Many times security professionals, network engineers, and management ask "why did I spend all this money in network security equipment if I still got hacked?" For example, often questions like
these run through their minds: "Am I not buying the right security products? Am I not configuring or deploying them correctly? Do I have the right staff to run my network?" The security lifecycle requires measuring the current network state, creating a baseline and providing constant improvements. This presentation will cover several real-life case studies on how different network segments were compromised despite that state-of-the-art network security technologies and products were deployed. We will go over several security metrics that you should understand in order to better protect your network.
Omar Santos is an Incident Manager at Cisco's Product Security Incident Response Team (PSIRT). Omar has designed, implemented, and supported numerous secure networks for Fortune 500 companies and the U.S. government. Omar has delivered numerous technical presentations on several venues; as well as executive presentations to CEOs, CIOs, and CSOs of many organizations. He is also the author of 4 Cisco Press books and two more in the works.
This document summarizes a presentation by Prakash Baskaran of Pawaa Software on data protection solutions. It discusses traditional approaches to data security that are no longer sufficient due to insider threats and activities like copying sensitive data to removable drives or screenshots. Pawaa's innovations include a browser wrapper that works on any computer to enforce usage policies for files downloaded from web applications, preventing unauthorized access or use of sensitive data. The presentation demonstrates PawaaWEBB, which deploys as a browser to protect a web application without requiring a locked down environment.
The document discusses application security challenges and presents HP Fortify Software Security Center as a solution. It describes how the solution proactively identifies and eliminates risks in legacy applications and prevents risks during development. The solution protects applications across in-house, outsourced, commercial and open source development by embedding security into the entire software development lifecycle. It also provides comprehensive coverage across multiple vulnerability categories and programming languages.
The document introduces Symantec Ubiquity, a new technology that provides safety ratings for programs based on data from over 100 million Symantec users. It aims to address limitations of traditional signature-based detection in dealing with the growing number of unique and low-prevalence malware. Symantec Ubiquity analyzes the behavior, prevalence, and other attributes of files across all clients to identify suspicious programs. It is being integrated into Symantec's security products to enhance detection capabilities against unknown and targeted threats. Initial results show Ubiquity providing safety ratings for over 1.5 billion files and serving billions of ratings per month.
Symantec announced new website security solutions including support for new SSL encryption algorithms like Elliptic Curve Cryptography (ECC) and Digital Signature Algorithm (DSA). ECC provides stronger encryption with shorter keys, improved server and desktop performance, and meets future security needs. Symantec is the first certificate authority to offer ECC commercially. The announcements also included new services like the Certificate Intelligence Center and Secure App Service to help customers manage certificates and code signing keys.
Ensure Software Security already during developmentIT Weekend
"How to Code Security into Software? Software Security Assurance with HP Fortify." Nowadays it becomes more and more obvious that security should not only be applied as an afterthought, but already during development. I will show possibilities on how you can integrate Software Security assurance in your Development Lifecycle, and what technologies and processes can help you with that."
Lucas v. Stockhausen
Software Security Consultant
The document discusses IBM Security Systems and their capabilities. It provides an agenda that covers the security landscape, IBM security capabilities, and their strategic direction focused on security intelligence, advanced threats, mobile security, and cloud computing. It summarizes IBM's approach of delivering intelligence, integration, and expertise across a comprehensive security framework.
This document provides an overview of implementing intrusion prevention systems. It describes the purpose and operations of network-based and host-based IPS, how IPS signatures are used to detect malicious traffic, and how to configure and monitor Cisco IOS IPS using the command line interface and Security Device Manager. The objectives are to describe IPS functions, signatures, alarms, actions, and monitoring, as well as configure and verify Cisco IOS IPS.
[DSBW Spring 2009] Unit 08: WebApp SecurityCarles Farré
Unit 8 discusses security for web applications. It identifies potential threats, vulnerabilities, and attacks. Authentication verifies a user's identity, authorization governs user access, and other security goals are discussed like confidentiality, integrity, and availability. Main threat categories are outlined using the STRIDE methodology. Countermeasures are provided for network, host, and application level threats. The document also discusses web application security approaches like least privilege and defense in depth. Cryptography, SSL/TLS, and other protocols are summarized in the context of web security.
This document summarizes a presentation by Prakash Baskaran of Pawaa Software on data protection solutions. It discusses traditional approaches to data security that are no longer sufficient due to insider threats and activities like copying sensitive data to removable drives or screenshots. Pawaa's innovations include a browser wrapper that works on any computer to enforce usage policies for files downloaded from web applications, preventing unauthorized access or use of sensitive data. The presentation demonstrates PawaaWEBB, which deploys as a browser to protect a web application without requiring a locked down environment.
The document discusses application security challenges and presents HP Fortify Software Security Center as a solution. It describes how the solution proactively identifies and eliminates risks in legacy applications and prevents risks during development. The solution protects applications across in-house, outsourced, commercial and open source development by embedding security into the entire software development lifecycle. It also provides comprehensive coverage across multiple vulnerability categories and programming languages.
