also has a Masters of Arts in Applied Economics from Southern Methodist University and a Bachelors of Science in Economics from Texas A&M University - Commerce where he was inducted into the Omicron Delta Epsilon International Economics Honor Society.
Business Geekdom: 1 = 3 = 5
Each year a security team participates in several audits, meetings with the business and strategy meetings. Often times, security is seen as one imposing requirements that are either too difficult, impossible to manage or flat out ridiculous.
This is similar to a geek. A geek is defined, as, "an unfashionable or socially inept person." Is this socially ineptness actually just the lack of the ability to translate the passion of the security professional to the business professional?
In this presentation, I would like to cover how to create, establish and evangelize a framework that has one backend with several frontends. The backend is a common security control framework (not the UCF) and the front end translates to the various business units, audits and business strategies encountered in a security professionals profession each year.
Grant Gilliam is a Enterprise and Solutions Architect for CHRISTUS Health. Previously, Gilliam has been a security architect, senior security engineer and senior data security analyst. Industries worked in include healthcare, insurance, software and news media. Gilliam has also established and created his own business focusing in outsourcing non-competitive business tasks for allowing clients a strategic advantage over competitors by minimizing FTE and contractor headcount.
His educational background includes a Master of Science in Information Systems, focusing in Information Security, and Bachelor of Business Administration in Management Information Systems, both from Baylor University. The focus of his masters degree research was IT law and Intellectual Property. Gilliam also is a Certified Information Systems Security Professional, Certified Information Security Manager and Certified Information Systems Auditor.
Between The Keyboard And The Chair - Cybersecurity's Secret Weapon
People are usually dismissed as Cybersecurity's weakest link, but what if they weren't? What if instead they could be a secret weapon? This session will focus on moving away from basic cybersecurity awareness toward building a comprehensive cybersecurity wellness program that uses communication, recognition, and incentives to build relationships with employees. In turn, the presentation will also examine the measurable return on investment for cybersecurity education as compared with the traditional investment in technology controls.
George Finney, J.D., has worked in Cybersecurity for over 15 years and is the author of the book No More Magic Wands: Transformative Cybersecurity Change for Everyone. He is currently the Chief Information Security Officer for Southern Methodist University where he has also taught on the subject of Corporate Cybersecurity and Information Assurance. Mr. Finney is an attorney and is a Certified Information Privacy Professional as well as a Certified Information Security Systems Professional and has spoken on Cybersecurity topics across the country.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Scalar Decisions
Simon Wong and Chris Cram, Scalar security experts, discuss how Palo Alto Networks technology disrupts the entire malware kill chain. Attendees will also gain insight on flexible deployment options to better serve their mobile users, and how to get the most out of their Palo Alto Networks deployment.
Security O365 Using AI-based Advanced Threat ProtectionBitglass
Office 365 has garnered widespread adoption from enterprises due to its advantages such as ease of deployment, lower TCO, and high scalability. Additionally, it enables end-users to work and collaborate from anywhere and on any device. Although Office 365 enables IT to shift the burden for app and infrastructure to the cloud vendor, data security remains the responsibility of the enterprise. Given the limitations of native malware protection on Office 365, should the enterprise rely on Office 365 to protect their data from malware and ransomware?
Join Bitglass and Cylance for a discussion on malware protection solutions for Office 365. We will cover the limitations of native Office 365 malware protection as well as the benefits of AI and machine learning based approaches. We will wrap up the session by discussing how CASBs, with Advanced Threat Protection (ATP) capabilities, are uniquely positioned to protect cloud apps and end-points from malware attacks and proliferation.
Using an Open Source Threat Model for Prioritized DefenseEnclaveSecurity
The document discusses using an open source threat model for prioritized defense. It proposes creating a common taxonomy of threats to information systems that defines categories, a hierarchy, and specific threats. This would provide organizations a common language and understanding of threats to help them determine appropriate defenses. The taxonomy would be based on research from industry reports and categorize high-level threats as physical, resource, personnel, or technical, with subcategories defined. The goal is a practical taxonomy maintained by a committee that organizations can reference to identify relevant threats and prioritize controls without having to define threats themselves.
Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine LearningSymantec
What is machine learning and how can it be used to detect unknown threats?
What makes Symantec’s approach to machine learning different?
Defense in depth: Symantec Endpoint Protection 14
Panda Adaptive Defense - The evolution of malwarePanda Security
We analyze the evolution of malware and the next generation of Enpoint Protection agaings targeted attacks: Adaptive Defense.
More info: http://www.pandasecurity.com/enterprise/solutions/advanced-threat-protection/
Conceito militar, agora aplicado a Cibersegurança, o "the cyber kill chain" foi desenvolvido pela Lockheed Martin em 2011. Ele descreve as fases que um adversário seguirá para alvejar uma Organização. São 7 fases bem definidas e este ataque é considerado bem sucedido
se / quando todas as fases foram realizadas.
(DOCUMENTO EM INGLÊS)
Cisco's Advanced Malware Protection (AMP) provides a new security model with both point-in-time protection and retrospective security through continuous analysis. AMP leverages the Talos security intelligence and analytics team and the Cisco Collective Security Intelligence cloud. AMP delivers visibility and control across the attack continuum through prevention, detection, containment, and remediation capabilities. It provides both point-in-time detection using techniques like reputation filtering, sandboxing, and behavioral analysis as well as retrospective security through continuous analysis of events. AMP can be deployed across networks, endpoints, and content to deliver a comprehensive defense against advanced threats.
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...Luigi Delgrosso
Recorded Webinar at http://event.on24.com/wcc/r/1117340/BECF92C8BBDF5B51399A8FB934C97054
This Webinar has been hold in Italian language by Luigi Delgrosso and Fabrizio Patriarca.
Please contact them to get additional details and get a visit on site
The document summarizes the state of endpoint threats and defenses in 2021. It finds that while Windows PCs remain a top target, Mac malware is growing. Ransomware increased dramatically over the past year and remains a major threat. Endpoint defenses are still fragmented across antivirus, next-gen antivirus, EDR, and other tools. The document recommends strategies like hardening systems, adopting a zero trust model, training incident response teams, and regularly testing defenses to combat evolving endpoint threats.
John Shaw, VP of Product management at Sophos, introduced us to the world of Project Galileo. What is Sophos doing to bring Network Security and Endpoint security together? How do we make these two pillars of IT security work together?
What's Wrong with Vulnerability Management & How Can We Fix ItSkybox Security
The document discusses challenges with traditional vulnerability management programs and provides recommendations for improvement. It summarizes findings from a survey of vulnerability management professionals that found dissatisfaction with current scanning, analysis, and remediation capabilities. The document recommends that organizations focus on maturity of their vulnerability management process, strive for continuous assessment, use network and security context to prioritize risks, and speed up remediation times.
The document discusses challenges in applying machine learning and deep learning for cybersecurity defense. It notes that while traditional machine learning systems have provided some defense capabilities, attacks are growing more complex faster than security teams and budgets. Deep learning aims to automate detection through multilayered neural networks trained on vast data, but faces challenges around reproducibility, transparency, and operating in adversarial environments against evolving attacks. The document advocates moving from rule-based systems to centralized defenses leveraging big data and deep learning models for near real-time threat mitigation through intelligence sharing between members.
Talk that Prof. Mustaque Ahamad from GaTech gave at Global Cybersecurity Leaders Program http://www.cisoacademy.com/gclp2-prof-mustaque-ahamad-april-2015/
DevOps Indonesia "How Security with DevOps can Deliver more secure software"
Leveraging Vulnerability Management Beyond DPR (Discovery - Prioritization - Remediation) by Mr. Faisal Yahya
Vulnerability Management: What You Need to Know to Prioritize RiskAlienVault
Abstract:
While vulnerability assessments are an essential part of understanding your risk profile, it's simply not realistic to expect to eliminate all vulnerabilities from your environment. So, when your scan produces a long list of vulnerabilities, how do you prioritize which ones to remediate first? By data criticality? CVSS score? Asset value? Patch availability? Without understanding the context of the vulnerable systems on your network, you may waste time checking things off the list without really improving security.
