SlideShare a Scribd company logo

Aon Ransomware Response and Mitigation Strategies

CSNP
CSNP

CSNP Chicago - presented by Elizabeth Martin

Technology
1 of 34
Download to read offline
Prepared by Aon’s Cyber Solutions Group Proprietary and Confidential Elizabeth Martin – Manager, Security Advisory Practice Ransomware Response and Mitigation Strategies: A Practical Approach
2 Aon’s Cyber Solutions Proprietary & Confidential Agenda Introduction Industry News Aon’s Client Experiences Aon’s Digital Forensics and Incident Response Activities Aon’s Pro-Active Mitigation Strategy Development What Does the Future Hold?
3 Aon’s Cyber Solutions Proprietary & Confidential 3 Aon’s Cyber Solutions Proprietary & Confidential Introduction
4 Aon’s Cyber Solutions Proprietary & Confidential Proactive Security Advisory Elizabeth Martin Manager Chicago, IL E: Elizabeth.M.Martin@aon.com P: +1 312.646.7358 EDUCATION: B.S. – Electronics Engineering Technology Elizabeth Martin provides over 20 years of experience in the Information Security, Compliance, and Risk Management industry and 25 years in Information Technology. Ms. Martin evaluates challenges associated with protecting an organization’s assets while offering improvements that will support growth, improve operational efficiencies, meet compliance requirements, and mitigate risk. Ms. Martin has extensive experience in the Fortune 500 automotive, retail, financial, healthcare, government, and managed security services verticals. Expertise highlights include Information Security and Risk Management Program Development, Information Security and Risk Management Assessments, Program Development, and Workshops, Regulatory Compliance Analysis, Implementation, and Management, as well as Policy and Procedure Development. In her capacity at Aon, Ms. Martin proactively helps organizations assess and manage their risk in accordance with their business requirements. She performs holistic Security Risk Assessments for clients that involve evaluating enterprise risks including assessment of security architectures, policies and governance.
5 Aon’s Cyber Solutions Proprietary & Confidential Aon Services: DFIR and Pro-Active Advisory Overview * Includes former Head of the Cyber Division at FBI Headquarters and former founder of the FBI’s computer crime squad in New York
6 Aon’s Cyber Solutions Proprietary & Confidential 6 Aon’s Cyber Solutions Proprietary & Confidential Industry News: The Rise of Ransomware
7 Aon’s Cyber Solutions Proprietary & Confidential The Headlines
8 Aon’s Cyber Solutions Proprietary & Confidential What Do the Experts Have to Say?
9 Aon’s Cyber Solutions Proprietary & Confidential The Costs are Increasing Global Data Breach Cost – Per Capita, by Industry (Measured in US$) Impact of the Top 22 Factors on the Per Capita Costs MEAN TIME TO CONTAIN (MTTC) A BREACH 69 Days FOR THE FOURTH YEAR, PONEMON’S STUDY SHOWS THE RELATIONSHIP BETWEEN HOW QUICKLY AN ORGANIZATION CAN CONTAIN DATA BREACH INCIDENTS AND FINANCIAL CONSEQUENCES.
10 Aon’s Cyber Solutions Proprietary & Confidential 10 Aon’s Cyber Solutions Proprietary & Confidential Aon’s Client Experiences
11 Aon’s Cyber Solutions Proprietary & Confidential What Does This Mean For Our Clients? What are we doing about Cybersecurity and ransomware? What is our strategy? BOARD OF DIRECTORS CEO What are we doing about Cybersecurity? Do we have a strategy for ransomware? We’re doing things about this Cybersecurity right? CISO Yes of course! We’re doing all these things!!  Increased attention from the Board of Directors  Driving accountability at the C-Level  CISOs facing increased scrutiny and/or requesting 3rd Party Assistance  5 of my last 6 Security Risk Assessments were driven by the BoD  Security and IT Teams are still challenged  Varying degrees of diligence, tools, practices, risk management, etc.
12 Aon’s Cyber Solutions Proprietary & Confidential The Challenges We Face We are doing enough right? Is everything I put in place working? CISO Team, we’re doing all the things, right? Security Team NOOO!!! WE’RE NOT DOING ENOUGH!! THE SKY IS FALLING!!!! IT – You are doing all the things, right? IT Uhhh…my hair is on fire with new deployments, acquisitions, outages, but we’re trying!!! 3 Months Later…. Aon DFIR Team Do you have an EDR Solution? Do you have Logs? Do you have a list of systems? Can we access the SIEM? Do you have a SIEM?? How do we deploy IoC Detection?
13 Aon’s Cyber Solutions Proprietary & Confidential Here We Are: Not So Exact Numbers  Prior to summer of 2019 we saw one or two ransomware cases per month  Summer of 2019 we saw something like 5 or 6 cases in a 10 or 15 day period  They continue to come in on a regular basis  We typically only see catastrophic cases  Most cases contain common attack vectors and malware strains
14 Aon’s Cyber Solutions Proprietary & Confidential 14 Aon’s Cyber Solutions Proprietary & Confidential Aon DFIR Incident Response, Analysis, and Containment Activities
15 Aon’s Cyber Solutions Proprietary & Confidential Aon DFIR: Engagement Overview  Forensic acquisition of systems and host-based forensic analysis  Malware analysis  Log analysis: Firewalls; Threat Detection; Active Directory; All Available Logs  Network Monitoring: Deploy Open Source tools if none available  Malware Protection triage and review  IoC scanning via LIMA (Proprietary Tool) and other tools as available  O365 / Email log collection and analysis  Dark web threat intelligence  Law enforcement engagement Note: Cyber Insurance and ransomware payments are typically conducted outside of DFIR and Pro-Active purview. We are nearly always engaged through client attorney under Privilege
16 Aon’s Cyber Solutions Proprietary & Confidential Aon DFIR: Engagement Overview By The Numbers SAMPLE – Overview of Efforts  397 systems (99 servers, 298 workstations) identified as infected  613 potential attacker IP addresses blocked  5 strains of malware identified  3000+ malware samples identified  530+ LIMA Scans  1200+ Linux Scans  Inoculations (“kill switch”) deployed for Trojans (used to harvest credentials and propagate ransomware) Above reflects a smaller environment, we have responded to environments with 2000+ affected machines
17 Aon’s Cyber Solutions Proprietary & Confidential Aon DFIR: Anatomy of an Attack - Response Activities Infection Vector:  Initial infection vector often not confirmed, phishing email with malicious link/attachment most likely.  Often see IoCs dating years back reducing ability to tie to the incident timeline Multi-Stage Malware Deployment:  Attacks generally followed typical pattern of multi-stage malware deployment, leading to ransomware infection  Multiple Emotet, Trickbot, Dridex, and Ryuk infections observed
18 Aon’s Cyber Solutions Proprietary & Confidential Aon DFIR: Anatomy of an Attack - Response Activities Lateral Propagation  Attackers harvest credentials and create backdoors  Attackers map network and use compromised accounts to propagate Malware broadly  Remote Shells / Meterpreter deployed to escalate privileges and create backdoors in machines  Attackers gain access to admin-level accounts and domain controllers to deploy malware across the environment  Most lateral propagation is occurring through remote administration tools such as Powershell, Named Pipes, RDP, etc. and go largely undetected and uncontrolled
19 Aon’s Cyber Solutions Proprietary & Confidential Aon DFIR: Anatomy of an Attack - Response Activities Lateral Propagation (Cont’d)  Limited network segmentation, choke points, and visibility to restrict SMB and remote Windows administration traffic  Clear evidence of “hands on keyboard” attacker activity typically 3-4 weeks in advance of ransomware payload execution  Attackers typically obtain a host list as part of reconnaissance activity, including identification of backups, Domain Controllers, etc. Containment Efforts  In most cases, at this point, the ransomware has spread rapidly and many systems are down – both endpoints and servers. In some cases certain environments are not affected  SMB traffic is quickly restricted to the best of the capabilities available, usually on the fly router ACLs due to a flat network combined with on the fly firewall rules
20 Aon’s Cyber Solutions Proprietary & Confidential Aon DFIR: Anatomy of an Attack - Response Activities Containment Efforts  Overall – TANGO DOWN within a 2-3 day timeframe. Business functions have halted, have seen cases where employees are simply asked to not work. Some IT folks are going to BestBuy, laying down AmEx and buying all available workstations (Procurement services are not available)  3-7 Days later and infections continue if a successful containment strategy is not deployed  Often see reinfections of same machines due to lack of the following:  System hardening, host based controls, configuration management practices, network segmentation, or inadequate / ineffective malware protection  Malware Protection may not automatically detect IoCs, custom signatures must be deployed, assuming Malware Protection console is available and not affected by ransomware  Containment strategies using Windows tools such as SCCM, AppLocker, Windows Defender, etc. are restricted due to limitation of SMB traffic Aon DFIR Team IT Security Team