The document introduces Symantec Ubiquity, a new technology that provides safety ratings for programs based on data from over 100 million Symantec users. It aims to address limitations of traditional signature-based detection in dealing with the growing number of unique and low-prevalence malware. Symantec Ubiquity analyzes the behavior, prevalence, and other attributes of files across all clients to identify suspicious programs. It is being integrated into Symantec's security products to enhance detection capabilities against unknown and targeted threats. Initial results show Ubiquity providing safety ratings for over 1.5 billion files and serving billions of ratings per month.
Symantec announced new website security solutions including support for new SSL encryption algorithms like Elliptic Curve Cryptography (ECC) and Digital Signature Algorithm (DSA). ECC provides stronger encryption with shorter keys, improved server and desktop performance, and meets future security needs. Symantec is the first certificate authority to offer ECC commercially. The announcements also included new services like the Certificate Intelligence Center and Secure App Service to help customers manage certificates and code signing keys.
Ensure Software Security already during developmentIT Weekend
"How to Code Security into Software? Software Security Assurance with HP Fortify." Nowadays it becomes more and more obvious that security should not only be applied as an afterthought, but already during development. I will show possibilities on how you can integrate Software Security assurance in your Development Lifecycle, and what technologies and processes can help you with that."
Lucas v. Stockhausen
Software Security Consultant
The document discusses IBM Security Systems and their capabilities. It provides an agenda that covers the security landscape, IBM security capabilities, and their strategic direction focused on security intelligence, advanced threats, mobile security, and cloud computing. It summarizes IBM's approach of delivering intelligence, integration, and expertise across a comprehensive security framework.
This document provides an overview of implementing intrusion prevention systems. It describes the purpose and operations of network-based and host-based IPS, how IPS signatures are used to detect malicious traffic, and how to configure and monitor Cisco IOS IPS using the command line interface and Security Device Manager. The objectives are to describe IPS functions, signatures, alarms, actions, and monitoring, as well as configure and verify Cisco IOS IPS.
[DSBW Spring 2009] Unit 08: WebApp SecurityCarles Farré
Unit 8 discusses security for web applications. It identifies potential threats, vulnerabilities, and attacks. Authentication verifies a user's identity, authorization governs user access, and other security goals are discussed like confidentiality, integrity, and availability. Main threat categories are outlined using the STRIDE methodology. Countermeasures are provided for network, host, and application level threats. The document also discusses web application security approaches like least privilege and defense in depth. Cryptography, SSL/TLS, and other protocols are summarized in the context of web security.
Refense Security Risk Briefing July 2009apompliano
Refense provides vulnerability management and compliance checking for network infrastructure devices such as routers, switches, firewalls, and wireless access points. It uses a non-intrusive, agentless approach to conduct in-depth analysis of devices and identify vulnerabilities, configuration issues, and deviations from security policies. Refense offers both on-premise appliance and managed service options that are scalable, easy to implement, and provide comprehensive reporting and risk mitigation intelligence.
At VMworld 2012, Symantec announced new solutions and technical integrations with VMware across its entire product portfolio to ensure higher levels of protection for virtualized environments. Together, Symantec and VMware enable SMBs and enterprises to use the benefits of virtualization without compromising protection.
Symantec announced new offerings to create a trusted ecosystem of applications and partners to help businesses accelerate the execution of their mobility initiatives. The offerings include two new programs – the App Center Ready Program for application developers and the Mobility Solution Specialization Program for channel partners – as well as a single mobile suite spanning device management, application management and mobile security.
Network vulnerability assessments evaluate all aspects of a network from behind the firewall to identify potential vulnerabilities that could be exploited by hackers. They provide an effective method to understand an organization's security posture and help keep management informed of deviations from policies. Regular vulnerability assessments should be part of an ongoing security lifecycle to proactively address issues before exploits and identify gaps in security controls, policies, and processes. Axoss offers network vulnerability assessment services using an open-source methodology performed by certified security experts to thoroughly scan networks, locate hosts and services, detect known vulnerabilities, and provide recommendations to eliminate vulnerabilities.
VSD Infotech is an IT services company specializing in information security, network management, and data center solutions. They offer a range of services including: (1) implementing Information Security Management Systems to help organizations securely manage sensitive data according to ISO/IEC 27001 standards, (2) network security assessments and testing, and (3) consulting services to help businesses design and implement secure systems and best practices. They also provide networking solutions and products from technology partners to optimize customer networks.
SCIT-MTD is a patented technique that provides continuous rotation of virtual machines to a pristine state in order to remove malware and limit the time intruders have to exploit systems. It uses virtualization and fast VM rotation times of less than a minute to dynamically change systems into moving targets. This makes it difficult for attackers to gain access and plan attacks before being removed from the system. SCIT-MTD can be implemented without changes to existing systems and improves security even without knowing the details of vulnerabilities or malware.