Join AlienVault for this session to learn:
*The pros & cons of different types of vulnerability scans - passive, active, authenticated, unauthenticated
*Vulnerability scores and how to interpret them
*Best practices for prioritizing vulnerability remediation
*How threat intelligence can help you pinpoint the vulnerabilities that matter most
This document discusses threats to payment card data and PCI compliance. It provides an overview of the University of Alaska system and outlines steps to evaluate threat risk and maintain PCI compliance. These include identifying vulnerabilities and threats, assessing risk levels, remediating vulnerabilities, and conducting regular vulnerability assessments and penetration testing using various tools. Maintaining compliance is important to minimize the reputational risks to the university from potential data breaches.
Vulnerability is a weakness in the application or a design flaw that allows an attacker to exploit for potential harm or financial benefits. Though it is practically impossible to have vulnerability free system, one can implement tools to identify the nature of vulnerabilities and mitigate the potential risk they pose. As an institution, it is very important for business managers, administrators, and IT security personnel to pay attention to those security warnings. The talk will identify types, sources, and mitigation of external and internal threats. The talk will review Vulnerability Assessment and Penetration Testing (VAPT) tools available in the market and their benefits. Presenters will engage the audience in interactive style discussion on the available tools to detect vulnerabilities and threats and the steps needed to mitigate.
Extending Network Visibility: Down to the EndpointLancope, Inc.
In today’s world of constantly evolving security threats and attack vectors, organizations need to be vigilant about monitoring their network infrastructure. The network perimeter and security infrastructure is often challenged with the adoption of mobile devices, cloud, and BYOD policies. The need for visibility into endpoint activity has become more important than ever.
Join Josh Applebaum (Ziften), Matthew Frederickson, (Council Rock School District) and Peter Johnson (Lancope) for a complimentary webinar to learn how you can achieve real-time network visibility and intelligence for improved incident response.
Discover how you can:
- Achieve additional visibility and context to network activity
- Enhance your existing security investments (NetFlow, Firewall, SIEM, threat intelligence)
- Improve incident response by obtaining real-time and historical endpoint data
Similar to NTXISSACSC2 - Next-Generation Security and the Problem of Exploitation by Matthew Ancelin (20)
The document discusses a tabletop exercise for incident response planning. It provides information on organizing the exercise, including establishing roles and an incident command structure. Guidelines are presented for running injects, or scenarios, to test coordination and response procedures across organizational functions. Metrics and lessons learned are identified to evaluate performance and identify areas for improvement. The overall goal is to simulate cyber and physical attacks through coordinated injects and foster effective multi-department communication and readiness.
Venkatesan Pillai presented on protecting cloud computing environments from DDoS attacks using Complex Event Processing (CEP). He discussed existing DDoS detection and prevention systems and their limitations. The proposed system would use CEP to analyze traffic parameters from cloud datasets to classify attacks and alert on sources to block. It would be implemented using OpenStack cloud, Esper CEP engine, and machine learning algorithms. Metrics like CPU usage, bandwidth, and response time would evaluate performance.
The document discusses the importance of packet-level network analysis for security forensics investigations. It notes that packets provide the ultimate source of network truth and visibility. The document outlines challenges security operations face and how leveraging packet insights can help answer key questions in a breach. It also discusses how application performance management solutions that perform deep packet inspection can strengthen existing security tools by providing full context of attacks.
The document summarizes key points from a cyber security conference on email security. It discusses how email threats are growing and quickening in pace. It notes that 91% of cyber incidents start with phishing and the average time to click on a phishing link is 100 seconds. The document warns that companies are at risk if they have certain information online or accept resumes through their websites, and outlines various email security challenges including compromised accounts, careless users, and malicious insiders. It emphasizes that humans remain the weak link in cyber security since some will still open and engage with phishing attacks. The document concludes that companies need a cyber resilience strategy to effectively protect their email security.
