SlideShare a Scribd company logo

Insights Into Modern Day Threat Protection

Download as PPTX, PDF
Abhinav Biswas
Abhinav Biswas

This document discusses cybersecurity threats and strategies for mitigation. It covers topics like advanced persistent threats, zero-day attacks, exploit kits, and common attack vectors involving social media, email, mobile apps, and the web. The document also summarizes traditional threats compared to more advanced threats, outlines a 7-stage threat model, and emphasizes the importance of prevention, detection, and rapid response for effective cybersecurity.

1 of 22
Information Technology Services Division , ITSD - Abhinav Biswas ECIL Hyderabad
Information Technology Services Division , ITSD   - Corporate Threat Landscape  - Multi-Phase (7 Stage Model)  - Signature Based(Known )  Analytics based (Sandboxing & GTI )  - Log Correlation & Big Data Analysis  - Nessus, Acunetix 
Information Technology Services Division , ITSD  Gathers information secretly and sends to another entity without the user's consent.  Stops from using your PC until you pay a certain amount of money (the ransom). e.g. Encryption Ransomware, CryptoLocker  Psychological manipulation of people into performing actions or divulging confidential information.  Act of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.  Voice-over Phishing
Information Technology Services Division , ITSD  A weakness which allows an attacker to reduce a system's information assurance.  A possible danger that might exploit a vulnerability to breach security and thus cause possible harm.  A piece of software or a sequence of commands that takes advantage of a bug or vulnerability.  An attempt to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset. (A realized Threat using an Exploit on Vulnerability is an Attack.)  An observable change to the normal behavior of a system, environment, process, workflow or person.  An event attributable to a root cause. All incidents are events but many events are not incidents. (An Attack is a series of security incidents.)
Information Technology Services Division , ITSD  - Advanced Persistent Threats (APT) - Zero-day Attacks (ZDA) - Smart Mobile Malware (SMM) - Web-based Plug-in Exploits (WPE)  - Free availability of Root-kits, SpamBots, Phishing Tools etc. - Digital Currencies (BitCoin) & Anonymous Payment Services.  - Strategic Government institutions.  - Polymorphism, Dynamic URLs, Virtualization, Cloud, Smart Phone/ Mobiles, Social Sites, BYOD, Internet Of Things (IOT/IPv6)
Information Technology Services Division , ITSD Lure Redirect Exploit Kit Dropper File Call Home Data Theft Recon
Information Technology Services Division , ITSD Traditional Threats APTs Signature Based Zero-Day: No signature  Rule-based Reactive Response Proactive/Predictive/Adaptive Response Opportunistic/Generic attack Targeted/Customized Attack Visible Stealthy- Low-flying Short-term & Bursty Long-term & Persistent Static - Relatively easy to detect (based on signature) Polymorphic - Take months to detect (no specific pattern) Getting attention/Bragging is motive Data-exfiltration & Disruption of services is motive Limited Resources (people, money, technologies) Sponsored by Nation States – Large no. of quality resources Eg: Common Cold Eg: Cancer
Information Technology Services Division , ITSD 8 Social Media Email Mobile Attack Vectors Web Redirects Malware Recon XSS Dropper Files C n CExploit Kits Phishing
Information Technology Services Division , ITSD  1a) Identify target  1b) Determine browsing habits  2) Select favorite website  3) Compromise and host exploits  3)Drop malware  4)Determine target profile  4)Wait for opportunity to further compromise
Information Technology Services Division , ITSD Internet Customer Attacker Vuln. ADSL Router Changes the DNS server entries in the modem to rogue DNS servers and changes the password of the DSL router Rogue DNS Server Attacker scans for the DSL router and logs onto Admin console via WAN interface by exploiting vulnerabilities in the router firmware or configuration flaws; or by infecting connected computer
Information Technology Services Division , ITSD 3 FORWARD FACING ONLY, LACK OUTBOUND PROTECTION No contextual analysis of Internal Threats. 2 LACK OF REAL-TIME INLINE CONTENT ANALYSIS No Byte-Range Data Packet Analysis for Data Loss/ Theft Detection 4 LACK OF ADVANCED ANALYTICS & ANOMALY DETECTION No Sandboxing in existing UTMs, NGFWs. No SSL packet inspection. 1 PRIMARILY BASED ON SIGNATURE & REPUTATION Signature history cannot keep up with the dynamic future of threats
Information Technology Services Division , ITSD
Information Technology Services Division , ITSD
Information Technology Services Division , ITSD WEB  Content Analysis  Malware Sandbox  Forensic Reports  SSL Inspection  Video Controls EMAIL  Spear-Phishing  URL Sandboxing  Anti-Spam  TLS Encryption  Image Analysis DATA  Content Aware DLP  Drip Data Theft Detection  OCR of Image Text  Geo-Location MOBILE  Cloud Service  Malicious Apps  BYOD Policy  Reporting/Invent ory Monitor Discover Classify DISCOVER MONITOR CLASSIFY PROTECT WHERE WHATWHO HOW ESSENTIAL INFORMATION PROTECTION External Risks Internal Risks
Information Technology Services Division , ITSD (Similar to Bomb Detonation Sandbox) - Tightly controlled access to resources - URL sandbox/File sandbox - Isolated environment/network - Multiple Detection Environment (Virtual Machines) - Customizable & Realistic Virtual environment - Behavior based classification & Risk scoring - Instrumented Forensic Data Collection - Big log Data interpretation - Post-incident data (SIEM - Security Incident Event Management) - Real-time Threat Intelligence (GTI) - Integration with other sources (local/national/international) - PCAP (Packet Capture) & Replay
Information Technology Services Division , ITSD  - Content & Context Aware logs - Device & Application logs, Authentication & IAM log, Endpoint security devices, user identity, location, VA scan data, Netwrk flows, OS events, DB transaction logs  - Remove redundancy.  - Threat Intelligence & Risk Analysis  
Information Technology Services Division , ITSD
Information Technology Services Division , ITSD
Information Technology Services Division , ITSD  is better than (Old Proverb)  Prevention is & is a Must followed by quick
Information Technology Services Division , ITSD  Use Legal software only  Keep upto-date patches and fixes of the Operating System and Application Software  Exercise caution while opening unsolicited emails and do not click on a link embedded within  Open only email attachments from trusted parties  Use latest browsers having capability to detect phishing/ malicious sites  Harden the Operating System  Whitelist the Applications  Deploy software for controlled use of USB Pen Drives.
Information Technology Services Division , ITSD “Failure is not when we fall down, but when we fail to get up”
Information Technology Services Division , ITSD