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...Symantec
Symantec Endpoint Protection 12, optimized for virtual environments, offers organizations the vital protection needed to effectively safeguard information from attackers. Symantec Protection Center 2.0 draws upon correlated visibility from multiple security products to provide relevant actionable intelligence that reduces risks to business.
This document provides an overview of intrusion detection and data loss prevention. It discusses the challenges of data loss and how data loss prevention (DLP) addresses them. DLP helps organizations discover where sensitive data is located, monitor how it is being used, and protect it from leaving the network without authorization. The presentation outlines how DLP works and provides examples of how DLP can be used to fix exposed data, protect intellectual property and customer information, and continuously reduce security risks.
The variety and complexity of cyber attacks is increasing. The attackers have a strong economic and political motivation thus leading to organized and targeted attacks. We have concluded that intrusions are inevitable, and have focused on strategies to work through the attack while limiting the losses. Our approach, called Self Cleansing Intrusion Tolerance (SCIT), leads to the next generation of secure servers. SCIT shifts the focus from intrusion avoidance to reducing the losses resulting from an intrusion. This additional layer of defense is justified, because the current reactive approaches cannot keep up with the rapidly increasing new threats.
Rationalization and Defense in Depth - Two Steps Closer to the CloudBob Rhubart
Security represents one of the biggest concerns about cloud computing. In this session we’ll get past the FUD with a real-world look at some key issues. We’ll discuss the infrastructure necessary to support rationalization and security services, explore architecture for defense –in-depth, and deal frankly with the good, the bad, and the ugly in Cloud security. (As presented by Dave Chappelle at OTN Architect Day in Chicago, October 24, 2011.)
This document discusses security breaches at Sony, HBGary, and RSA and identifies common weaknesses that allowed the attacks to succeed. It then reviews practices and solutions that could help prevent such breaches, including improved user training, message screening, vulnerability management, and infrastructure visibility. The document emphasizes that deploying security solutions without effective monitoring renders them less useful for defense against modern targeted attacks, zero-day vulnerabilities, and custom malware.
The document discusses web application security and securing the software development lifecycle. It notes that web applications are the top target of hackers, with many sites being vulnerable. It emphasizes that network defenses like firewalls are not enough, and that application security needs to be addressed throughout development. The document promotes IBM Rational products for automating security testing of web applications across the entire development lifecycle.
Pramod Yadav_Security Operations Center ManagerPramod Yadav
Pramod Yadav is an experienced IT security professional with 10 years of experience in information security compliance, security operations, risk management, and project management. He has a Bachelor's degree in Science from Mumbai University and several professional certifications. He is currently pursuing the CISSP security certification. Pramod has worked as a SOC Manager at IBM and Security Operations Lead at Wipro, managing security operations centers and security solutions.
Security assessment for financial institutionsZsolt Nemeth
Group-IB is a cybersecurity company founded in 2003 in Russia that provides services such as security analysis, penetration testing, computer forensics, incident response, and malware intelligence. It has expanded internationally and now has over 60 employees. The company operates the first 24/7 cybersecurity response team in Eastern Europe called CERT-GIB. Group-IB works with many financial institutions and has expertise in vulnerabilities specific to the banking/e-commerce sector.
The document discusses the Cisco Catalyst 6500 and Firewall Services Module (FWSM). It notes the importance of data center security and protecting servers from attacks. The Cisco Catalyst 6500 delivers security through features like network admission control, identity-based networking, and intrusion prevention. It can consolidate security functions to reduce power consumption. The FWSM integrates firewall capabilities into the Cisco Catalyst 6500 and 7600 series switches in a high-performance module.
The document discusses trends in IT security innovations and solutions. It covers topics like mobility raising security issues, common security problems in enterprises, and the need for monitoring systems, encryption, and network visibility solutions to address vulnerabilities. The presentation promotes specific products from SpectorSoft, PGP, and Lumension that can help with monitoring, encryption, and network access control.
The document discusses remote access VPN technologies for the Cisco ASA including SSLVPN, WebVPN, and IPSecVPN. It provides information on VPN client options like the AnyConnect VPN client, Cisco VPN client, and web VPN. The document also summarizes how to configure VPN connections on the ASA including AnyConnect client connections, VPN technologies, and VPN connection flows. It includes details on clientless web VPN features and plugins as well as client-based SSL VPN configuration.
CYBER INTELLIGENCE & RESPONSE TECHNOLOGYjmical
This document provides an overview of AccessData's Cyber Intelligence Response Technology (CIRT) platform. CIRT offers an integrated suite of digital forensics and incident response capabilities including network forensics, host-based forensics, data auditing, and malware analysis. Key features include an agent that can independently collect and store data from endpoints, a Cerberus module that analyzes files for malicious behaviors without signatures or prior knowledge, and modules for analyzing removable media, volatile memory, and network packet captures. The platform allows multiple teams such as incident response, computer forensics, and compliance to collaborate on investigations.