This presentation discusses implementing dynamic addressing in space networks using DHCP. It describes simulating a space network on Earth with delays to model propagation in space. The simulation includes spacecraft, the ISS, Hubble, Orion, and TDRS satellites. Implementing pipelined DHCP from the TDRS satellites can reduce handshake times by 75-87.5% compared to traditional DHCP from Earth. Future work includes adding Mars simulations and automating the network. The presentation was given at the NTXISSA Cyber Security Conference on November 11, 2017.
Patrick Garrett gave a presentation on developing an evidence-driven information security compliance strategy at the NTXISSA Cyber Security Conference on November 10, 2017. He discussed key components of an effective compliance program including oversight, policies and standards, training, enforcement, auditing, and risk management. Garrett emphasized building in evidence from the start to prove due diligence and evaluating program effectiveness using relevant metrics.
Bill Petersen gave a presentation on getting started with Linux in an hour at the NTXISSA Cyber Security Conference on November 10-11, 2017. He discussed why Linux is useful, especially for its free operating system and tools. He recommended several Linux distributions for different purposes and outlined how to install Linux in a virtual machine or on physical hardware. Petersen then demonstrated many basic Linux commands and how to combine them to accomplish tasks. He encouraged attendees to continue learning about Linux on their own through online resources and contacting him directly for more training opportunities.
This document provides information about resources for security professionals in the Dallas/Fort Worth area, including meetup groups and hackers associations. It also discusses responsible ways to set up a DIY pentesting lab, whether using bare metal servers, virtualization, or a hybrid approach. The document outlines factors to consider for hardware, virtualization software, and different lab environments.
This document provides an agenda and overview for a training session on basic hacking techniques used by real-world attackers. The training will guide participants through setting up a virtual hacking lab and then demonstrate attacks such as cracking WEP and WPA encryption, exploiting vulnerabilities in a vulnerable web application, and using Metasploit to access systems remotely. The goal is to educate managers and executives on common attacks without requiring technical experience.
The document summarizes Andy Thompson's presentation at the NTXISSA Cyber Security Conference on November 10-11, 2017 about addressing insider threats. The presentation covered case studies of corporate espionage by insiders, profiling a malicious insider, outlining the insider threat "kill chain" model, and discussing technical controls like data loss prevention, deactivating access after termination, and using a functional account model to limit privileges.
Mark Szewczul gave a presentation at the NTXISSA Cyber Security Conference on November 10-11, 2017 about mobile threat detection using on-device machine learning. He discussed how mobile devices have become the new PC and are used to access corporate information. However, mobile devices face real threats like malicious apps, Wi-Fi MITM attacks, and device exploits. Szewczul explained that Zimperium uses an on-device machine learning engine to provide real-time protection against known and unknown mobile threats throughout the cyber kill chain.
This document summarizes a panel discussion on cyber insurance at the NTXISSA Cyber Security Conference on November 10-11, 2017. The panel included experts from Risk Centric Security, McGriff Seibels & Williams insurance brokerage, Texas Medical Liability Trust, and Scheef & Stone law firm. They discussed key topics like what cyber risk insurance covers, how much coverage is needed, the claims process, and common mistakes made. The panel provided insight into first-party coverages like breach response costs and third-party coverages like privacy liability. They also explained that risk assessments and disclosure of prior incidents can impact insurance premiums.
The document summarizes a presentation given at the NTXISSA Cyber Security Conference on November 10, 2017 about the General Data Protection Regulation (GDPR) from a non-lawyer's perspective. The presentation covered an overview of the GDPR, including what it is, what it is for, who has to comply, and how it could apply to companies. It also provided context on related EU regulations and directives and summarized some of the key aspects of the GDPR such as its scope, material covered, and structure.
The document summarizes key points from a cyber security conference on email security. It discusses how email threats are growing and quickening in pace. It notes that 91% of cyber incidents start with phishing and the average time to click on a phishing link is 100 seconds. The document warns that companies are at risk if they have certain information online or accept resumes through their websites, and states that organizations can no longer say they won't be attacked but only question of when. It emphasizes having a multilayered security and continuity strategy to achieve cyber resilience.