21 Aon’s Cyber Solutions Proprietary & Confidential Aon DFIR: Anatomy of an Attack - Response Activities Containment Efforts  In some cases attacker directly accessed backup console and deleted backups, in other cases the backups were simply not functioning, which had gone unnoticed  In many cases client does not maintain Asset Management solutions or network diagrams, or if they do they are unavailable due to the ransomware, further complicating response and increasing the timeline for containment  Obtaining access to tools, deploying Aon tools where visibility is lacking, and overall availability of fundamental information and systems significantly increases the timeline of containment Aon DFIR Team IT Security Team
22 Aon’s Cyber Solutions Proprietary & Confidential Aon DFIR: Anatomy of an Attack - Response Activities Containment Efforts Realized!  Our Malware Analysis team is able to identify specific IoCs, lateral propagation methods, etc. Our DFIR team has become accustomed to deploying containment solutions in some of the most challenging environments  In many cases our DFIR team requests deployment of an EDR tool, which seems to be the most effective  Specific host based controls are deployed depending on the environment and tools available. This includes EDR, Malware Protection, and any additional tools in place that can block IoCs and allow for rebuild, restore, recovery, etc.  Log Analysis and Monitoring is in place to immediately alert to all IoCs  Network based restrictions are slowly lifted, in a phased approach, once it is confirmed the containment strategy is successful Aon DFIR Team IT Security Team
23 Aon’s Cyber Solutions Proprietary & Confidential Aon DFIR: Anatomy of an Attack – Eradication Eradication  While the spread of the ransomware may be contained, there are still many items to consider on an ongoing basis, such as the following:  Diligence in eradication measures – do not reintroduce infected machines to the network  Establish a safe practice for data recovery, including paying the ransom and restoring data  Ensuring there is a sound set of protective controls to prevent subsequent infection vectors (e.g. phishing protection, advanced threat, etc.) Data Exfiltration  While the incident may be contained, there should be an ongoing effort to conduct Deep / Dark Web searches to identify data exfiltration Aon DFIR Team IT Security Team
24 Aon’s Cyber Solutions Proprietary & Confidential 24 Aon’s Cyber Solutions Proprietary & Confidential Aon Pro-Active Advisory Mitigation Strategy
25 Aon’s Cyber Solutions Proprietary & Confidential Aon Pro-Active Advisory: Engagement Status  Containment has been achieved through a collaboration between Client and our DFIR team  Client has not yet fully recovered  Additional Pro-Active Mitigation Strategies need to be developed to further strengthen detection, prevention, and response capabilities
26 Aon’s Cyber Solutions Proprietary & Confidential Aon Advisory: Pro-Active Ransomware Mitigation Strategy Establish Threat Profiles, Network Baseline, Enhance Chokepoints  Whiteboard environment, gather a threat profile of the following:  User profiles  Location Profiles  Establish Network Baseline and Chokepoints  Develop Network Reference Architecture  Develop Traffic Profiling
27 Aon’s Cyber Solutions Proprietary & Confidential REMOTE LOCATIONS Cloud ServicesAWS Internet Regional Data Center Infrastructure VPN CORE INFRASTRUCTURE Backup Data Center Primary Data Center Infrastructure Business Apps Business Apps / ERP / Etc. Business Apps / ERP / Etc. Business Apps / ERP / Etc. Mgmt Business Apps / ERP / Etc. Pre-Prod Security Tools RDC/File Servers RDC/File Servers Internet Infrastructure Backups E-Commerce Middleware Development Core Infrastructure Backup Network WAN Users Users Router Users POS Firewall / UTM Retail Locations WAN Retail Back Office Firewall / UTM O365 Small Office Campus Router Firewall / UTM Router Firewall / UTM Network Reference Architecture Aon’s Cyber Solutions Proprietary & Confidential
28 Aon’s Cyber Solutions Proprietary & Confidential Aon Advisory: Pro-Active Ransomware Mitigation Strategy  Traffic Baselining  Restrict network traffic based on user and location threat profiles  Keep SMB traffic localized
29 Aon’s Cyber Solutions Proprietary & Confidential Aon Advisory: Pro-Active Ransomware Mitigation Strategy Understand Current and Planned Security Controls  Gather current, planned, and recommended security controls related to the following:  Mobile Device Controls  Endpoint Controls  Email / Browsing  Perimeter Controls  Server / Identity Management  Security Analytics  Overlay Controls to a general “Anatomy of an Attack”
Vulnerability Management Dark Web Search Threat Intelligence SIEM Traffic Baselining Security Analytics Cloud E-commerce Infection Vector Email Filtering URL Filtering Email / Browsing Firewall Advanced Threat Advanced Threat Perimeter Controls Mobile Device Controls Corporate Device BYOD Device MDM Wireless Wireless Controls Malware Corporate Endpoint EDR / Malware Protection Malware Configuration Management Patching Endpoint Controls Windows Defender AppLocker LAPS Lateral Propagation Identity Directory Server EDR PAM Lateral Propagation Server / Identity Management Application Whitelisting Configuration Management Patching Malware VPN 24x7 Monitoring MalwareMalicious Actor Malicious Actor Malicious Actor SDN DDoS WAF IPS Security Reference Architecture Backup Protection Insider Threat Aon’s Cyber Solutions Proprietary & Confidential
SECURITY ANALYTICS PERSISTENCE PHISHING MALICIOUS WEBSITE CREDENTIAL HARVESTING API HOOKING RANSOMWARE DATA EXFILTRATION BOTNET LATERAL MOVEMENT COMMAND AND CONTROL ROOTKIT INFECTION VECTORS PROPAGATION PAYLOAD TenableDark Web Search Threat Intelligence Backstory (Google) Cortex XDR Backup ProtectionNetwork Segmentation Palo Alto FirewallWildFire Carbon Black Host Based Controls Thycotic Host Based ControlsURL FilteringProofpoint Carbon Black Carbon Black Host Based Controls 24x7 Monitoring KILLCHAIN KILLCHAIN KILLCHAIN KILLCHAIN KILLCHAIN KILLCHAIN KILLCHAIN KILLCHAIN KILLCHAIN Palo Alto IPS Anatomy of An Attack Insider Threat Microsoft ATA KILLCHAIN Aon’s Cyber Solutions Proprietary & Confidential
32 Aon’s Cyber Solutions Proprietary & Confidential Aon Advisory: Pro-Active Ransomware Mitigation Strategy Develop Roadmap, Budget aligned with NIST CSF Enhance DFIR Preparedness
33 Aon’s Cyber Solutions Proprietary & Confidential What Does the Future Hold?
34 Aon’s Cyber Solutions Proprietary & Confidential Aon’s Cyber Solutions Group Aon plc (NYSE:AON) is the leading global provider of risk management, insurance and reinsurance brokerage, and human resources solutions and outsourcing services. Through its more than 66,000 colleagues worldwide, Aon unites to empower results for clients in over 120 countries via innovative and effective risk and people solutions and through industry- leading global resources and technical expertise. Aon has been named repeatedly as the world’s best broker, best insurance intermediary, best reinsurance intermediary, best captives manager, and best employee benefits consulting firm by multiple industry sources. Visit aon.com for more information on Aon. Aon’s Cyber Solutions offers holistic cyber risk management, unsurpassed investigative skills, and proprietary technologies to help clients uncover and quantify cyber risks, protect critical assets, and recover from cyber incidents. Cyber security services offered by Stroz Friedberg Inc. and its affiliates. Insurance products and services offered by Aon Risk Insurance Services West, Inc., Aon Risk Services Central, Inc., Aon Risk Services Northeast, Inc., Aon Risk Services Southwest, Inc., and Aon Risk Services, Inc. of Florida and their licensed affiliates. The information contained herein and the statements expressed are of a general nature and are not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information and use sources we consider reliable, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. www.aon.com | © Aon plc 2019. All rights reserved. Disclaimer of Liability: This strictly confidential report provides a written account of information collected and collated by us within limited time constraints. It contains information obtained from sources which have not been validated and the accuracy or veracity of which cannot be guaranteed. It is being provided to the addressee “as is” and with specific disclaimer of any express or implied warranties of any kind, including merchantability, fitness for purpose, title and/or non-infringement. Further, we make no representations regarding the sufficiency of our work for any business, financial, or other purpose, including the purpose for which it has been requested. We do not express an opinion regarding any business decisions associated with the subject matter of our deliverables. Sufficiency of the work and business decisions are the sole responsibility of the addressee. We shall not be liable for any loss or injury caused by the neglect or other act or failure to act on the part of us and/or our agents in procuring, collecting or communicating any information. Further, no liability is accepted by us for any loss or damage arising out of any reliance on the information contained in this report. About Aon