Refense Security Risk Briefing July 2009apompliano
Refense provides vulnerability management and compliance checking for network infrastructure devices such as routers, switches, firewalls, and wireless access points. It uses a non-intrusive, agentless approach to conduct in-depth analysis of devices and identify vulnerabilities, configuration issues, and deviations from security policies. Refense offers both on-premise appliance and managed service options that are scalable, easy to implement, and provide comprehensive reporting and risk mitigation intelligence.
At VMworld 2012, Symantec announced new solutions and technical integrations with VMware across its entire product portfolio to ensure higher levels of protection for virtualized environments. Together, Symantec and VMware enable SMBs and enterprises to use the benefits of virtualization without compromising protection.
Symantec announced new offerings to create a trusted ecosystem of applications and partners to help businesses accelerate the execution of their mobility initiatives. The offerings include two new programs – the App Center Ready Program for application developers and the Mobility Solution Specialization Program for channel partners – as well as a single mobile suite spanning device management, application management and mobile security.
Network vulnerability assessments evaluate all aspects of a network from behind the firewall to identify potential vulnerabilities that could be exploited by hackers. They provide an effective method to understand an organization's security posture and help keep management informed of deviations from policies. Regular vulnerability assessments should be part of an ongoing security lifecycle to proactively address issues before exploits and identify gaps in security controls, policies, and processes. Axoss offers network vulnerability assessment services using an open-source methodology performed by certified security experts to thoroughly scan networks, locate hosts and services, detect known vulnerabilities, and provide recommendations to eliminate vulnerabilities.
VSD Infotech is an IT services company specializing in information security, network management, and data center solutions. They offer a range of services including: (1) implementing Information Security Management Systems to help organizations securely manage sensitive data according to ISO/IEC 27001 standards, (2) network security assessments and testing, and (3) consulting services to help businesses design and implement secure systems and best practices. They also provide networking solutions and products from technology partners to optimize customer networks.
SCIT-MTD is a patented technique that provides continuous rotation of virtual machines to a pristine state in order to remove malware and limit the time intruders have to exploit systems. It uses virtualization and fast VM rotation times of less than a minute to dynamically change systems into moving targets. This makes it difficult for attackers to gain access and plan attacks before being removed from the system. SCIT-MTD can be implemented without changes to existing systems and improves security even without knowing the details of vulnerabilities or malware.
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...Symantec
Symantec Endpoint Protection 12, optimized for virtual environments, offers organizations the vital protection needed to effectively safeguard information from attackers. Symantec Protection Center 2.0 draws upon correlated visibility from multiple security products to provide relevant actionable intelligence that reduces risks to business.
This document provides an overview of intrusion detection and data loss prevention. It discusses the challenges of data loss and how data loss prevention (DLP) addresses them. DLP helps organizations discover where sensitive data is located, monitor how it is being used, and protect it from leaving the network without authorization. The presentation outlines how DLP works and provides examples of how DLP can be used to fix exposed data, protect intellectual property and customer information, and continuously reduce security risks.
The variety and complexity of cyber attacks is increasing. The attackers have a strong economic and political motivation thus leading to organized and targeted attacks. We have concluded that intrusions are inevitable, and have focused on strategies to work through the attack while limiting the losses. Our approach, called Self Cleansing Intrusion Tolerance (SCIT), leads to the next generation of secure servers. SCIT shifts the focus from intrusion avoidance to reducing the losses resulting from an intrusion. This additional layer of defense is justified, because the current reactive approaches cannot keep up with the rapidly increasing new threats.
Rationalization and Defense in Depth - Two Steps Closer to the CloudBob Rhubart
Security represents one of the biggest concerns about cloud computing. In this session we’ll get past the FUD with a real-world look at some key issues. We’ll discuss the infrastructure necessary to support rationalization and security services, explore architecture for defense –in-depth, and deal frankly with the good, the bad, and the ugly in Cloud security. (As presented by Dave Chappelle at OTN Architect Day in Chicago, October 24, 2011.)
This document discusses security breaches at Sony, HBGary, and RSA and identifies common weaknesses that allowed the attacks to succeed. It then reviews practices and solutions that could help prevent such breaches, including improved user training, message screening, vulnerability management, and infrastructure visibility. The document emphasizes that deploying security solutions without effective monitoring renders them less useful for defense against modern targeted attacks, zero-day vulnerabilities, and custom malware.
The document discusses web application security and securing the software development lifecycle. It notes that web applications are the top target of hackers, with many sites being vulnerable. It emphasizes that network defenses like firewalls are not enough, and that application security needs to be addressed throughout development. The document promotes IBM Rational products for automating security testing of web applications across the entire development lifecycle.
Pramod Yadav_Security Operations Center ManagerPramod Yadav
Pramod Yadav is an experienced IT security professional with 10 years of experience in information security compliance, security operations, risk management, and project management. He has a Bachelor's degree in Science from Mumbai University and several professional certifications. He is currently pursuing the CISSP security certification. Pramod has worked as a SOC Manager at IBM and Security Operations Lead at Wipro, managing security operations centers and security solutions.