Ed Higgins presented on adopting a zero trust security model at the NTXISSA Cyber Security Conference on November 10-11, 2017. He discussed how the traditional perimeter-based security model has failed as data becomes more mobile, and zero trust is a more effective approach. Zero trust requires that all access be earned through authentication and authorization, and assumes there is no implicit trust granted by network location or IP address. Higgins outlined some of the key advantages of zero trust, such as making lateral movement harder for attackers and enabling digital transformation by removing inconsistent security controls.
Laurianna Callaghan presented on developing a security awareness program from simple to mature. She outlined the SANS maturity model, which ranges from non-existent programs to mature programs that incorporate metrics and a security awareness lifecycle. Callaghan discussed key elements of simple, compliance-focused, and promoting awareness programs before focusing on the characteristics of a mature program, including measuring impact through metrics in areas like compliance, incidents, culture and technology. She emphasized changing perspectives to see humans not as a liability but as stakeholders and concluded by offering next steps organizations can take to advance their programs.
Abu Sadeq gave a presentation at the NTXISSA Cyber Security Conference on taking a holistic approach to cybersecurity. He discussed using the NIST Cybersecurity Framework (CSF) to assess an organization's cybersecurity program. The CSF consists of five functions - Identify, Protect, Detect, Respond, Recover - to help manage cybersecurity risks. Sadeq also emphasized implementing seven key controls, such as inventory management and secure configurations, which provide effective defense against most common cyber attacks.
The document summarizes a presentation on shifting from incident response to continuous response. It discusses how security monitoring will encompass many layers of the IT stack to provide continuous, pervasive monitoring and visibility. An intelligence-driven adaptive security architecture is proposed to enable next-generation security protection through continuous monitoring, analytics, threat intelligence and context. The architecture includes components for policy, enrichment/analytics, decision-making, and response/action to dynamically respond to alerts based on enterprise policies.
Erich Mueller gave a presentation on conquering all stages of an attack at the NTXISSA Cyber Security Conference. He outlined the typical stages an attacker will go through - initial infection, command and control, privilege escalation, internal reconnaissance, lateral movement, and damage. At each stage, he described common techniques attackers use, such as phishing and fileless malware for initial infection, domain generation algorithms for command and control, and password dumping for privilege escalation. The goal is to provide a comprehensive overview of how attackers operate throughout an attack lifecycle.
This document summarizes Harold Toomey's presentation at the NTXISSA Cyber Security Conference on November 10-11, 2017 about integrating security tools into the software development lifecycle (SDL). It discusses the need to automate SDL activities like requirements management, vulnerability scanning, and issue tracking to support modern agile and continuous development practices. The presentation provides examples of how different security tools can be integrated together, such as connecting a requirements tool to an application lifecycle management system, or linking a vulnerability scanning tool to an issue tracking system. It also reviews considerations for integrating tools, such as availability, cost, and whether tight or loose integration is needed.
HijackLoader Evolution: Interactive Process HollowingDonato Onofri
CrowdStrike researchers have identified a HijackLoader (aka IDAT Loader) sample that employs sophisticated evasion techniques to enhance the complexity of the threat. HijackLoader, an increasingly popular tool among adversaries for deploying additional payloads and tooling, continues to evolve as its developers experiment and enhance its capabilities.
In their analysis of a recent HijackLoader sample, CrowdStrike researchers discovered new techniques designed to increase the defense evasion capabilities of the loader. The malware developer used a standard process hollowing technique coupled with an additional trigger that was activated by the parent process writing to a pipe. This new approach, called "Interactive Process Hollowing", has the potential to make defense evasion stealthier.
Discover the benefits of outsourcing SEO to Indiadavidjhones387
"Discover the benefits of outsourcing SEO to India! From cost-effective services and expert professionals to round-the-clock work advantages, learn how your business can achieve digital success with Indian SEO solutions.