Recommended

Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
 
Cyber Security for Financial Institutions
Cyber Security for Financial InstitutionsCyber Security for Financial Institutions
Cyber Security for Financial InstitutionsKhawar Nehal khawar.nehal@atrc.net.pk
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceIBM Security
 
FireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The BreachFireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The BreachFireEye, Inc.
 
Top 5 Things to Look for in an IPS Solution
Top 5 Things to Look for in an IPS SolutionTop 5 Things to Look for in an IPS Solution
Top 5 Things to Look for in an IPS SolutionIBM Security
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsIBM Security
 
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemCybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemIBM Security
 
Banks and cybersecurity v2
Banks and cybersecurity v2Banks and cybersecurity v2
Banks and cybersecurity v2Semir Ibrahimovic
 

Recommended

Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
 
Cyber Security for Financial Institutions
Cyber Security for Financial InstitutionsCyber Security for Financial Institutions
Cyber Security for Financial InstitutionsKhawar Nehal khawar.nehal@atrc.net.pk
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceIBM Security
 
FireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The BreachFireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The BreachFireEye, Inc.
 
Top 5 Things to Look for in an IPS Solution
Top 5 Things to Look for in an IPS SolutionTop 5 Things to Look for in an IPS Solution
Top 5 Things to Look for in an IPS SolutionIBM Security
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsIBM Security
 
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemCybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemIBM Security
 
Banks and cybersecurity v2
Banks and cybersecurity v2Banks and cybersecurity v2
Banks and cybersecurity v2Semir Ibrahimovic
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...IBM Security
 
M-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapM-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapFireEye, Inc.
 
SME Cyber Insurance
SME Cyber Insurance SME Cyber Insurance
SME Cyber Insurance Netpluz Asia Pte Ltd
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsIBM Security
 
Proatively Engaged: Questions Executives Should Ask Their Security Teams
Proatively Engaged: Questions Executives Should Ask Their Security TeamsProatively Engaged: Questions Executives Should Ask Their Security Teams
Proatively Engaged: Questions Executives Should Ask Their Security TeamsFireEye, Inc.
 
Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service Netpluz Asia Pte Ltd
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...IBM Security
 
Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...
Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...
Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...Netpluz Asia Pte Ltd
 
Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware IBM Security
 
Threat Modelling And Threat Response
Threat Modelling And Threat ResponseThreat Modelling And Threat Response
Threat Modelling And Threat ResponseVivek Jindaniya
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats IBM Security
 
Cybersecurity in the Cognitive Era: Priming Your Digital Immune System
Cybersecurity in the Cognitive Era: Priming Your Digital Immune SystemCybersecurity in the Cognitive Era: Priming Your Digital Immune System
Cybersecurity in the Cognitive Era: Priming Your Digital Immune SystemIBM Security
 
Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Dawn Yankeelov
 
10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security Risks10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security RisksHeimdal Security
 
Cybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsCybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsSarah Cirelli
 
Adam Bulava GCC 2019
Adam Bulava GCC 2019Adam Bulava GCC 2019
Adam Bulava GCC 2019ImekDesign
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and AttacksSachin Darekar
 
2021 Nonprofit Cybersecurity Incident Report
2021 Nonprofit Cybersecurity Incident Report2021 Nonprofit Cybersecurity Incident Report
2021 Nonprofit Cybersecurity Incident ReportCommunity IT Innovators
 
Compete To Win: Don’t Just Be Compliant – Be Secure!
Compete To Win: Don’t Just Be Compliant – Be Secure!Compete To Win: Don’t Just Be Compliant – Be Secure!
Compete To Win: Don’t Just Be Compliant – Be Secure!IBM Security
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Information Security Seminar
Information Security SeminarInformation Security Seminar
Information Security SeminarAcend Corporate Learning
 

More Related Content

What's hot

Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...IBM Security
 
M-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapM-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapFireEye, Inc.
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsIBM Security
 
Proatively Engaged: Questions Executives Should Ask Their Security Teams
Proatively Engaged: Questions Executives Should Ask Their Security TeamsProatively Engaged: Questions Executives Should Ask Their Security Teams
Proatively Engaged: Questions Executives Should Ask Their Security TeamsFireEye, Inc.
 
Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service Netpluz Asia Pte Ltd
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...IBM Security
 
Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...
Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...
Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...Netpluz Asia Pte Ltd
 
Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware IBM Security
 
Threat Modelling And Threat Response
Threat Modelling And Threat ResponseThreat Modelling And Threat Response
Threat Modelling And Threat ResponseVivek Jindaniya
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats IBM Security
 
Cybersecurity in the Cognitive Era: Priming Your Digital Immune System
Cybersecurity in the Cognitive Era: Priming Your Digital Immune SystemCybersecurity in the Cognitive Era: Priming Your Digital Immune System
Cybersecurity in the Cognitive Era: Priming Your Digital Immune SystemIBM Security
 
Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Dawn Yankeelov
 
10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security Risks10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security RisksHeimdal Security
 
Cybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsCybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsSarah Cirelli
 
Adam Bulava GCC 2019
Adam Bulava GCC 2019Adam Bulava GCC 2019
Adam Bulava GCC 2019ImekDesign
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and AttacksSachin Darekar
 
2021 Nonprofit Cybersecurity Incident Report
2021 Nonprofit Cybersecurity Incident Report2021 Nonprofit Cybersecurity Incident Report
2021 Nonprofit Cybersecurity Incident ReportCommunity IT Innovators
 
Compete To Win: Don’t Just Be Compliant – Be Secure!
Compete To Win: Don’t Just Be Compliant – Be Secure!Compete To Win: Don’t Just Be Compliant – Be Secure!
Compete To Win: Don’t Just Be Compliant – Be Secure!IBM Security
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 

What's hot (20)

Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
 
M-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapM-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security Gap
 
SME Cyber Insurance
SME Cyber Insurance SME Cyber Insurance
SME Cyber Insurance
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
 
Proatively Engaged: Questions Executives Should Ask Their Security Teams
Proatively Engaged: Questions Executives Should Ask Their Security TeamsProatively Engaged: Questions Executives Should Ask Their Security Teams
Proatively Engaged: Questions Executives Should Ask Their Security Teams
 
Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
 
Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...
Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...
Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...
 
Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware
 
Threat Modelling And Threat Response
Threat Modelling And Threat ResponseThreat Modelling And Threat Response
Threat Modelling And Threat Response
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats
 
Cybersecurity in the Cognitive Era: Priming Your Digital Immune System
Cybersecurity in the Cognitive Era: Priming Your Digital Immune SystemCybersecurity in the Cognitive Era: Priming Your Digital Immune System
Cybersecurity in the Cognitive Era: Priming Your Digital Immune System
 
Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity
 
10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security Risks10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security Risks
 
Cybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsCybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial Institutions
 
Adam Bulava GCC 2019
Adam Bulava GCC 2019Adam Bulava GCC 2019
Adam Bulava GCC 2019
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and Attacks
 
2021 Nonprofit Cybersecurity Incident Report
2021 Nonprofit Cybersecurity Incident Report2021 Nonprofit Cybersecurity Incident Report
2021 Nonprofit Cybersecurity Incident Report
 
Compete To Win: Don’t Just Be Compliant – Be Secure!
Compete To Win: Don’t Just Be Compliant – Be Secure!Compete To Win: Don’t Just Be Compliant – Be Secure!
Compete To Win: Don’t Just Be Compliant – Be Secure!
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
 

Similar to Aon Ransomware Response and Mitigation Strategies

Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
IBM X-Force Threat Intelligence Quarterly Q4 2015
IBM X-Force Threat Intelligence Quarterly Q4 2015IBM X-Force Threat Intelligence Quarterly Q4 2015
IBM X-Force Threat Intelligence Quarterly Q4 2015Andreanne Clarke
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSantiago Cavanna
 
Top_20_Incident_Responder_Interview_Questions_and_Answers_1.pdf
Top_20_Incident_Responder_Interview_Questions_and_Answers_1.pdfTop_20_Incident_Responder_Interview_Questions_and_Answers_1.pdf
Top_20_Incident_Responder_Interview_Questions_and_Answers_1.pdfinfosec train
 
Top 20 Incident Responder Interview Questions and Answers (1).pdf
Top 20 Incident Responder Interview Questions and Answers (1).pdfTop 20 Incident Responder Interview Questions and Answers (1).pdf
Top 20 Incident Responder Interview Questions and Answers (1).pdfShivamSharma909
 
IBM security systems overview v1.0 - rohit nagarajan
IBM security systems overview v1.0 - rohit nagarajanIBM security systems overview v1.0 - rohit nagarajan
IBM security systems overview v1.0 - rohit nagarajanShwetank Jayaswal
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)Norm Barber
 
What Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultWhat Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultSOCVault
 
How to Establish a Cyber Security Readiness Program
How to Establish a Cyber Security Readiness ProgramHow to Establish a Cyber Security Readiness Program
How to Establish a Cyber Security Readiness ProgramMatt Moneypenny
 