Security assessment for financial institutionsZsolt Nemeth
Group-IB is a cybersecurity company founded in 2003 in Russia that provides services such as security analysis, penetration testing, computer forensics, incident response, and malware intelligence. It has expanded internationally and now has over 60 employees. The company operates the first 24/7 cybersecurity response team in Eastern Europe called CERT-GIB. Group-IB works with many financial institutions and has expertise in vulnerabilities specific to the banking/e-commerce sector.
The document discusses the Cisco Catalyst 6500 and Firewall Services Module (FWSM). It notes the importance of data center security and protecting servers from attacks. The Cisco Catalyst 6500 delivers security through features like network admission control, identity-based networking, and intrusion prevention. It can consolidate security functions to reduce power consumption. The FWSM integrates firewall capabilities into the Cisco Catalyst 6500 and 7600 series switches in a high-performance module.
The document discusses trends in IT security innovations and solutions. It covers topics like mobility raising security issues, common security problems in enterprises, and the need for monitoring systems, encryption, and network visibility solutions to address vulnerabilities. The presentation promotes specific products from SpectorSoft, PGP, and Lumension that can help with monitoring, encryption, and network access control.
The document discusses remote access VPN technologies for the Cisco ASA including SSLVPN, WebVPN, and IPSecVPN. It provides information on VPN client options like the AnyConnect VPN client, Cisco VPN client, and web VPN. The document also summarizes how to configure VPN connections on the ASA including AnyConnect client connections, VPN technologies, and VPN connection flows. It includes details on clientless web VPN features and plugins as well as client-based SSL VPN configuration.
CYBER INTELLIGENCE & RESPONSE TECHNOLOGYjmical
This document provides an overview of AccessData's Cyber Intelligence Response Technology (CIRT) platform. CIRT offers an integrated suite of digital forensics and incident response capabilities including network forensics, host-based forensics, data auditing, and malware analysis. Key features include an agent that can independently collect and store data from endpoints, a Cerberus module that analyzes files for malicious behaviors without signatures or prior knowledge, and modules for analyzing removable media, volatile memory, and network packet captures. The platform allows multiple teams such as incident response, computer forensics, and compliance to collaborate on investigations.
The document discusses security principles for web applications, including identifying threats like spoofing and tampering, vulnerabilities, and attacks. It emphasizes authenticating and authorizing users, implementing measures like encryption to ensure confidentiality and integrity of data, and making systems available through techniques such as throttling. The document also provides examples of network, host, and application level threats and corresponding countermeasures.
Symantec Endpoint Protection 12 provides a single agent and console for antivirus, antispyware, firewall, and other protections across Windows and Mac devices. It uses a new Insight technology powered by data from over 175 million endpoints to detect emerging and mutated threats that evade traditional signature-based scanning. Insight analyzes factors like file age, frequency, location, and community reputation ratings to proactively protect against new threats. Testing shows Symantec provides the most effective security with fewer false positives than competitors like Sophos, Kaspersky, Trend Micro, Microsoft, and McAfee.
This document discusses security considerations for cloud computing versus on-premise security. It notes that while many think cloud security is managed similarly to on-premise, obtaining access to one node could provide access to the entire infrastructure. It then lists various security standards and guidelines for cloud security. Potential attack vectors like outdated software, weak configurations, and vulnerabilities in cloud applications are covered. The challenges of incident response and forensics in large cloud infrastructures are also addressed. Recommendations include conducting security assessments, access control, logging, multi-factor authentication, and employee education.
Tech Throwdown: Secure Containerization vs WhitelistingInvincea, Inc.
To address the inadequacy of traditional anti-virus solutions, white-listing and secure containerization approaches have both gained traction in the enterprise. Both approaches have the overarching goal of preventing a successful breach at the endpoint, but each works differently and also focus on different parts of the cyber kill chain.
Invincea, a secure containerization solution, inoculates high-risk and Internet-facing applications against attack by running them in secure virtual containers, which have restricted access to the underlying host OS. This effectively removes the most common means of delivering the infection (see figure below). Any successful exploits of targeted applications (such as IE, Java, Flash, etc.), including by 0-day exploits, are kept safely in quarantine where additional forensic details may be uncovered.
Whitelisting attempts to prevent infections by allowing only certain known executables to run. This means whitelisting solutions will not see initial exploits; rather, whitelisting focuses on the next step beyond the exploit where many attacks then attempt to launch 2<sup>nd</sup> stage (malicious) executables with additional goals such as privilege escalation, lateral movement, or data exfiltration. In other words, whitelisting solutions do not have visibility into exploits of existing programs and for memory-resident malware. In addition, whitelisting solutions that prevent unknown software from running will flag legitimate software (such as patches) that are not updated with the whitelist.
