Blackhat USA 2015: BGP Stream Presentation

•

3 likes•6,373 views

OpenDNS

BGP Stream presentation from Blackhat USA by OpenDNS CTO Dan Hubbard and Network Manager Andree Toonk.

1
Dan Hubbard & Andree Toonk
Blackhat 2015
BGP Stream

2
BGP Overview
BGP Attack Examples
Announcing BGPStream
BGPStream dataviz client example
Other cool stuff
Things we may or may not present….

4
•  Network of Networks, it’s a Graph!
•  Each organizations on the Internet is
called an Autonomous system.
•  Each node represents an Autonomous
system (AS).
•  AS is identified by a number.
•  OpenDNS is 36692, Google is 15169.
•  Each AS has one or more Prefixes.
•  36692 has 56 (ipv4 and IPv6) network
prefixes.
•  BGP is the glue that makes this work!
Result is a topology map of the Internet
Internet 101 & BGP

5
andree@rtr1.syd> show route protocol bgp www.facebook.com
inet.0: 528878 destinations, 1095067 routes (528873 active, 3 holddown, 12 hidden)
+ = Active Route, - = Last Active, * = Both
179.60.193.0/24
*[BGP/170] 2w6d 21:16:18, MED 0, localpref 100
AS path: 32934 I
> to 202.167.228.39 via ge-1/1/9.0
[BGP/170] 1w6d 02:04:04, localpref 100
AS path: 4637 1221 32934 I
> to 210.176.38.1 via xe-0/0/0.0
[BGP/170] 4d 21:09:54, MED 0, localpref 100
AS path: 2914 38561 1221 32934 I
> to 202.68.65.149 via xe-2/0/0.0
Example BGP troubleshooting How
do
I
route

to
Facebook?

9
High level Architecture

BGP
Stream
analyzer

BGP
data

Classifier Notification
Expected

Support
for:

IPv4
&
IPv6

16
&
32bit
AS
numbers

Expected
state:

•  Preﬁx
/
Origin
AS

•  AS
relaCons

•  Historical
info

•  GEO
info

•  Whois
info

•  Etc.

Observed BGP data from
hundreds of BGP peers
globally

10
BGP Stream Classifier

BGP
data

•  Expected Origin AS vs. Detected origin AS
•  Existing Business relationship?
•  Does Detected

AS
announce other Expected

AS
prefixes in BGP
•  Is there an existing peering relationship
•  Did Detected

AS
recently announce Expected

AS
prefixes
•  Exclude well relations and ASNs (i.e. DoD Asns, special Anycast prefixes).
•  Whois information
•  Valid RPLS route object in RIR / IRR databases?
•  Allocation data
•  Name collision in name, description, emails
•  Geo Info
•  Do Expected

and Detected
operate in same country
•  For US, same state
•  Detected by number of BGPmon peers

14
Requests
Per Day
80B Countries
160+
Daily Active
Users
65M Enterprise
Customers
10K
Our Perspective
Diverse Set of Data &
Global Internet Visibility

16
Malaysia Airlines DNS Hijack
January 25, 2015

17
MALICIOUS
ASN/IP
IDENTIFIED
Owned
by
Lizard
Squad

who
hacked
PS3
and
Xbox

Networks
in

December
2014

19
POPVOTE.HK
750 Million DNS
requests 1 hour

22
The Future….
More Tuning and Training
Integrate DNSStream into BGPStream portal
Build a community of BGP and DNS watchers

"Adventures in Linked Data Land: bringing RDF to the Wordsworth Trust" is a paper given by RIchard Light (http://uk.linkedin.com/pub/richard-light/a/221/ba5) to a Linked Data meeting run by the Collections Trust in February 2010. He runs through the basics of LD, how it relates to cultural heritage, and some of his experiments with it, specifically with the data of the Wordsworth Trust, finally listing a series of challenges that face museums in trying to get on board the Linked Data bus.

Building a Directed Graph with MongoDB

Tony Tam

Rdf conjunctive query selectivity estimation

INRIA-OAK

Wherecamp Navigation Conference 2015 - SPOI SDI4pps: Points of Interest

WhereCampBerlin

Apache Spark's Built-in File Sources in Depth

Databricks

In Spark 3.0 releases, all the built-in file source connectors [including Parquet, ORC, JSON, Avro, CSV, Text] are re-implemented using the new data source API V2. We will give a technical overview of how Spark reads and writes these file formats based on the user-specified data layouts. The talk will also explain the differences between Hive Serde and native connectors, and share the experiences of how to tune the connectors and choose the best data layouts for achieving the best performance.