The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...lior mazor
 
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
02_Security_Audit_-_Common_Cyber_Attacks_9.pdfRakeshPatel583282
 
Big Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the MainframeBig Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the MainframePrecisely
 
Cyber Security index
Cyber Security indexCyber Security index
Cyber Security indexsukiennong.vn
 
Cyber Security: Most Important Aspect of a Successful Business
Cyber Security: Most Important Aspect of a Successful BusinessCyber Security: Most Important Aspect of a Successful Business
Cyber Security: Most Important Aspect of a Successful BusinessFibonalabs
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexIBM Security
 
New Developments in Cybersecurity and Technology for RDOs: Howland
New Developments in Cybersecurity and Technology for RDOs: HowlandNew Developments in Cybersecurity and Technology for RDOs: Howland
New Developments in Cybersecurity and Technology for RDOs: Howlandnado-web
 

Similar to Aon Ransomware Response and Mitigation Strategies (20)

Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
Information Security Seminar
Information Security SeminarInformation Security Seminar
Information Security Seminar
 
Cybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaCybersecurity - Sam Maccherola
Cybersecurity - Sam Maccherola
 
IBM X-Force Threat Intelligence Quarterly Q4 2015
IBM X-Force Threat Intelligence Quarterly Q4 2015IBM X-Force Threat Intelligence Quarterly Q4 2015
IBM X-Force Threat Intelligence Quarterly Q4 2015
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago Cavanna
 
Top_20_Incident_Responder_Interview_Questions_and_Answers_1.pdf
Top_20_Incident_Responder_Interview_Questions_and_Answers_1.pdfTop_20_Incident_Responder_Interview_Questions_and_Answers_1.pdf
Top_20_Incident_Responder_Interview_Questions_and_Answers_1.pdf
 
Top 20 Incident Responder Interview Questions and Answers (1).pdf
Top 20 Incident Responder Interview Questions and Answers (1).pdfTop 20 Incident Responder Interview Questions and Answers (1).pdf
Top 20 Incident Responder Interview Questions and Answers (1).pdf
 
IBM security systems overview v1.0 - rohit nagarajan
IBM security systems overview v1.0 - rohit nagarajanIBM security systems overview v1.0 - rohit nagarajan
IBM security systems overview v1.0 - rohit nagarajan
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Cyber threat forecast 2018..
Cyber threat forecast 2018..Cyber threat forecast 2018..
Cyber threat forecast 2018..
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
 
What Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultWhat Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVault
 
How to Establish a Cyber Security Readiness Program
How to Establish a Cyber Security Readiness ProgramHow to Establish a Cyber Security Readiness Program
How to Establish a Cyber Security Readiness Program
 
The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...
 
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
 
Big Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the MainframeBig Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the Mainframe
 
Cyber Security index
Cyber Security indexCyber Security index
Cyber Security index
 
Cyber Security: Most Important Aspect of a Successful Business
Cyber Security: Most Important Aspect of a Successful BusinessCyber Security: Most Important Aspect of a Successful Business
Cyber Security: Most Important Aspect of a Successful Business
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence Index
 
New Developments in Cybersecurity and Technology for RDOs: Howland
New Developments in Cybersecurity and Technology for RDOs: HowlandNew Developments in Cybersecurity and Technology for RDOs: Howland
New Developments in Cybersecurity and Technology for RDOs: Howland
 

More from CSNP

Brian Sanders - Business Electronic Compromise (BEC)
Brian Sanders - Business Electronic Compromise (BEC)Brian Sanders - Business Electronic Compromise (BEC)
Brian Sanders - Business Electronic Compromise (BEC)CSNP
 
David Klein - Defending Against Nation Sate Attackers & Ransomware
David Klein - Defending Against Nation Sate Attackers & RansomwareDavid Klein - Defending Against Nation Sate Attackers & Ransomware
David Klein - Defending Against Nation Sate Attackers & RansomwareCSNP
 
Nicholas Dorans - The Evolution of Passwords
Nicholas Dorans - The Evolution of PasswordsNicholas Dorans - The Evolution of Passwords
Nicholas Dorans - The Evolution of PasswordsCSNP
 
Neil Desai - Data Driven Analytics
Neil Desai - Data Driven AnalyticsNeil Desai - Data Driven Analytics
Neil Desai - Data Driven AnalyticsCSNP
 
Emily Stamm - Post-Quantum Cryptography
Emily Stamm - Post-Quantum CryptographyEmily Stamm - Post-Quantum Cryptography
Emily Stamm - Post-Quantum CryptographyCSNP
 
Tarik Moataz - Encrypted Search: from Research to Real-World Systems
Tarik Moataz - Encrypted Search: from Research to Real-World SystemsTarik Moataz - Encrypted Search: from Research to Real-World Systems
Tarik Moataz - Encrypted Search: from Research to Real-World SystemsCSNP
 
Elliptic Curves in Cryptography
Elliptic Curves in CryptographyElliptic Curves in Cryptography
Elliptic Curves in CryptographyCSNP
 
DefendEdge - Negotiating Ransomware
DefendEdge - Negotiating RansomwareDefendEdge - Negotiating Ransomware
DefendEdge - Negotiating RansomwareCSNP
 
Cambridge Quantum Computing - The Need for Certifiable Quantum Encryption and...
Cambridge Quantum Computing - The Need for Certifiable Quantum Encryption and...Cambridge Quantum Computing - The Need for Certifiable Quantum Encryption and...
Cambridge Quantum Computing - The Need for Certifiable Quantum Encryption and...CSNP
 
Complyify Car Hacking & Cyber Risk
Complyify Car Hacking & Cyber RiskComplyify Car Hacking & Cyber Risk
Complyify Car Hacking & Cyber RiskCSNP
 
Aon - Cyber Insurance in the World of Cyber Criminals
Aon - Cyber Insurance in the World of Cyber CriminalsAon - Cyber Insurance in the World of Cyber Criminals
Aon - Cyber Insurance in the World of Cyber CriminalsCSNP
 
Guardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-SegmentationGuardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-SegmentationCSNP
 

More from CSNP (12)

Brian Sanders - Business Electronic Compromise (BEC)
Brian Sanders - Business Electronic Compromise (BEC)Brian Sanders - Business Electronic Compromise (BEC)
Brian Sanders - Business Electronic Compromise (BEC)
 
David Klein - Defending Against Nation Sate Attackers & Ransomware
David Klein - Defending Against Nation Sate Attackers & RansomwareDavid Klein - Defending Against Nation Sate Attackers & Ransomware
David Klein - Defending Against Nation Sate Attackers & Ransomware
 