Risk Factory: PCI Compliance in the CloudRisk Crew
The document discusses PCI compliance in the cloud. It begins with an overview of cloud computing models including IaaS, PaaS, and SaaS. It then discusses the PCI Data Security Standard and some of the challenges in implementing it in the cloud. Key points for cloud compliance are scoping requirements carefully, using service level agreements, and implementing compensating controls where needed. The document provides advice for both cloud clients and vendors in achieving PCI compliance.
This document discusses building confidence in cloud security. It outlines challenges in cloud computing like loss of physical controls and new attack surfaces. It proposes making cloud security equal to or better than traditional enterprise security by securing connections, applications/data/traffic, and devices. The document also discusses extending security policies to virtualized and private clouds and providing visibility and control across cloud infrastructures. Finally, it discusses McAfee's datacenter security solutions for servers, virtual machines, and databases.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Scalar Decisions
Simon Wong and Chris Cram, Scalar security experts, discuss how Palo Alto Networks technology disrupts the entire malware kill chain. Attendees will also gain insight on flexible deployment options to better serve their mobile users, and how to get the most out of their Palo Alto Networks deployment.
Cloud Security Checklist and Planning Guide Summary Intel IT Center
A summary of the cloud security checklist and practical planning guide to help integrate security planning into cloud computing initiatives—from data center to endpoint devices. Includes encryption, infrastructure security, and trusted compute pools.
This presentation was given at the BSidesMemphis 2012 and DerbyCon 2012 information security conferences. It lays out the process that a person should follow to implement a database security program specific to their organization.
The document discusses predictive security intelligence and how it can drive productive partnerships between security, audit, and risk teams. It outlines FICO's security analytics journey and how their business challenges parallel those in security. Core Security's CORE Insight solution provides predictive threat analysis and visualization to help prioritize vulnerabilities and understand an organization's overall security posture. Intelligence and metrics can bridge gaps between teams by conveying risk in a common language and validating security controls.
What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...Khazret Sapenov
This document discusses the growing demand from customers for cloud computing services and the challenges cloud providers face in meeting those demands. It notes that while public cloud adoption is growing, many customers still have security and privacy concerns that inhibit greater private and hybrid cloud use. The document outlines strategies for cloud providers to provide more compelling security solutions through open standards-based, collaborative approaches between hardware and software vendors to secure datacenters, connections, devices and workloads across cloud infrastructures. It also discusses the rise of "big data" from billions of connected devices and the potential value of analyzing this untapped data for industries like healthcare and government.
The document discusses security best practices, focusing on the Microsoft Security Development Lifecycle (SDL). The SDL is a 6-month iterative process that includes threat modeling, secure coding guidelines, code reviews, testing, and response. It aims to integrate security into all phases of development. Key SDL principles discussed are attack surface reduction, basic privacy, threat modeling, defense in depth, least privilege, and secure defaults.
Mitigating Risk for the Mobile Worker: Novell ZENworks Endpoint Security Mana...Novell
Mobility is a fact of organizational life, and administrators have a business imperative to make their end users as productive on the go as they are in the office. But mobile productivity can't come at the expense of security. Attend this session to learn about Novell ZENworks Endpoint Security Management and its role in enabling secure mobile productivity. Keeping your network safe, your data protected and you users productive is more important than ever. Learn how you do all three with comprehensive and centralized endpoint security management solutions from Novell.
The document discusses threat modeling for web applications. It begins by defining threat modeling as an approach for analyzing security before coding to identify, mitigate, and prioritize threats. It then outlines the threat modeling process, including when to conduct it, who should be involved, how to describe the application, identify threats and potential weaknesses, determine mitigations, and document findings. Key points are that threat modeling finds different flaws than other security activities, involves understanding business objectives and technical details, and provides guidance for further security work.
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...Skoda Minotti
This document discusses how data loss prevention (DLP) controls and vulnerability scanning software can help with IT compliance and governance. It describes how DLP tools can aid in policy development, identify data to be protected, and provide audit reports. Vulnerability scanners can identify network device weaknesses and validate machine configurations. The document also provides an overview of a DLP solution from CTH Technologies that uses agents to monitor, analyze, and mitigate risk across desktops, customer and employee data, and applications.
Similar to It's 2012 and My Network Got Hacked - Omar Santos (20)
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
4. Ten years ago,
employees were
assigned laptops
and told not to lose
them.
They were given
logins to the
company network,
and told not to tell
anyone their
password.
“End of security training.”
5. Today Your Workers are
Loaded with Devices, and Not Overly
Concerned About Security
6. According to PAST Studies
“the Internet” will DOUBLE
in size every 5.32 years.
20. Agenda: Case Studies
Case Study 1: Remote Access VPN #FAIL
Case Study 2: Great Homework!