Recommended

Modern Cyber Threat Protection techniques for Enterprises
Modern Cyber Threat Protection techniques for EnterprisesModern Cyber Threat Protection techniques for Enterprises
Modern Cyber Threat Protection techniques for Enterprises
Abhinav Biswas
 
Attacking the cloud with social engineering
Attacking the cloud with social engineeringAttacking the cloud with social engineering
Attacking the cloud with social engineering
Peter Wood
 
Smart Defense: Strategic Approach to fight contemporary Security, Privacy & A...
Smart Defense: Strategic Approach to fight contemporary Security, Privacy & A...Smart Defense: Strategic Approach to fight contemporary Security, Privacy & A...
Smart Defense: Strategic Approach to fight contemporary Security, Privacy & A...
Abhinav Biswas
 
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerTouring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Abhinav Biswas
 
GTB DLP - Content Aware Security Suite
GTB DLP - Content Aware Security SuiteGTB DLP - Content Aware Security Suite
GTB DLP - Content Aware Security Suite
VCW Security Ltd
 
Ethical hacking and social engineering
Ethical hacking and social engineeringEthical hacking and social engineering
Ethical hacking and social engineering
Sweta Kumari Barnwal
 
Data Leakage Prevention - K. K. Mookhey
Data Leakage Prevention - K. K. MookheyData Leakage Prevention - K. K. Mookhey
Data Leakage Prevention - K. K. Mookhey
Network Intelligence India
 
Generic threats to mobile application
Generic threats to mobile applicationGeneric threats to mobile application
Generic threats to mobile application
Vikrant Kansal
 

Recommended

Modern Cyber Threat Protection techniques for Enterprises
Modern Cyber Threat Protection techniques for EnterprisesModern Cyber Threat Protection techniques for Enterprises
Modern Cyber Threat Protection techniques for Enterprises
Abhinav Biswas
 
Attacking the cloud with social engineering
Attacking the cloud with social engineeringAttacking the cloud with social engineering
Attacking the cloud with social engineering
Peter Wood
 
Smart Defense: Strategic Approach to fight contemporary Security, Privacy & A...
Smart Defense: Strategic Approach to fight contemporary Security, Privacy & A...Smart Defense: Strategic Approach to fight contemporary Security, Privacy & A...
Smart Defense: Strategic Approach to fight contemporary Security, Privacy & A...
Abhinav Biswas
 