Gen Z and the marketplaces - let's translate their needsLaura Szabó
The product workshop focused on exploring the requirements of Generation Z in relation to marketplace dynamics. We delved into their specific needs, examined the specifics in their shopping preferences, and analyzed their preferred methods for accessing information and making purchases within a marketplace. Through the study of real-life cases , we tried to gain valuable insights into enhancing the marketplace experience for Generation Z.
The workshop was held on the DMA Conference in Vienna June 2024.
Ready to Unlock the Power of Blockchain!Toptal Tech
Imagine a world where data flows freely, yet remains secure. A world where trust is built into the fabric of every transaction. This is the promise of blockchain, a revolutionary technology poised to reshape our digital landscape.
Toptal Tech is at the forefront of this innovation, connecting you with the brightest minds in blockchain development. Together, we can unlock the potential of this transformative technology, building a future of transparency, security, and endless possibilities.
2. 2
Network: Old Methods vs. New Methods
• Port and protocol allow/block firewalling
• URL filtering, black lists
• Blacklisting of IP or range
• Standalone signature based IPS
• UTM: unified threat management
• Web gateways/Proxy
• Visibility and Control
• Application based firewalling
• Integrated Threat Prevention
• SSL decryption/inspection
• Automated threat intelligence sharing
• Sandboxing
3. 3
Visibility and Control: Application based firewalling, SSL
Decryption/Inspection, Integrated Threat Prevention
4. 4
Sharing is Cyber-Caring: Verizon’s 2015 Breach report
Source: Verizon 2015 Data Breach Investigations Report
5. 5
Sharing is Cyber-Caring: Verizon’s 2015 Breach report
Source: Verizon 2015 Data Breach Investigations Report
75% of attacks
spread from
victim 0 to victim 1
within 24 hours
7. 7
Sandboxing and Automated Threat Intelligence sharing
AV Signatures DNS Signatures
C&C
Signatures
Malware URL
Filtering
Global install base and Threat Intel Consortium
SIEM other
13. 13
Traps - Exploit Trapping by Technique
Individual Attacks
Software Vulnerability Exploits
Thousands of new vulnerabilities
and exploits per year
1,000s/yr
Core Techniques
Exploitation Techniques
In the past 3 years, 2 new
techniques have been discovered
1 or 2/yr
Source: www.cvedetails.com
14. 14
Prevention of One Technique in the Chain will Block the Entire Attack
Exploit Prevention Case Study
Unknown Exploits Utilize Known Techniques
DLL
Security
IE Zero Day
CVE-2013-3893
Heap Spray
DEP
Circumvention
ROP/Utilizing
OS Function
Adobe Reader
CVE-2013-3346
Heap Spray
DEP
Circumvention
Utilizing
OS Function
Adobe Flash
CVE-2015-
3010/0311
ROP JiT Spray
Utilizing
OS Function
15. 15
Are exploits really the problem?
99.9% of the exploited vulnerabilities
were compromised more than 1 year
after the CVE was published.
~50% of 2014 CVEs exploited fell
within 2 weeks of announcement.
* Source: Verizon 2015 Data Breach Investigations Report
18. 18
Attacks LEAD with exploits
Nov 2014: Operation CloudyOmega
Nov 2014: Dark Hotel campaign
Oct 2014: SandWorm
Oct 2014: Hurricane Panda
Feb 2014: Operation SnowMan (MS IE 0-day exploit)
Sept 2013: Ichitaro Zero Day
Feb 2014: IE 0-day, Watering Hole attack
Feb 2014: ‘The Mask’ Campaign
Dec 2013: Operation KeyChang
Oct 2013: Egobot Campaign
Sept 2013: Icefog campaign
Sept 2013: EvilGrab campaign
June 2013: NetTraveler campaign
…this pattern repeats over and over again
Agenda:
What is ‘next-generation’? Discussion of new techniques and approaches, network and endpoint
Look at some recent attacks to see how these new techniques would or would not be effective
Demonstrate exploitation and its prevention
I work for pioneer in this space, here 3 years later, many of our competitors have adopted similar functionality-
Some functionality has been around awhile, but has finally been made operationally possible to actually turn on.