Case Study 3: Awesome New leet Gadgets
Case Study 4: Pwning the Data Center
22. Remote Access
How Admins Continue to #FAIL
What Happened? How It Happened…
Unauthorized Access via
1 Attacker Exploited the
“Authentication Bypass
Clientless SSL VPN several Vulnerability” described in
times for about 3-4 weeks. CVE-2010-0568
The Cisco ASA was not patched for
the vulnerability
Attacker was able to compromise
other internal systems and stole
several documents / information.
23. How It Was Detected…
Your own sub headline
Uh?
In a monthly VPN activity report admins
Monthly VPN Activity Report noticed that a user called anonwannabe
logged in several times for a period of 3-4
weeks.
Say What!?!?!
The username did not conform to their
User anonwannabe?? active directory standards.
Seriously?
After further investigation, they found that
OLD CVE! VPN authentication was being bypassed in
their Cisco ASA cluster as a result of CVE-
CVE-2010-0568 2010-0568.
25. Patch Management – Proactive Security
Vulnerability
Announced Identify Patch/Fix is
by Vendor Workarounds Tested
Identify Patch/Fix is Patch is
Affected Obtained Implemented
Devices
Identification/ Fix Tested and
Awareness
Correlation Implemented
• You need to keep • Identify vulnerable • Test
up with devices • Certify
vulnerability • Identify potential Image/Software
announcements workarounds and • Implement
from vendors at network mitigations
all times.
26. Incident Management – Reactive Security
T0 Te Ti Tc
TEvent Tincident Tcontainment
(Te-To) (Ti-Te) (Tc-Ti)
To = Time when an event occurs on the network
Te = Time when the event is detected on the network
Ti = Time when the event is classified as an incident
Tc = Time when the incident is contained on the network
27. Analyzing and Applying Security
Business Relevance Security Policies Security Principals Security Actions
Identify
Business Goals Threat and Risk
and Objectives Assessment Visibility Monitor
Correlate
???
Security
Policies
Harden
Threats to Goals
Control Isolate
Security
and Objectives Operations
Enforce
Specific business goals, and the Describes the iterative Describes the primary security Describes essential actions
threats to goal attainment development and monitoring of principals that are affected by that enable Visibility and
security policies security policies Control
28. A framework for the key principals required by a network to achieve a
strong security posture
Security Control Framework
Total Visibility Complete Control
Identity, Trust, Compliance, Event, and Security Policy Enforcement and Event
Performance Monitoring Mitigation
Identify Monitor Correlate Harden Isolate Enforce
Separate and
Observe and Build
Withstand and create Ensure network
Identify who or monitor intelligence
recover from boundaries conforms to a
what is using activities from activities
security around users, desired state or
the network occurring on the occurring on the
anomalies traffic and behavior
network network
devices
Increase Security and Resiliency in Networks and Services
29. Creating Security Metrics
Provides tool for security folks to measure the effectiveness of various
components of their security programs, product or process, and the ability
of staff to address security issues for which they are responsible
Can also help identify the level of risk in not taking a given action, and in
that way provide guidance in prioritizing corrective actions
With gained knowledge, security managers can better answer hard
questions from their executives and others, such as:
Are we more secure today Have we improved from
Are we secure enough?
than we were before? last year?
30. Operational Security Metrics
• How long does it take to identify an event?
Incident
• How long does it take to identify an incident?
Management
• How long does it take to contain an incident?
• What percent of devices are in compliance with
Device certified software image
Compliance
• What percent of devices are in compliance with
standard configuration templates?
31. Operational Security Metrics
• How long does it take you to become aware
of the new vulnerability announcements
from vendors?
• How long does it take to identify affected
devices?
Patch
Management • How long does it take to implement
workarounds (when available)?
• How long does it take for you to test and
implement the fix/patch?
34. How It Happened..
1 6
Data was
Found users transferred
to target externally
from sites
like
Facebook
3 5
Data was
Naïve users
acquired
opened the
from
exploit that
targeted
2 installed a
You Got servers
backdoor.
Sent Mail!!!
Targeted
email with 4
malicious
Other users and devices
attachment
were attacked for
escalation of privileges
35. How *It* was Detected..
They were notified by external sources that several
internal confidential records/documents were
posted. After post-incident forensic activity, they
found several machines communicating over TCP
port 6969 outside of the US
36. What Technologies Did You Have In Place?
AAA in all Networking Devices
Secure Protocols such as SSH
Core Layer
Redundancy (Logical & Physical)
NetFlow and Event Monitoring
Distribution Layer
Firewalls
Intrusion Prevention Systems (IPS)
Control Plane Policing (CoPP)
Virtual Switch Systems (VSS)
Access Layer Endpoint Protection (AV, FW)
Layer 2 and 3 security practices
37. Quick Analysis of the Attack
Exploited Human Weaknesses
Exploited Zero-day vulnerabilities
Exploited Gaps in Infrastructure
Exploited Gaps in Network Monitoring
38. All Those Technologies and Still Got Pwned?
E-Reputation
Monitoring and Control
Social Media Email Why allowed
User Awareness Training
Threats Reputation traffic to ports
Security Web known for
Policies Reputation Botnets?