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerTouring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Abhinav Biswas
 
GTB DLP - Content Aware Security Suite
GTB DLP - Content Aware Security SuiteGTB DLP - Content Aware Security Suite
GTB DLP - Content Aware Security Suite
VCW Security Ltd
 
Ethical hacking and social engineering
Ethical hacking and social engineeringEthical hacking and social engineering
Ethical hacking and social engineering
Sweta Kumari Barnwal
 
Data Leakage Prevention - K. K. Mookhey
Data Leakage Prevention - K. K. MookheyData Leakage Prevention - K. K. Mookhey
Data Leakage Prevention - K. K. Mookhey
Network Intelligence India
 
Generic threats to mobile application
Generic threats to mobile applicationGeneric threats to mobile application
Generic threats to mobile application
Vikrant Kansal
 
Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of Things
Christopher Frenz
 
Digital signature and certificate authority
Digital signature and certificate authorityDigital signature and certificate authority
Digital signature and certificate authority
KrutiShah114
 
Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2
Mukesh Chinta
 
Generic and efficient constructions of attribute based encryption with verifi...
Generic and efficient constructions of attribute based encryption with verifi...Generic and efficient constructions of attribute based encryption with verifi...
Generic and efficient constructions of attribute based encryption with verifi...
LeMeniz Infotech
 
Chapter 3 security principals
Chapter 3 security principalsChapter 3 security principals
Chapter 3 security principals
newbie2019
 
Internship ankita jain
Internship ankita jainInternship ankita jain
Internship ankita jain
Ankita Jain
 
Cisco cybersecurity essentials chapter 3
Cisco cybersecurity essentials chapter 3Cisco cybersecurity essentials chapter 3
Cisco cybersecurity essentials chapter 3
Mukesh Chinta
 
Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5
Mukesh Chinta
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
rahulbhardwaj312501
 
Stronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsStronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise Applications
Ramesh Nagappan
 
WISekey IoT Technologies Presentation
WISekey IoT Technologies PresentationWISekey IoT Technologies Presentation
WISekey IoT Technologies Presentation
Creus Moreira Carlos
 
IOT Forensic Challenges
IOT Forensic ChallengesIOT Forensic Challenges
IOT Forensic Challenges
AnukaJinadasa
 
Cyber Forensics & Challenges
Cyber Forensics & ChallengesCyber Forensics & Challenges
Cyber Forensics & Challenges
Deepak Kumar (D3)
 
FrontOne our new and different solutions
FrontOne our new and different solutionsFrontOne our new and different solutions
FrontOne our new and different solutions
frontone
 
Addressing Insider Threat using "Where You Are" as Fourth Factor Authentication
Addressing Insider Threat using "Where You Are" as Fourth Factor AuthenticationAddressing Insider Threat using "Where You Are" as Fourth Factor Authentication
Addressing Insider Threat using "Where You Are" as Fourth Factor Authentication
Peter Choi
 
IRJET- An Approach to Authenticating Devise in IoT using Blockchain
IRJET- An Approach to Authenticating Devise in IoT using BlockchainIRJET- An Approach to Authenticating Devise in IoT using Blockchain
IRJET- An Approach to Authenticating Devise in IoT using Blockchain
IRJET Journal
 
Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16
Symantec APJ
 
Issa chicago next generation tokenization ulf mattsson apr 2011
Issa chicago next generation tokenization ulf mattsson apr 2011Issa chicago next generation tokenization ulf mattsson apr 2011
Issa chicago next generation tokenization ulf mattsson apr 2011
Ulf Mattsson
 
Protect data effectively with endpoint encryption & data leak prevention
Protect data effectively with endpoint encryption & data leak preventionProtect data effectively with endpoint encryption & data leak prevention
Protect data effectively with endpoint encryption & data leak prevention
Adi Saputra
 
Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)
Peter Wood
 
Cobit 2
Cobit 2Cobit 2
Cobit 2
Securelogy
 
Main Menu
Main MenuMain Menu
Main Menu
Securelogy
 

More Related Content

What's hot

Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of Things
Christopher Frenz
 
Digital signature and certificate authority
Digital signature and certificate authorityDigital signature and certificate authority
Digital signature and certificate authority
KrutiShah114
 
Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2
Mukesh Chinta
 
Generic and efficient constructions of attribute based encryption with verifi...
Generic and efficient constructions of attribute based encryption with verifi...Generic and efficient constructions of attribute based encryption with verifi...
Generic and efficient constructions of attribute based encryption with verifi...
LeMeniz Infotech
 