Visibility and Control on the network layer has improved: moving beyond port/protocol, to application and user based controls, looking across all ports/protocols, inside of SSL. Since deep packet inspection is required here, what better place to also then look for and block known threats.
Not all ‘application control’ is the same- check the flow of any given implementation of it…
It makes a lot of sense to in fact validate applications- just because its coming over port 53, IS it DNS?
It also makes a lot of sense to organize firewall policies according to the users (by name) that they apply to.
In my engagements, I poll network admins as to whether they are decrypting and/or inspecting SSL… maybe 10% or less are.
Statistically, different sources are reporting different data- different threats…
But WHAT is shared, and how useful is that?
IP addresses #1, Host information #2
The faster the sharing, and the faster that is actionable, is where the value lies.
3 years ago, FireEye was the leading name in commercialized enterprise sandboxing
Palo Alto added WildFire shortly after
3 years later, everyone’s got one
What data elements are captured? How shared? And what is DONE with the resulting data?
Explain Sandboxing
Threat Intel sharing inside of your environment
Threat Intel sharing within your vendors install base
Threat Intel sharing within your industry (ISACs) – or between vendors
next-generation: new methods
May 2014, Brian Dye Sr VP of IS Symantec: “Antivirus is Dead”
Nir Zuk: port/protocol dead (despite inventing stateful packet inspection, based on port/protocol 20 yrs prior)
Roll Video
As we examined these requirements we realized an entirely new approach would be needed in order to effectively block threats that have never been seen before. We chose to focus our efforts on blocking the core techniques that attackers use versus the threat itself. As it turns out there is a finite amount of techniques that can be employed in order for an attacker to achieve their objectives. And these techniques don’t change frequently when compared to the actual number of new vulnerabilities and malware.
So our strategy was actually quite simple – If we could successfully disrupt the technique, then the attack would be thwarted.
So, relative to exploit driven attacks we focused on the exploit techniques and not the thousands of vulnerabilities that emerge each year.
For malware it’s similar, in that we’ve focused on the malware techniques as opposed to the millions of individual pieces of malware that emerge each year.
So that’s how you have to think about the problem, focus on the core techniques for exploits and malware specifically.
---------------------------------------
Additional points you may want to raise:
Currently the total number of exploit techniques available to attackers numbers in the mid-20’s. You can use Heap Spray as an example to articulate how complicated these techniques are and how infrequent they’re created. Heap Spray took two years for academia to develop. Once it was developed the attacker community got ahold of the technique and began to use it within their toolkits. In parallel we were working with the universities to build mechanisms to block this exploit technique through Traps, so when Heap Spray was exposed to the attacker community we were already prepared to prevent through Traps.
Let’s drill down into how that works using a recent Zero-Day as an example – cve-2014-1776, also known as Clandestine Fox.
The actual process of exploiting a system via a vulnerability involves the use of multiple techniques working in concert. In order for an attack to be successful the attacker must execute each of these exploit techniques in a path that has multiple stages that lead to the execution of the malicious activity. In this CVE you can see the exploit techniques used in each of the stages…
They can’t begin their malicious activity until they’ve concluded these steps. Some attacks may involve more steps, some may involve less. In all cases you can count on at least two or three techniques that must be used in order to exploit that endpoint. The reason why I’m providing this background is because it’s important to understand the process an attacker must take, the chain of events their exploit must follow, in order to achieve their objectives. If you understand this process it will be easy to understand the approach we’ve taken with Traps. At a basic level Traps employs a series prevention modules aimed at blocking the different exploit techniques available to attackers. These modules operate like “traps”, injected into the user processes, and designed to block the attackers exploit technique as soon as it’s used.
It’s critical that your approach be able to block all techniques. These techniques can be grouped into the following four buckets [Click]. In each case we’re able to block the attack without having any prior knowledge of the vulnerability. This didn’t require signatures or software updates to prevent. Even though an attack may have involved a Zero-Day that had never been seen before.