Nicholas Dorans - The Evolution of Passwords
Nicholas Dorans - The Evolution of PasswordsNicholas Dorans - The Evolution of Passwords
Nicholas Dorans - The Evolution of Passwords
 
Neil Desai - Data Driven Analytics
Neil Desai - Data Driven AnalyticsNeil Desai - Data Driven Analytics
Neil Desai - Data Driven Analytics
 
Emily Stamm - Post-Quantum Cryptography
Emily Stamm - Post-Quantum CryptographyEmily Stamm - Post-Quantum Cryptography
Emily Stamm - Post-Quantum Cryptography
 
Tarik Moataz - Encrypted Search: from Research to Real-World Systems
Tarik Moataz - Encrypted Search: from Research to Real-World SystemsTarik Moataz - Encrypted Search: from Research to Real-World Systems
Tarik Moataz - Encrypted Search: from Research to Real-World Systems
 
Elliptic Curves in Cryptography
Elliptic Curves in CryptographyElliptic Curves in Cryptography
Elliptic Curves in Cryptography
 
DefendEdge - Negotiating Ransomware
DefendEdge - Negotiating RansomwareDefendEdge - Negotiating Ransomware
DefendEdge - Negotiating Ransomware
 
Cambridge Quantum Computing - The Need for Certifiable Quantum Encryption and...
Cambridge Quantum Computing - The Need for Certifiable Quantum Encryption and...Cambridge Quantum Computing - The Need for Certifiable Quantum Encryption and...
Cambridge Quantum Computing - The Need for Certifiable Quantum Encryption and...
 
Complyify Car Hacking & Cyber Risk
Complyify Car Hacking & Cyber RiskComplyify Car Hacking & Cyber Risk
Complyify Car Hacking & Cyber Risk
 
Aon - Cyber Insurance in the World of Cyber Criminals
Aon - Cyber Insurance in the World of Cyber CriminalsAon - Cyber Insurance in the World of Cyber Criminals
Aon - Cyber Insurance in the World of Cyber Criminals
 
Guardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-SegmentationGuardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-Segmentation
 

Recently uploaded

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 

Recently uploaded (20)