Chapter 3 security principals
Chapter 3 security principalsChapter 3 security principals
Chapter 3 security principals
newbie2019
 
Internship ankita jain
Internship ankita jainInternship ankita jain
Internship ankita jain
Ankita Jain
 
Cisco cybersecurity essentials chapter 3
Cisco cybersecurity essentials chapter 3Cisco cybersecurity essentials chapter 3
Cisco cybersecurity essentials chapter 3
Mukesh Chinta
 
Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5
Mukesh Chinta
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
rahulbhardwaj312501
 
Stronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsStronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise Applications
Ramesh Nagappan
 
WISekey IoT Technologies Presentation
WISekey IoT Technologies PresentationWISekey IoT Technologies Presentation
WISekey IoT Technologies Presentation
Creus Moreira Carlos
 
IOT Forensic Challenges
IOT Forensic ChallengesIOT Forensic Challenges
IOT Forensic Challenges
AnukaJinadasa
 
Cyber Forensics & Challenges
Cyber Forensics & ChallengesCyber Forensics & Challenges
Cyber Forensics & Challenges
Deepak Kumar (D3)
 
FrontOne our new and different solutions
FrontOne our new and different solutionsFrontOne our new and different solutions
FrontOne our new and different solutions
frontone
 
Addressing Insider Threat using "Where You Are" as Fourth Factor Authentication
Addressing Insider Threat using "Where You Are" as Fourth Factor AuthenticationAddressing Insider Threat using "Where You Are" as Fourth Factor Authentication
Addressing Insider Threat using "Where You Are" as Fourth Factor Authentication
Peter Choi
 
IRJET- An Approach to Authenticating Devise in IoT using Blockchain
IRJET- An Approach to Authenticating Devise in IoT using BlockchainIRJET- An Approach to Authenticating Devise in IoT using Blockchain
IRJET- An Approach to Authenticating Devise in IoT using Blockchain
IRJET Journal
 
Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16
Symantec APJ
 
Issa chicago next generation tokenization ulf mattsson apr 2011
Issa chicago next generation tokenization ulf mattsson apr 2011Issa chicago next generation tokenization ulf mattsson apr 2011
Issa chicago next generation tokenization ulf mattsson apr 2011
Ulf Mattsson
 
Protect data effectively with endpoint encryption & data leak prevention
Protect data effectively with endpoint encryption & data leak preventionProtect data effectively with endpoint encryption & data leak prevention
Protect data effectively with endpoint encryption & data leak prevention
Adi Saputra
 
Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)
Peter Wood
 

What's hot (20)

Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of Things
 
Digital signature and certificate authority
Digital signature and certificate authorityDigital signature and certificate authority
Digital signature and certificate authority
 
Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2
 
Generic and efficient constructions of attribute based encryption with verifi...
Generic and efficient constructions of attribute based encryption with verifi...Generic and efficient constructions of attribute based encryption with verifi...
Generic and efficient constructions of attribute based encryption with verifi...
 
Chapter 3 security principals
Chapter 3 security principalsChapter 3 security principals
Chapter 3 security principals
 
Internship ankita jain
Internship ankita jainInternship ankita jain
Internship ankita jain
 
Cisco cybersecurity essentials chapter 3
Cisco cybersecurity essentials chapter 3Cisco cybersecurity essentials chapter 3
Cisco cybersecurity essentials chapter 3
 
Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Stronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsStronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise Applications
 
WISekey IoT Technologies Presentation
WISekey IoT Technologies PresentationWISekey IoT Technologies Presentation
WISekey IoT Technologies Presentation
 
IOT Forensic Challenges
IOT Forensic ChallengesIOT Forensic Challenges
IOT Forensic Challenges
 
Cyber Forensics & Challenges
Cyber Forensics & ChallengesCyber Forensics & Challenges
Cyber Forensics & Challenges
 
FrontOne our new and different solutions
FrontOne our new and different solutionsFrontOne our new and different solutions
FrontOne our new and different solutions
 
Addressing Insider Threat using "Where You Are" as Fourth Factor Authentication
Addressing Insider Threat using "Where You Are" as Fourth Factor AuthenticationAddressing Insider Threat using "Where You Are" as Fourth Factor Authentication
Addressing Insider Threat using "Where You Are" as Fourth Factor Authentication
 
IRJET- An Approach to Authenticating Devise in IoT using Blockchain
IRJET- An Approach to Authenticating Devise in IoT using BlockchainIRJET- An Approach to Authenticating Devise in IoT using Blockchain
IRJET- An Approach to Authenticating Devise in IoT using Blockchain
 
Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16
 
Issa chicago next generation tokenization ulf mattsson apr 2011
Issa chicago next generation tokenization ulf mattsson apr 2011Issa chicago next generation tokenization ulf mattsson apr 2011
Issa chicago next generation tokenization ulf mattsson apr 2011
 
Protect data effectively with endpoint encryption & data leak prevention
Protect data effectively with endpoint encryption & data leak preventionProtect data effectively with endpoint encryption & data leak prevention
Protect data effectively with endpoint encryption & data leak prevention
 
Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)
 

Similar to Insights Into Modern Day Threat Protection

Cobit 2
Cobit 2Cobit 2
Cobit 2
Securelogy
 
Main Menu
Main MenuMain Menu
Main Menu
Securelogy
 
Basics of IT security
Basics of IT securityBasics of IT security
Basics of IT security
Dr. Ramkumar Lakshminarayanan
 
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
Andris Soroka
 
Road map for actionable threat intelligence
Road map for actionable threat intelligenceRoad map for actionable threat intelligence
Road map for actionable threat intelligence
abhisheksinghcs
 
Network Attack and Intrusion Prevention System
Network Attack and Intrusion Prevention System Network Attack and Intrusion Prevention System
Network Attack and Intrusion Prevention System
Deris Stiawan
 
U S Embassy Event - Today’S Cyber Threats
U S Embassy Event - Today’S Cyber ThreatsU S Embassy Event - Today’S Cyber Threats
U S Embassy Event - Today’S Cyber Threats
Narinrit Prem-apiwathanokul
 
information security awareness course
information security awareness courseinformation security awareness course
information security awareness course
Abdul Manaf Vellakodath
 
Analysis of Artificial Intelligence Techniques for Network Intrusion Detectio...
Analysis of Artificial Intelligence Techniques for Network Intrusion Detectio...Analysis of Artificial Intelligence Techniques for Network Intrusion Detectio...
Analysis of Artificial Intelligence Techniques for Network Intrusion Detectio...
IIJSRJournal
 
Treat Detection using Hadoop
Treat Detection using HadoopTreat Detection using Hadoop
Treat Detection using Hadoop
DataWorks Summit
 
dlp-sales-play-sales-customer-deck-2022.pptx
dlp-sales-play-sales-customer-deck-2022.pptxdlp-sales-play-sales-customer-deck-2022.pptx
dlp-sales-play-sales-customer-deck-2022.pptx
alex hincapie
 
Hackers
HackersHackers
Hackers
Alvaro Cipriano
 
Hackers
HackersHackers
Hackers
guesta04f59b
 
Hackers
HackersHackers
Hackers
yozusaki
 
Mobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistantMobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistant
Vladimir Jirasek
 
Empowering Telecom Resilience - SecurityGen's GSMA SS7 Security Unveiled.pdf
Empowering Telecom Resilience - SecurityGen's GSMA SS7 Security Unveiled.pdfEmpowering Telecom Resilience - SecurityGen's GSMA SS7 Security Unveiled.pdf
Empowering Telecom Resilience - SecurityGen's GSMA SS7 Security Unveiled.pdf
SecurityGen1
 
SecurityGen Bolsters Defenses with State-of-the-Art Intrusion Detection Syste...
SecurityGen Bolsters Defenses with State-of-the-Art Intrusion Detection Syste...SecurityGen Bolsters Defenses with State-of-the-Art Intrusion Detection Syste...
SecurityGen Bolsters Defenses with State-of-the-Art Intrusion Detection Syste...
SecurityGen1
 
IDS: INTRUSION DETECTION SYSTEM PLATFORM
IDS: INTRUSION DETECTION SYSTEM PLATFORMIDS: INTRUSION DETECTION SYSTEM PLATFORM
IDS: INTRUSION DETECTION SYSTEM PLATFORM
Security Gen
 
Fortifying Telecom Networks: Exploring GSMA SS7 Security
Fortifying Telecom Networks: Exploring GSMA SS7 SecurityFortifying Telecom Networks: Exploring GSMA SS7 Security
Fortifying Telecom Networks: Exploring GSMA SS7 Security
SecurityGen1
 
What's new in​ CEHv11?
What's new in​ CEHv11?What's new in​ CEHv11?
What's new in​ CEHv11?
EC-Council
 

Similar to Insights Into Modern Day Threat Protection (20)