Improve Performance in Fast Search for SharePoint - Comperio

Comperio - Search Matters.

Leveraging DNS data to detect new Internet threats has been gaining in popularity in the past few years. However, most industry and academic work examines DNS solely from the authoritative layer through the use of passive DNS. This presentation covers three novel methods that can be used to detect network threats at an Internet scale by analyzing DNS traffic below and above the recursive layer, monitoring malware hosting IP infrastructures, and applying graph analytics on DNS lookup patterns.

One Phish, Two Phish, Red Phish, Your Account Details Just Got Stolen

OpenDNS

What Happens Before the Kill Chain

OpenDNS

OpenDNS CTO Dan Hubbard VizSec 2014 Keynote Slides

OpenDNS

Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...

OpenDNS

OpenDNS Whitepaper: Platform Technology

Courtland Smith

Standardizing and Strengthening Security to Lower Costs

OpenDNS

Umbrella for MSPs: Enterprise Grade Malware Protection & Containment

OpenDNS

Speak Security: Under the Hood of the OpenDNS Security Research Labs with Dhi...

OpenDNS

Malware reversing is a conventional threat intelligence strategy that is being challenged to keep up with the fast-paced evolution of threats. To stay ahead of bad actors, the next generation security intelligence engine is big data, not malware reversing. An advanced generation of security intelligence teams has risen with mathematicians, algorithmic geniuses and big data researchers. The buzz words sound impressive but what does this actually mean in practice? On Jan 22nd, OpenDNS Security Researcher, Dhia Mahjoub, and Senior Product Manager, Dima Kumets, went under the hood of OpenDNS Security Research Labs. Their discussion included such topics as: -What the OpenDNS Researchers actually do and why it's so different from traditional sample analysis -The process of developing and improving learning machines as developed by Dhia and the Labs Team -Insights gained from looking at Internet traffic as a whole -The difference in Big Data insight vs Malware Reversing -The latest threats OpenDNS Security Labs is mitigating

Final Project Report-SIEMRangan Yoga

AfterGlow

Raffael Marty

AfterGlow is a script that assists with the visualization of log data. It reads CSV files and converts them into a Graph description. Check out http://afterglow.sf.net for more information also. This short presentation gives an overview of AfterGlow and outlines the features and capabilities of the tool. It discusses some of the harder to understand features by showing some configuration examples that can be used as a starting point for some more sophisticated setups. AftterGlow is one the most downloaded security visualization tools with over 17,000 downloads.

Docker at OpenDNS

OpenDNS

Decoding Connectivity: Thriving and Leading in the Internet of Everything World

Cisco Canada

Decoding Connectivity: Thriving and Leading in the Internet of Everything World Carlos Dominguez, Senior Vice President in Cisco’s Office of the Chairman of the Board and CEO As the industry begins enabling the Internet of Everything, the ways we work and do business will change at lightning speed – again. What will that seismic shift mean for organizations – and for you? How do you use innovation to drive creativity? How can you optimize technology to free up other resources? Hear from Carlos Dominguez, a leader in innovation, as he puts the digital revolution in perspective and shares his eye-opening ideas about how to prepare for the future.

Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...OpenDNS

Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...

viaForensics

Cyber as WMD- April 2015- GFSUMohit Rampal

sebis research profile

sebistum

ToorCon 14 : Malandroid : The Crux of Android Infections

Aditya K Sood

The Android platform has been plagued by malware for the past several years. Despite all attempts to detect and mitigate malicious applications on Android, malware is still flying under our radar and getting on our devices and causing millions of users financial and data loss every year. Additionally, the malware analysis community is at a large disagreement on how Android malware should be classified. In this talk, we’ll dive into the tactics, tools and procedures used by Android malware today, including several case studies of exceptional malware samples. By analyzing real code used by malware in the wild, we’ll be able to show the advancements in Android malware from a design perspective.

Hide Android applications in images

Ange Albertini

Cisco amp for endpoints

Cisco Canada

Cloud SDN: BGP Peering and RPKI

MyNOG

BGP Bugs, Hiccups and weird stuff: Issues seen by RT-BGP Toolkit

APNIC

Viewers also liked

New DNS Traffic Analysis Techniques to Identify Global Internet Threats

OpenDNS

One Phish, Two Phish, Red Phish, Your Account Details Just Got Stolen

OpenDNS

What Happens Before the Kill Chain

OpenDNS

OpenDNS CTO Dan Hubbard VizSec 2014 Keynote Slides

OpenDNS

Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...