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 

Aon Ransomware Response and Mitigation Strategies

  • 1. Prepared by Aon’s Cyber Solutions Group Proprietary and Confidential Elizabeth Martin – Manager, Security Advisory Practice Ransomware Response and Mitigation Strategies: A Practical Approach
  • 2. 2 Aon’s Cyber Solutions Proprietary & Confidential Agenda Introduction Industry News Aon’s Client Experiences Aon’s Digital Forensics and Incident Response Activities Aon’s Pro-Active Mitigation Strategy Development What Does the Future Hold?
  • 3. 3 Aon’s Cyber Solutions Proprietary & Confidential 3 Aon’s Cyber Solutions Proprietary & Confidential Introduction
  • 4. 4 Aon’s Cyber Solutions Proprietary & Confidential Proactive Security Advisory Elizabeth Martin Manager Chicago, IL E: Elizabeth.M.Martin@aon.com P: +1 312.646.7358 EDUCATION: B.S. – Electronics Engineering Technology Elizabeth Martin provides over 20 years of experience in the Information Security, Compliance, and Risk Management industry and 25 years in Information Technology. Ms. Martin evaluates challenges associated with protecting an organization’s assets while offering improvements that will support growth, improve operational efficiencies, meet compliance requirements, and mitigate risk. Ms. Martin has extensive experience in the Fortune 500 automotive, retail, financial, healthcare, government, and managed security services verticals. Expertise highlights include Information Security and Risk Management Program Development, Information Security and Risk Management Assessments, Program Development, and Workshops, Regulatory Compliance Analysis, Implementation, and Management, as well as Policy and Procedure Development. In her capacity at Aon, Ms. Martin proactively helps organizations assess and manage their risk in accordance with their business requirements. She performs holistic Security Risk Assessments for clients that involve evaluating enterprise risks including assessment of security architectures, policies and governance.
  • 5. 5 Aon’s Cyber Solutions Proprietary & Confidential Aon Services: DFIR and Pro-Active Advisory Overview * Includes former Head of the Cyber Division at FBI Headquarters and former founder of the FBI’s computer crime squad in New York
  • 6. 6 Aon’s Cyber Solutions Proprietary & Confidential 6 Aon’s Cyber Solutions Proprietary & Confidential Industry News: The Rise of Ransomware
  • 7. 7 Aon’s Cyber Solutions Proprietary & Confidential The Headlines
  • 8. 8 Aon’s Cyber Solutions Proprietary & Confidential What Do the Experts Have to Say?
  • 9. 9 Aon’s Cyber Solutions Proprietary & Confidential The Costs are Increasing Global Data Breach Cost – Per Capita, by Industry (Measured in US$) Impact of the Top 22 Factors on the Per Capita Costs MEAN TIME TO CONTAIN (MTTC) A BREACH 69 Days FOR THE FOURTH YEAR, PONEMON’S STUDY SHOWS THE RELATIONSHIP BETWEEN HOW QUICKLY AN ORGANIZATION CAN CONTAIN DATA BREACH INCIDENTS AND FINANCIAL CONSEQUENCES.
  • 10. 10 Aon’s Cyber Solutions Proprietary & Confidential 10 Aon’s Cyber Solutions Proprietary & Confidential Aon’s Client Experiences
  • 11. 11 Aon’s Cyber Solutions Proprietary & Confidential What Does This Mean For Our Clients? What are we doing about Cybersecurity and ransomware? What is our strategy? BOARD OF DIRECTORS CEO What are we doing about Cybersecurity? Do we have a strategy for ransomware? We’re doing things about this Cybersecurity right? CISO Yes of course! We’re doing all these things!!  Increased attention from the Board of Directors  Driving accountability at the C-Level  CISOs facing increased scrutiny and/or requesting 3rd Party Assistance  5 of my last 6 Security Risk Assessments were driven by the BoD  Security and IT Teams are still challenged  Varying degrees of diligence, tools, practices, risk management, etc.
  • 12. 12 Aon’s Cyber Solutions Proprietary & Confidential The Challenges We Face We are doing enough right? Is everything I put in place working? CISO Team, we’re doing all the things, right? Security Team NOOO!!! WE’RE NOT DOING ENOUGH!! THE SKY IS FALLING!!!! IT – You are doing all the things, right? IT Uhhh…my hair is on fire with new deployments, acquisitions, outages, but we’re trying!!! 3 Months Later…. Aon DFIR Team Do you have an EDR Solution? Do you have Logs? Do you have a list of systems? Can we access the SIEM? Do you have a SIEM?? How do we deploy IoC Detection?
  • 13. 13 Aon’s Cyber Solutions Proprietary & Confidential Here We Are: Not So Exact Numbers  Prior to summer of 2019 we saw one or two ransomware cases per month  Summer of 2019 we saw something like 5 or 6 cases in a 10 or 15 day period  They continue to come in on a regular basis  We typically only see catastrophic cases  Most cases contain common attack vectors and malware strains
  • 14. 14 Aon’s Cyber Solutions Proprietary & Confidential 14 Aon’s Cyber Solutions Proprietary & Confidential Aon DFIR Incident Response, Analysis, and Containment Activities
  • 15. 15 Aon’s Cyber Solutions Proprietary & Confidential Aon DFIR: Engagement Overview  Forensic acquisition of systems and host-based forensic analysis  Malware analysis  Log analysis: Firewalls; Threat Detection; Active Directory; All Available Logs  Network Monitoring: Deploy Open Source tools if none available  Malware Protection triage and review  IoC scanning via LIMA (Proprietary Tool) and other tools as available  O365 / Email log collection and analysis  Dark web threat intelligence  Law enforcement engagement Note: Cyber Insurance and ransomware payments are typically conducted outside of DFIR and Pro-Active purview. We are nearly always engaged through client attorney under Privilege
  • 16. 16 Aon’s Cyber Solutions Proprietary & Confidential Aon DFIR: Engagement Overview By The Numbers SAMPLE – Overview of Efforts  397 systems (99 servers, 298 workstations) identified as infected  613 potential attacker IP addresses blocked  5 strains of malware identified  3000+ malware samples identified  530+ LIMA Scans  1200+ Linux Scans  Inoculations (“kill switch”) deployed for Trojans (used to harvest credentials and propagate ransomware) Above reflects a smaller environment, we have responded to environments with 2000+ affected machines
  • 17. 17 Aon’s Cyber Solutions Proprietary & Confidential Aon DFIR: Anatomy of an Attack - Response Activities Infection Vector:  Initial infection vector often not confirmed, phishing email with malicious link/attachment most likely.  Often see IoCs dating years back reducing ability to tie to the incident timeline Multi-Stage Malware Deployment:  Attacks generally followed typical pattern of multi-stage malware deployment, leading to ransomware infection  Multiple Emotet, Trickbot, Dridex, and Ryuk infections observed
  • 18. 18 Aon’s Cyber Solutions Proprietary & Confidential Aon DFIR: Anatomy of an Attack - Response Activities Lateral Propagation  Attackers harvest credentials and create backdoors  Attackers map network and use compromised accounts to propagate Malware broadly  Remote Shells / Meterpreter deployed to escalate privileges and create backdoors in machines  Attackers gain access to admin-level accounts and domain controllers to deploy malware across the environment  Most lateral propagation is occurring through remote administration tools such as Powershell, Named Pipes, RDP, etc. and go largely undetected and uncontrolled
  • 19. 19 Aon’s Cyber Solutions Proprietary & Confidential Aon DFIR: Anatomy of an Attack - Response Activities Lateral Propagation (Cont’d)  Limited network segmentation, choke points, and visibility to restrict SMB and remote Windows administration traffic  Clear evidence of “hands on keyboard” attacker activity typically 3-4 weeks in advance of ransomware payload execution  Attackers typically obtain a host list as part of reconnaissance activity, including identification of backups, Domain Controllers, etc. Containment Efforts  In most cases, at this point, the ransomware has spread rapidly and many systems are down – both endpoints and servers. In some cases certain environments are not affected  SMB traffic is quickly restricted to the best of the capabilities available, usually on the fly router ACLs due to a flat network combined with on the fly firewall rules
  • 20. 20 Aon’s Cyber Solutions Proprietary & Confidential Aon DFIR: Anatomy of an Attack - Response Activities Containment Efforts  Overall – TANGO DOWN within a 2-3 day timeframe. Business functions have halted, have seen cases where employees are simply asked to not work. Some IT folks are going to BestBuy, laying down AmEx and buying all available workstations (Procurement services are not available)  3-7 Days later and infections continue if a successful containment strategy is not deployed  Often see reinfections of same machines due to lack of the following:  System hardening, host based controls, configuration management practices, network segmentation, or inadequate / ineffective malware protection  Malware Protection may not automatically detect IoCs, custom signatures must be deployed, assuming Malware Protection console is available and not affected by ransomware  Containment strategies using Windows tools such as SCCM, AppLocker, Windows Defender, etc. are restricted due to limitation of SMB traffic Aon DFIR Team IT Security Team