Cobit 2
Cobit 2Cobit 2
Cobit 2
 
Main Menu
Main MenuMain Menu
Main Menu
 
Basics of IT security
Basics of IT securityBasics of IT security
Basics of IT security
 
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
 
Road map for actionable threat intelligence
Road map for actionable threat intelligenceRoad map for actionable threat intelligence
Road map for actionable threat intelligence
 
Network Attack and Intrusion Prevention System
Network Attack and Intrusion Prevention System Network Attack and Intrusion Prevention System
Network Attack and Intrusion Prevention System
 
U S Embassy Event - Today’S Cyber Threats
U S Embassy Event - Today’S Cyber ThreatsU S Embassy Event - Today’S Cyber Threats
U S Embassy Event - Today’S Cyber Threats
 
information security awareness course
information security awareness courseinformation security awareness course
information security awareness course
 
Analysis of Artificial Intelligence Techniques for Network Intrusion Detectio...
Analysis of Artificial Intelligence Techniques for Network Intrusion Detectio...Analysis of Artificial Intelligence Techniques for Network Intrusion Detectio...
Analysis of Artificial Intelligence Techniques for Network Intrusion Detectio...
 
Treat Detection using Hadoop
Treat Detection using HadoopTreat Detection using Hadoop
Treat Detection using Hadoop
 
dlp-sales-play-sales-customer-deck-2022.pptx
dlp-sales-play-sales-customer-deck-2022.pptxdlp-sales-play-sales-customer-deck-2022.pptx
dlp-sales-play-sales-customer-deck-2022.pptx
 
Hackers
HackersHackers
Hackers
 
Hackers
HackersHackers
Hackers
 
Hackers
HackersHackers
Hackers
 
Mobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistantMobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistant
 
Empowering Telecom Resilience - SecurityGen's GSMA SS7 Security Unveiled.pdf
Empowering Telecom Resilience - SecurityGen's GSMA SS7 Security Unveiled.pdfEmpowering Telecom Resilience - SecurityGen's GSMA SS7 Security Unveiled.pdf
Empowering Telecom Resilience - SecurityGen's GSMA SS7 Security Unveiled.pdf
 
SecurityGen Bolsters Defenses with State-of-the-Art Intrusion Detection Syste...
SecurityGen Bolsters Defenses with State-of-the-Art Intrusion Detection Syste...SecurityGen Bolsters Defenses with State-of-the-Art Intrusion Detection Syste...
SecurityGen Bolsters Defenses with State-of-the-Art Intrusion Detection Syste...
 
IDS: INTRUSION DETECTION SYSTEM PLATFORM
IDS: INTRUSION DETECTION SYSTEM PLATFORMIDS: INTRUSION DETECTION SYSTEM PLATFORM
IDS: INTRUSION DETECTION SYSTEM PLATFORM
 
Fortifying Telecom Networks: Exploring GSMA SS7 Security
Fortifying Telecom Networks: Exploring GSMA SS7 SecurityFortifying Telecom Networks: Exploring GSMA SS7 Security
Fortifying Telecom Networks: Exploring GSMA SS7 Security
 
What's new in​ CEHv11?
What's new in​ CEHv11?What's new in​ CEHv11?
What's new in​ CEHv11?
 

More from Abhinav Biswas

Internet of 'Hidden' Things: How to Build a Confidential IOT Network using TO...
Internet of 'Hidden' Things: How to Build a Confidential IOT Network using TO...Internet of 'Hidden' Things: How to Build a Confidential IOT Network using TO...
Internet of 'Hidden' Things: How to Build a Confidential IOT Network using TO...
Abhinav Biswas
 
Demystifying the Dark-Side of Internet of Things (IOT): A Journey through Sec...
Demystifying the Dark-Side of Internet of Things (IOT): A Journey through Sec...Demystifying the Dark-Side of Internet of Things (IOT): A Journey through Sec...
Demystifying the Dark-Side of Internet of Things (IOT): A Journey through Sec...
Abhinav Biswas
 
Are TOR Hidden Services really hidden? Demystifying HS Directory surveillance...
Are TOR Hidden Services really hidden? Demystifying HS Directory surveillance...Are TOR Hidden Services really hidden? Demystifying HS Directory surveillance...
Are TOR Hidden Services really hidden? Demystifying HS Directory surveillance...
Abhinav Biswas
 
Dark - Side of Internet of Things (IOT)
Dark - Side of Internet of Things (IOT)Dark - Side of Internet of Things (IOT)
Dark - Side of Internet of Things (IOT)
Abhinav Biswas
 