OpenDNS

OpenDNS Whitepaper: Platform Technology

Courtland Smith

Standardizing and Strengthening Security to Lower Costs

OpenDNS

Umbrella for MSPs: Enterprise Grade Malware Protection & Containment

OpenDNS

Speak Security: Under the Hood of the OpenDNS Security Research Labs with Dhi...

OpenDNS

Final Project Report-SIEMRangan Yoga

AfterGlow

Raffael Marty

Docker at OpenDNS

OpenDNS

Decoding Connectivity: Thriving and Leading in the Internet of Everything World

Cisco Canada

Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...OpenDNS

Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...

viaForensics

Cyber as WMD- April 2015- GFSUMohit Rampal

sebis research profile

sebistum

ToorCon 14 : Malandroid : The Crux of Android Infections

Aditya K Sood

Hide Android applications in images

Ange Albertini

Cisco amp for endpoints

Cisco Canada

Viewers also liked (20)

New DNS Traffic Analysis Techniques to Identify Global Internet Threats

One Phish, Two Phish, Red Phish, Your Account Details Just Got Stolen

What Happens Before the Kill Chain

OpenDNS CTO Dan Hubbard VizSec 2014 Keynote Slides

Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...

OpenDNS Whitepaper: Platform Technology

Standardizing and Strengthening Security to Lower Costs

Umbrella for MSPs: Enterprise Grade Malware Protection & Containment

Speak Security: Under the Hood of the OpenDNS Security Research Labs with Dhi...

Final Project Report-SIEM

AfterGlow

Docker at OpenDNS

Decoding Connectivity: Thriving and Leading in the Internet of Everything World

Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...

Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...

Cyber as WMD- April 2015- GFSU

sebis research profile

ToorCon 14 : Malandroid : The Crux of Android Infections

Hide Android applications in images

Cisco amp for endpoints

Similar to Blackhat USA 2015: BGP Stream Presentation

Cloud SDN: BGP Peering and RPKI

MyNOG

BGP Bugs, Hiccups and weird stuff: Issues seen by RT-BGP Toolkit

APNIC

Bgp (1)Vamsidhar Naidu

CCCNP ROUTE v6_ch06Licenciatura en Redes y Sistemas Operativos

Operationalizing BGP in the SDDC

Cumulus Networks

bgp.ppt

aozcan1

InternetMappingAndVisualizationGroup5JinfuZhengAndLingLiu?? ?

Dynamische Routingprotokolle Aufzucht und Pflege - BGP

Maximilan Wilhelm

Sie möchten Ihr großes internes Netzwerk - ein Autonomes System - mit dem Internet verbinden, eine IP-Fabric aufbauen oder interne Dienste per Anycast in Ihrem Netzwerk anbieten. Für all diese Dinge ist das Border Gateway Protokoll entwickelt worden und auch hervorragend geeignet. Dieser Vortag vermittelt die Funktionsweise von BGP im externen und internen Einsatz, gibt einen Überblick über die Steuermechanismen und Stellschrauben und zeigt den praktischen Einsatz mit dem Bird Internet Routing Daemon auf.

NP - Unit 5 - Bootstrap, Autoconfigurion and BGP

hamsa nandhini

Bgp

Satheesh Kirupai

Bgp

Febrian ‎

Resource Public Key Infrastructure - A Step Towards a More Secure Internet Ro...

akg1330

Apnic-Training-IPv6_workshop

Nguyen Minh Thu

IPv6 in Cellular Networks

APNIC

Bgp Toc

bigb0206

eBGP.pptx

DindaPratiwi41

An Overview of Border Gateway Protocol (BGP)Jasim Alam

Cumulus Linux 2.5.3

Cumulus Networks

Initial Experiences Route Filtering at the Edge AS15169 by Arturo L. Servin

MyNOG

Scripting on Routers - NANOG 47

Richard Steenbergen

Similar to Blackhat USA 2015: BGP Stream Presentation (20)

Cloud SDN: BGP Peering and RPKI

BGP Bugs, Hiccups and weird stuff: Issues seen by RT-BGP Toolkit

Bgp (1)

CCCNP ROUTE v6_ch06

Operationalizing BGP in the SDDC

bgp.ppt

InternetMappingAndVisualizationGroup5JinfuZhengAndLingLiu

Dynamische Routingprotokolle Aufzucht und Pflege - BGP

NP - Unit 5 - Bootstrap, Autoconfigurion and BGP

Bgp

Resource Public Key Infrastructure - A Step Towards a More Secure Internet Ro...