  • 21. 21 Aon’s Cyber Solutions Proprietary & Confidential Aon DFIR: Anatomy of an Attack - Response Activities Containment Efforts  In some cases attacker directly accessed backup console and deleted backups, in other cases the backups were simply not functioning, which had gone unnoticed  In many cases client does not maintain Asset Management solutions or network diagrams, or if they do they are unavailable due to the ransomware, further complicating response and increasing the timeline for containment  Obtaining access to tools, deploying Aon tools where visibility is lacking, and overall availability of fundamental information and systems significantly increases the timeline of containment Aon DFIR Team IT Security Team
  • 22. 22 Aon’s Cyber Solutions Proprietary & Confidential Aon DFIR: Anatomy of an Attack - Response Activities Containment Efforts Realized!  Our Malware Analysis team is able to identify specific IoCs, lateral propagation methods, etc. Our DFIR team has become accustomed to deploying containment solutions in some of the most challenging environments  In many cases our DFIR team requests deployment of an EDR tool, which seems to be the most effective  Specific host based controls are deployed depending on the environment and tools available. This includes EDR, Malware Protection, and any additional tools in place that can block IoCs and allow for rebuild, restore, recovery, etc.  Log Analysis and Monitoring is in place to immediately alert to all IoCs  Network based restrictions are slowly lifted, in a phased approach, once it is confirmed the containment strategy is successful Aon DFIR Team IT Security Team
  • 23. 23 Aon’s Cyber Solutions Proprietary & Confidential Aon DFIR: Anatomy of an Attack – Eradication Eradication  While the spread of the ransomware may be contained, there are still many items to consider on an ongoing basis, such as the following:  Diligence in eradication measures – do not reintroduce infected machines to the network  Establish a safe practice for data recovery, including paying the ransom and restoring data  Ensuring there is a sound set of protective controls to prevent subsequent infection vectors (e.g. phishing protection, advanced threat, etc.) Data Exfiltration  While the incident may be contained, there should be an ongoing effort to conduct Deep / Dark Web searches to identify data exfiltration Aon DFIR Team IT Security Team
  • 24. 24 Aon’s Cyber Solutions Proprietary & Confidential 24 Aon’s Cyber Solutions Proprietary & Confidential Aon Pro-Active Advisory Mitigation Strategy
  • 25. 25 Aon’s Cyber Solutions Proprietary & Confidential Aon Pro-Active Advisory: Engagement Status  Containment has been achieved through a collaboration between Client and our DFIR team  Client has not yet fully recovered  Additional Pro-Active Mitigation Strategies need to be developed to further strengthen detection, prevention, and response capabilities
  • 26. 26 Aon’s Cyber Solutions Proprietary & Confidential Aon Advisory: Pro-Active Ransomware Mitigation Strategy Establish Threat Profiles, Network Baseline, Enhance Chokepoints  Whiteboard environment, gather a threat profile of the following:  User profiles  Location Profiles  Establish Network Baseline and Chokepoints  Develop Network Reference Architecture  Develop Traffic Profiling
  • 27. 27 Aon’s Cyber Solutions Proprietary & Confidential REMOTE LOCATIONS Cloud ServicesAWS Internet Regional Data Center Infrastructure VPN CORE INFRASTRUCTURE Backup Data Center Primary Data Center Infrastructure Business Apps Business Apps / ERP / Etc. Business Apps / ERP / Etc. Business Apps / ERP / Etc. Mgmt Business Apps / ERP / Etc. Pre-Prod Security Tools RDC/File Servers RDC/File Servers Internet Infrastructure Backups E-Commerce Middleware Development Core Infrastructure Backup Network WAN Users Users Router Users POS Firewall / UTM Retail Locations WAN Retail Back Office Firewall / UTM O365 Small Office Campus Router Firewall / UTM Router Firewall / UTM Network Reference Architecture Aon’s Cyber Solutions Proprietary & Confidential
  • 28. 28 Aon’s Cyber Solutions Proprietary & Confidential Aon Advisory: Pro-Active Ransomware Mitigation Strategy  Traffic Baselining  Restrict network traffic based on user and location threat profiles  Keep SMB traffic localized
  • 29. 29 Aon’s Cyber Solutions Proprietary & Confidential Aon Advisory: Pro-Active Ransomware Mitigation Strategy Understand Current and Planned Security Controls  Gather current, planned, and recommended security controls related to the following:  Mobile Device Controls  Endpoint Controls  Email / Browsing  Perimeter Controls  Server / Identity Management  Security Analytics  Overlay Controls to a general “Anatomy of an Attack”
  • 30. Vulnerability Management Dark Web Search Threat Intelligence SIEM Traffic Baselining Security Analytics Cloud E-commerce Infection Vector Email Filtering URL Filtering Email / Browsing Firewall Advanced Threat Advanced Threat Perimeter Controls Mobile Device Controls Corporate Device BYOD Device MDM Wireless Wireless Controls Malware Corporate Endpoint EDR / Malware Protection Malware Configuration Management Patching Endpoint Controls Windows Defender AppLocker LAPS Lateral Propagation Identity Directory Server EDR PAM Lateral Propagation Server / Identity Management Application Whitelisting Configuration Management Patching Malware VPN 24x7 Monitoring MalwareMalicious Actor Malicious Actor Malicious Actor SDN DDoS WAF IPS Security Reference Architecture Backup Protection Insider Threat Aon’s Cyber Solutions Proprietary & Confidential
  • 31. SECURITY ANALYTICS PERSISTENCE PHISHING MALICIOUS WEBSITE CREDENTIAL HARVESTING API HOOKING RANSOMWARE DATA EXFILTRATION BOTNET LATERAL MOVEMENT COMMAND AND CONTROL ROOTKIT INFECTION VECTORS PROPAGATION PAYLOAD TenableDark Web Search Threat Intelligence Backstory (Google) Cortex XDR Backup ProtectionNetwork Segmentation Palo Alto FirewallWildFire Carbon Black Host Based Controls Thycotic Host Based ControlsURL FilteringProofpoint Carbon Black Carbon Black Host Based Controls 24x7 Monitoring KILLCHAIN KILLCHAIN KILLCHAIN KILLCHAIN KILLCHAIN KILLCHAIN KILLCHAIN KILLCHAIN KILLCHAIN Palo Alto IPS Anatomy of An Attack Insider Threat Microsoft ATA KILLCHAIN Aon’s Cyber Solutions Proprietary & Confidential
  • 32. 32 Aon’s Cyber Solutions Proprietary & Confidential Aon Advisory: Pro-Active Ransomware Mitigation Strategy Develop Roadmap, Budget aligned with NIST CSF Enhance DFIR Preparedness
  • 33. 33 Aon’s Cyber Solutions Proprietary & Confidential What Does the Future Hold?
  • 34. 34 Aon’s Cyber Solutions Proprietary & Confidential Aon’s Cyber Solutions Group Aon plc (NYSE:AON) is the leading global provider of risk management, insurance and reinsurance brokerage, and human resources solutions and outsourcing services. Through its more than 66,000 colleagues worldwide, Aon unites to empower results for clients in over 120 countries via innovative and effective risk and people solutions and through industry- leading global resources and technical expertise. Aon has been named repeatedly as the world’s best broker, best insurance intermediary, best reinsurance intermediary, best captives manager, and best employee benefits consulting firm by multiple industry sources. Visit aon.com for more information on Aon. Aon’s Cyber Solutions offers holistic cyber risk management, unsurpassed investigative skills, and proprietary technologies to help clients uncover and quantify cyber risks, protect critical assets, and recover from cyber incidents. Cyber security services offered by Stroz Friedberg Inc. and its affiliates. Insurance products and services offered by Aon Risk Insurance Services West, Inc., Aon Risk Services Central, Inc., Aon Risk Services Northeast, Inc., Aon Risk Services Southwest, Inc., and Aon Risk Services, Inc. of Florida and their licensed affiliates. The information contained herein and the statements expressed are of a general nature and are not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information and use sources we consider reliable, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. www.aon.com | © Aon plc 2019. All rights reserved. Disclaimer of Liability: This strictly confidential report provides a written account of information collected and collated by us within limited time constraints. It contains information obtained from sources which have not been validated and the accuracy or veracity of which cannot be guaranteed. It is being provided to the addressee “as is” and with specific disclaimer of any express or implied warranties of any kind, including merchantability, fitness for purpose, title and/or non-infringement. Further, we make no representations regarding the sufficiency of our work for any business, financial, or other purpose, including the purpose for which it has been requested. We do not express an opinion regarding any business decisions associated with the subject matter of our deliverables. Sufficiency of the work and business decisions are the sole responsibility of the addressee. We shall not be liable for any loss or injury caused by the neglect or other act or failure to act on the part of us and/or our agents in procuring, collecting or communicating any information. Further, no liability is accepted by us for any loss or damage arising out of any reliance on the information contained in this report. About Aon