Ion Mobility Spectrometry (IMS) based Explosive Detector
Ion Mobility Spectrometry (IMS) based Explosive DetectorIon Mobility Spectrometry (IMS) based Explosive Detector
Ion Mobility Spectrometry (IMS) based Explosive Detector
Abhinav Biswas
 
Virtual Trial Room - Abhinav Biswas
Virtual Trial Room - Abhinav BiswasVirtual Trial Room - Abhinav Biswas
Virtual Trial Room - Abhinav Biswas
Abhinav Biswas
 

More from Abhinav Biswas (6)

Internet of 'Hidden' Things: How to Build a Confidential IOT Network using TO...
Internet of 'Hidden' Things: How to Build a Confidential IOT Network using TO...Internet of 'Hidden' Things: How to Build a Confidential IOT Network using TO...
Internet of 'Hidden' Things: How to Build a Confidential IOT Network using TO...
 
Demystifying the Dark-Side of Internet of Things (IOT): A Journey through Sec...
Demystifying the Dark-Side of Internet of Things (IOT): A Journey through Sec...Demystifying the Dark-Side of Internet of Things (IOT): A Journey through Sec...
Demystifying the Dark-Side of Internet of Things (IOT): A Journey through Sec...
 
Are TOR Hidden Services really hidden? Demystifying HS Directory surveillance...
Are TOR Hidden Services really hidden? Demystifying HS Directory surveillance...Are TOR Hidden Services really hidden? Demystifying HS Directory surveillance...
Are TOR Hidden Services really hidden? Demystifying HS Directory surveillance...
 
Dark - Side of Internet of Things (IOT)
Dark - Side of Internet of Things (IOT)Dark - Side of Internet of Things (IOT)
Dark - Side of Internet of Things (IOT)
 
Ion Mobility Spectrometry (IMS) based Explosive Detector
Ion Mobility Spectrometry (IMS) based Explosive DetectorIon Mobility Spectrometry (IMS) based Explosive Detector
Ion Mobility Spectrometry (IMS) based Explosive Detector
 
Virtual Trial Room - Abhinav Biswas
Virtual Trial Room - Abhinav BiswasVirtual Trial Room - Abhinav Biswas
Virtual Trial Room - Abhinav Biswas
 

Recently uploaded

Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
SitimaJohn
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Wask
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Jeffrey Haguewood
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
Recommendation System using RAG Architecture
Recommendation System using RAG ArchitectureRecommendation System using RAG Architecture
Recommendation System using RAG Architecture
fredae14
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
Edge AI and Vision Alliance
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
David Brossard
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
Wouter Lemaire
 

Recently uploaded (20)

Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
Recommendation System using RAG Architecture
Recommendation System using RAG ArchitectureRecommendation System using RAG Architecture
Recommendation System using RAG Architecture
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
 