Apnic-Training-IPv6_workshop

IPv6 in Cellular Networks

Bgp Toc

eBGP.pptx

An Overview of Border Gateway Protocol (BGP)

Cumulus Linux 2.5.3

Initial Experiences Route Filtering at the Edge AS15169 by Arturo L. Servin

Scripting on Routers - NANOG 47

More from OpenDNS

Highly Available Docker Networking With BGP

OpenDNS

Security Ninjas: An Open Source Application Security Training Program

OpenDNS

NOTES -- Slide 8 Some of the categories we will discuss are very broad like this one. Untrusted command – get / post / rest style params Clicks Surprise inputs Slide 13 Very broad too Little or no auth Auth with some bypass possibilities Some problem with how session is generated, managed, expired Insufficient sessionID protection Slide 18 When a user is tricked into clicking on a malicious link, submitting a specially crafted form, or even just browsing to a malicious site, the injected code travels to the vulnerable web site, which reflects the attack back to the user’s browser. Slide 27 Security hardening throughout Application Stack Unnecessary features enabled or installed? ports, services, pages, accounts, privileges Security settings in your development frameworks (e.g., Struts, Spring, ASP.NET) and libraries not set to secure values? Default accounts/ passwords still enabled and unchanged? Error handling reveal stack traces or other overly informative error messages to users? Software out of date? OS, Web Server, DBMS, applications, code libraries Slide 41 sign up for updates or do regular audits to see versions there might be technical dependencies easily exploited by attackers using metaspoilt, info gathering using headers & responses, etc. Slide 47 We can look at the architecture, give you tips around what you could use, what would be good. This would avoid making any major changes when the product is ready which would save everyone’s time in the long run. Have sprints with dedicated security features and use those as a selling point for our security conscious customers Slide 48 Carefully look at the license to make sure you can use it in your type of product. Ask Fallon if you are not sure Research how much support it gets, how popular it is Look to find out any vulnerabilities in it before you start using it Maintain it; Sign up for CVE updates Ask us if you need to get something reviewed Slide 50 Not only better and more features Security vulnerabilities get patched in new versions New versions get most attention by the companies and old ones stop getting support after some time fully Most Security Support by the community Turn on auto updates for Chrome; always look at updates on AppStore Slide 51 Use different passwords for different sites Password managers let you set complexity, generate random passwords, etc. Slide 52 Only grant access to whats needed to get the job done employee leaves; mistakes; vulnerabilities in other s/w which leverages this; Don’t install redundant software, plugins, etc. This opens up so much risk People forget to uninstall them; s/w doesn't get much attention from community; open ports are left; boom exploited by attackers; Slide 55 To prevent unintended execution actions e.g., fail open auth errors Leak minimal info about infrastructure as this info is leveraged by attackers to carry out further attacks

IP Routing, AWS, and Docker

OpenDNS

Rahim Lalani is a Systems Engineer at OpenDNS. He gave a talk at the Docker Vancouver meetup on May 8th, 2014 covering some experiments that he did along with Andree Toonk, OpenDNS's Network Engineering Manager, to route OpenDNS IP address space into containers running on AWS EC2 instances. Addtional details can be found in his blog post: http://engineering.opendns.com/2014/07/01/ip-routing-aws-docker/

Defcon

OpenDNS

Marauder or Scanning Your DNSDB for Fun and Profit - SOURCE Boston

OpenDNS

Network Security: A Four Point Analysis of Appliances vs. the Cloud

OpenDNS

When you're assessing network security solutions, you face two fundamental choices with dramatic consequences for protection, coverage, performance and manageability. Appliance-based solutions seek to arm organizations with visibility and control within their network environment. Cloud-based solutions promise easier setup, greater scalability, wider coverage and adaptive protection. How do you weigh the promised benefits against the potential risks? Does one option offer distinct advantages over the other?

CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Dis...OpenDNS

Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead

OpenDNS

Practice makes perfect. And unfortunately for security professionals, attackers have realized that persistence is a powerful approach to breaching an organization's defenses. Focusing on prevention alone is no longer a sufficient strategy for securing your organization against the business risks of a breach. Our current security environment demands an approach less centered on ideal prevention and more focused on reality. During this webcast, we discussed key strategies that limit your risk and exposure to unrelenting threats. Some highlighted topics include: - How the shift in attacker motivations has impacted today's threat landscape - Why preventative techniques alone can no longer ensure a secure environment - Which strategies need to be considered for a holistic approach to security - What next steps you can take towards identifying your best strategy against attacks

Baythreat Cryptolocker Presentation

OpenDNS

Cryptolocker Webcast

OpenDNS

Each day millions of Internet requests are made to dynamically changing Cryptolocker domains. And it only takes one successful connection from a malware-infected system to the botnet controller for your files to end up encrypted and held for ransom. So how does Cryptolocker actually work? What is the best way to block it? And what implications does this have for security methods going forward? In this webcast, you will learn: -What steps are involved in a Cryptolocker attack -How Domain Generation Algorithms enable it to evade most threat detection methods -Why leveraging our global intelligence has been effective in containing Cryptolocker -What you can do to avoid becoming a victim

MSP Webcast - Leveraging Cloud Security to Become a Virtual CIO

OpenDNS

Ransomware, trojans, and keyloggers are increasingly targeting SMBs—and traditional, reactive security solutions are not cutting it. Malware not only puts your customers at risk but also hurts your bottom line through hours wasted cleaning up infected machines. But how do you protect customers that may not understand the risks or the value of layered security? The answer lies in leveraging increased visibility and value reporting to improve your bottom line and become your customer's virtual CIO and CISO. Join OpenDNS Sr. Product Manager Dima Kumets and guest speaker Jim Lancaster of MSPmentor 100 company Sagiss to learn about: -Combining protection and containment to lower costs -Improving renewal rates through value reporting -Leveraging OpenDNS's new integration with ConnectWise to be the Virtual CIO -Monitoring real-time network activity as a sellable service

Fast Detection of New Malicious Domains using DNS

OpenDNS

Umbrella for MSPs: Cloud Security via N-able

OpenDNS

More from OpenDNS (13)

Highly Available Docker Networking With BGP

Security Ninjas: An Open Source Application Security Training Program

IP Routing, AWS, and Docker

Defcon

Marauder or Scanning Your DNSDB for Fun and Profit - SOURCE Boston

Network Security: A Four Point Analysis of Appliances vs. the Cloud

CanSecWest 2014 Presentation: "Intelligent Use of Intelligence: Design to Dis...

Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead

Baythreat Cryptolocker Presentation

Cryptolocker Webcast

MSP Webcast - Leveraging Cloud Security to Become a Virtual CIO

Fast Detection of New Malicious Domains using DNS

Umbrella for MSPs: Cloud Security via N-able

Recently uploaded

FIDO Alliance Osaka Seminar: Overview.pdf

FIDO Alliance

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

UiPath Test Automation using UiPath Test Suite series, part 3

DianaGray10

Key Trends Shaping the Future of Infrastructure.pdf

Cheryl Hung

Assuring Contact Center Experiences for Your Customers With ThousandEyes

ThousandEyes

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

DanBrown980551

Do you want to learn how to model and simulate an electrical network from scratch in under an hour? Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)! During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook. PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides: - A fully editable and extendable library for grid component modelling; - Visualization tools to display your network; - Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses; The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well. What you will learn during the webinar: - For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills; - For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

FIDO Alliance

To Graph or Not to Graph Knowledge Graph Architectures and LLMs

Paul Groth

When stars align: studies in data quality, knowledge graphs, and machine lear...

Elena Simperl

GraphRAG is All You need? LLM & Knowledge Graph

Guy Korland

Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs. 1. Unifying Large Language Models and Knowledge Graphs: A Roadmap. https://arxiv.org/abs/2306.08302 2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs: https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...

Product School

Monitoring Java Application Security with JDK Tools and JFR Events

Ana-Maria Mihalceanu

Neuro-symbolic is not enough, we need neuro-*semantic*

Frank van Harmelen

Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”. All of this illustrated with link prediction over knowledge graphs, but the argument is general.

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Prayukth K V

The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development. The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers: State of global ICS asset and network exposure Sectoral targets and attacks as well as the cost of ransom Global APT activity, AI usage, actor and tactic profiles, and implications Rise in volumes of AI-powered cyberattacks Major cyber events in 2024 Malware and malicious payload trends Cyberattack types and targets Vulnerability exploit attempts on CVEs Attacks on counties – USA Expansion of bot farms – how, where, and why In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East Why are attacks on smart factories rising? Cyber risk predictions Axis of attacks – Europe Systemic attacks in the Middle East Download the full report from here: https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...

Ramesh Iyer

In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

Product School

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

Sri Ambati

How world-class product teams are winning in the AI era by CEO and Founder, P...

Product School

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

Tobias Schneck

As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other? Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.

Leading Change strategies and insights for effective change management pdf 1.pdf

OnBoard

Recently uploaded (20)

FIDO Alliance Osaka Seminar: Overview.pdf

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

UiPath Test Automation using UiPath Test Suite series, part 3

Key Trends Shaping the Future of Infrastructure.pdf

Assuring Contact Center Experiences for Your Customers With ThousandEyes

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

To Graph or Not to Graph Knowledge Graph Architectures and LLMs

When stars align: studies in data quality, knowledge graphs, and machine lear...

GraphRAG is All You need? LLM & Knowledge Graph

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...

Monitoring Java Application Security with JDK Tools and JFR Events

Neuro-symbolic is not enough, we need neuro-*semantic*

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

How world-class product teams are winning in the AI era by CEO and Founder, P...

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

Leading Change strategies and insights for effective change management pdf 1.pdf

Blackhat USA 2015: BGP Stream Presentation

1. 1 Dan Hubbard & Andree Toonk Blackhat 2015 BGP Stream

2. 2 BGP Overview BGP Attack Examples Announcing BGPStream BGPStream dataviz client example Other cool stuff Things we may or may not present….

3. 3

4. 4 •  Network of Networks, it’s a Graph! •  Each organizations on the Internet is called an Autonomous system. •  Each node represents an Autonomous system (AS). •  AS is identified by a number. •  OpenDNS is 36692, Google is 15169. •  Each AS has one or more Prefixes. •  36692 has 56 (ipv4 and IPv6) network prefixes. •  BGP is the glue that makes this work! Result is a topology map of the Internet Internet 101 & BGP

5. 5 andree@rtr1.syd> show route protocol bgp www.facebook.com inet.0: 528878 destinations, 1095067 routes (528873 active, 3 holddown, 12 hidden) + = Active Route, - = Last Active, * = Both 179.60.193.0/24 *[BGP/170] 2w6d 21:16:18, MED 0, localpref 100 AS path: 32934 I > to 202.167.228.39 via ge-1/1/9.0 [BGP/170] 1w6d 02:04:04, localpref 100 AS path: 4637 1221 32934 I > to 210.176.38.1 via xe-0/0/0.0 [BGP/170] 4d 21:09:54, MED 0, localpref 100 AS path: 2914 38561 1221 32934 I > to 202.68.65.149 via xe-2/0/0.0 Example BGP troubleshooting How do I route to Facebook?

6. 6 Recent High Profile BGP Incident Examples BGP hijack used for spamming BGP hijack used for ﬁnancial gain (bitcoin hijack) BGP hijack by Hacking team Large scale mulC day outages in Syria and Egypt BGP hijack by Turkey to censor popular DNS resolvers Many more accidental BGP hijacks

7. 7

8. 8

9. 9 High level Architecture BGP Stream analyzer BGP data Classifier Notification Expected Support for: IPv4 & IPv6 16 & 32bit AS numbers Expected state: •  Preﬁx / Origin AS •  AS relaCons •  Historical info •  GEO info •  Whois info •  Etc. Observed BGP data from hundreds of BGP peers globally

10. 10 BGP Stream Classifier BGP data •  Expected Origin AS vs. Detected origin AS •  Existing Business relationship? •  Does Detected AS announce other Expected AS prefixes in BGP •  Is there an existing peering relationship •  Did Detected AS recently announce Expected AS prefixes •  Exclude well relations and ASNs (i.e. DoD Asns, special Anycast prefixes). •  Whois information •  Valid RPLS route object in RIR / IRR databases? •  Allocation data •  Name collision in name, description, emails •  Geo Info •  Do Expected and Detected operate in same country •  For US, same state •  Detected by number of BGPmon peers

11. 11 BGPStream Data Visualization Client

12. 12

13. 13 $blackhat there is more.. RUN BGPDNS

14. 14 Requests Per Day 80B Countries 160+ Daily Active Users 65M Enterprise Customers 10K Our Perspective Diverse Set of Data & Global Internet Visibility

15. 15

16. 16 Malaysia Airlines DNS Hijack January 25, 2015

17. 17 MALICIOUS ASN/IP IDENTIFIED Owned by Lizard Squad who hacked PS3 and Xbox Networks in December 2014

18. 18

19. 19 POPVOTE.HK 750 Million DNS requests 1 hour

20. 20

21. 21

22. 22 The Future…. More Tuning and Training Integrate DNSStream into BGPStream portal Build a community of BGP and DNS watchers

23. 23 @bgpstream @dnsstream