Insights Into Modern Day Threat Protection

  • 1. Information Technology Services Division , ITSD - Abhinav Biswas ECIL Hyderabad
  • 2. Information Technology Services Division , ITSD   - Corporate Threat Landscape  - Multi-Phase (7 Stage Model)  - Signature Based(Known )  Analytics based (Sandboxing & GTI )  - Log Correlation & Big Data Analysis  - Nessus, Acunetix 
  • 3. Information Technology Services Division , ITSD  Gathers information secretly and sends to another entity without the user's consent.  Stops from using your PC until you pay a certain amount of money (the ransom). e.g. Encryption Ransomware, CryptoLocker  Psychological manipulation of people into performing actions or divulging confidential information.  Act of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.  Voice-over Phishing
  • 4. Information Technology Services Division , ITSD  A weakness which allows an attacker to reduce a system's information assurance.  A possible danger that might exploit a vulnerability to breach security and thus cause possible harm.  A piece of software or a sequence of commands that takes advantage of a bug or vulnerability.  An attempt to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset. (A realized Threat using an Exploit on Vulnerability is an Attack.)  An observable change to the normal behavior of a system, environment, process, workflow or person.  An event attributable to a root cause. All incidents are events but many events are not incidents. (An Attack is a series of security incidents.)
  • 5. Information Technology Services Division , ITSD  - Advanced Persistent Threats (APT) - Zero-day Attacks (ZDA) - Smart Mobile Malware (SMM) - Web-based Plug-in Exploits (WPE)  - Free availability of Root-kits, SpamBots, Phishing Tools etc. - Digital Currencies (BitCoin) & Anonymous Payment Services.  - Strategic Government institutions.  - Polymorphism, Dynamic URLs, Virtualization, Cloud, Smart Phone/ Mobiles, Social Sites, BYOD, Internet Of Things (IOT/IPv6)
  • 6. Information Technology Services Division , ITSD Lure Redirect Exploit Kit Dropper File Call Home Data Theft Recon
  • 7. Information Technology Services Division , ITSD Traditional Threats APTs Signature Based Zero-Day: No signature  Rule-based Reactive Response Proactive/Predictive/Adaptive Response Opportunistic/Generic attack Targeted/Customized Attack Visible Stealthy- Low-flying Short-term & Bursty Long-term & Persistent Static - Relatively easy to detect (based on signature) Polymorphic - Take months to detect (no specific pattern) Getting attention/Bragging is motive Data-exfiltration & Disruption of services is motive Limited Resources (people, money, technologies) Sponsored by Nation States – Large no. of quality resources Eg: Common Cold Eg: Cancer
  • 8. Information Technology Services Division , ITSD 8 Social Media Email Mobile Attack Vectors Web Redirects Malware Recon XSS Dropper Files C n CExploit Kits Phishing
  • 9. Information Technology Services Division , ITSD  1a) Identify target  1b) Determine browsing habits  2) Select favorite website  3) Compromise and host exploits  3)Drop malware  4)Determine target profile  4)Wait for opportunity to further compromise
  • 10. Information Technology Services Division , ITSD Internet Customer Attacker Vuln. ADSL Router Changes the DNS server entries in the modem to rogue DNS servers and changes the password of the DSL router Rogue DNS Server Attacker scans for the DSL router and logs onto Admin console via WAN interface by exploiting vulnerabilities in the router firmware or configuration flaws; or by infecting connected computer
  • 11. Information Technology Services Division , ITSD 3 FORWARD FACING ONLY, LACK OUTBOUND PROTECTION No contextual analysis of Internal Threats. 2 LACK OF REAL-TIME INLINE CONTENT ANALYSIS No Byte-Range Data Packet Analysis for Data Loss/ Theft Detection 4 LACK OF ADVANCED ANALYTICS & ANOMALY DETECTION No Sandboxing in existing UTMs, NGFWs. No SSL packet inspection. 1 PRIMARILY BASED ON SIGNATURE & REPUTATION Signature history cannot keep up with the dynamic future of threats
  • 14. Information Technology Services Division , ITSD WEB  Content Analysis  Malware Sandbox  Forensic Reports  SSL Inspection  Video Controls EMAIL  Spear-Phishing  URL Sandboxing  Anti-Spam  TLS Encryption  Image Analysis DATA  Content Aware DLP  Drip Data Theft Detection  OCR of Image Text  Geo-Location MOBILE  Cloud Service  Malicious Apps  BYOD Policy  Reporting/Invent ory Monitor Discover Classify DISCOVER MONITOR CLASSIFY PROTECT WHERE WHATWHO HOW ESSENTIAL INFORMATION PROTECTION External Risks Internal Risks
  • 15. Information Technology Services Division , ITSD (Similar to Bomb Detonation Sandbox) - Tightly controlled access to resources - URL sandbox/File sandbox - Isolated environment/network - Multiple Detection Environment (Virtual Machines) - Customizable & Realistic Virtual environment - Behavior based classification & Risk scoring - Instrumented Forensic Data Collection - Big log Data interpretation - Post-incident data (SIEM - Security Incident Event Management) - Real-time Threat Intelligence (GTI) - Integration with other sources (local/national/international) - PCAP (Packet Capture) & Replay
  • 16. Information Technology Services Division , ITSD  - Content & Context Aware logs - Device & Application logs, Authentication & IAM log, Endpoint security devices, user identity, location, VA scan data, Netwrk flows, OS events, DB transaction logs  - Remove redundancy.  - Threat Intelligence & Risk Analysis  
  • 19. Information Technology Services Division , ITSD  is better than (Old Proverb)  Prevention is & is a Must followed by quick
  • 20. Information Technology Services Division , ITSD  Use Legal software only  Keep upto-date patches and fixes of the Operating System and Application Software  Exercise caution while opening unsolicited emails and do not click on a link embedded within  Open only email attachments from trusted parties  Use latest browsers having capability to detect phishing/ malicious sites  Harden the Operating System  Whitelist the Applications  Deploy software for controlled use of USB Pen Drives.
  • 21. Information Technology Services Division , ITSD “Failure is not when we fall down, but when we fail to get up”