Emerging
Threats Is monitoring
Leverage enabled on all
Training: network and
• Facebook
security
• APWG devices?
• Stop Badware
39. Operational Security Metrics
User
Awareness • What percent of employees have read and
Training acknowledged the corporate security policies
• What percent of unauthorized data flows are
found on firewalls
Monitoring • What percent of network and security devices are
being remotely monitored?
• What percent of network is being content filtered
42. How It Happened..
Our retail store in
Mobile, Alabama
was, apparently, not
physically secured.
Finally, they Hackers plugged
transferred sensitive and hid a wireless
data outside of the DEVICE on the
network network
They sniffed traffic They controlled the
to extract user router over an
credentials with encrypted wireless
escalated privileges connection
43. How *It* was Detected..
Law enforcement agencies
traced a number of fraudulent
purchases all over the country,
with one commonality – all
victims had used their cards in
our company stores.
44. What Technologies Did You Have
In Place?
AAA in all Networking Devices
Secure Protocols such as SSH
Branch Network
Redundancy (Logical & Physical)
NetFlow and Event Monitoring
Private
Corporate WAN
Network Routing Protocol Security
WAN edge acting as firewall & IPS
Control Plane Policing (CoPP)
QoS for traffic prioritization
GETVPN to encrypt all WAN traffic
46. All Those Technologies and
Still Got Pwned?
Network Device Shutting down Unlocked/unrest
Physical Security
AAA Management
Restricted Access
Authentication? unused ports? ricted wiring
Network User closets?
Authentication? Traffic filtering
Guest Access from branch to Monitoring via
with network corporate cameras?
restrictions? network?
47. Operational Security Metrics
• What percent of unauthorized devices are on
Device the network?
• How long does it take to locate device from its
Identity IP address in real-time?
Management • How long does it take to locate device from its
IP address using historical logs?
• What percent of unauthorized users are on
User the network
• How long does it take to identify user from its
Identity IP address in real-time?
Management • How long does it take to identify user from its
IP address from historical logs?
49. What Happened!?!?
Hackers stole customer data that
was stored in a datacenter in North
Carolina.
50. How Did It Happen..
Corporate Network
Cat 6k Cat 6k
Data Center
Core
A newly installed server hosting an in-
house-developed application was Nexus Nexus Aggregation Layer
7k 7k ASA
compromised andASA attacker was able to
5585X 5585X
gain access to numerous records from
other servers and databases.
ACE + WAF Services Layer
Cat 6k
Cat 6k
Access Layer
IPS IPS
SAN
N SAN
UCS
Storage
Storage
51. Quick Analysis of the Attack
Exploited Vulnerability in Open Source
Software used in new application along with
other insecure coding practices
Exploited zero-day vulnerabilities in
underlying Linux Operating System
Exploited Gaps in DC Infrastructure
52. What Technologies Did You Have In
Place?
Firewalls, IPS, WAFs, Netflow Cat 6k
Data Center Cat 6k
Core
Nexus Nexus Aggregation Layer
7k 7k ASA
ASA
5585X 5585X
ACE + WAF Services Layer
Cat 6k
Cat 6k
Access Layer
IPS IPS
SAN SAN
UCS
Storage
Storage
53. Firewalls at the aggregation layer
Corporate Network excellent filtering
provide an
point and first layer of
Cat 6k
protection.
Cat 6k
Data Center
Core
Nexus Nexus Aggregation Layer
7k 7k ASA
ASA
5585X 5585X
However, they do not provide
ACE + WAF Services Layer
isolation between
servers/services Cat 6k
Cat 6k
Access Layer
IPS IPS
SAN SAN
UCS
Storage
Storage
54. All Those Technologies and Still Got
Pwned?
Keep up with 3rd Party Isolation provides
Application Security
DC Infrastructure
Security Patches the first layer of
security for the data
center and server-
Secure Code Best farm.
Practices:
Depending on the
- Static Analysis
goals of the design it
- ASLR, X-Space can be achieved
- Safe C Libraries and through the use of
OWASP Java libraries firewalls, access lists,
VLANS, and/or
physical separation.
55. What Happens in a Virtualized
Environment..
Traffic flows within
virtualized environments
sometimes do not even
touch physical devices.
For example, traffic
between these VMs do
not even leave the
physical hardware.
56. Virtual Security Gateways (VSGs)
• You can transparently insert a
Cisco VSG into the VMware
vSphere environment where
the Cisco Nexus 1000V
distributed virtual switch is
deployed.
• One or more instances can
be deployed on a per-tenant
basis.
• Tenants are isolated from
each other, so no traffic can
cross tenant boundaries.
• You can deploy the Cisco
VSG at the tenant level, at
the virtual data center (vDC)
level, and at the vApp level.
57. Operational Security Techniques
and Metrics
• How often do you perform
application robustness audits
(i.e., fuzzing, secure coding best
practices, and patching)?
Application • What percentage of all
Robustness. applications are tested for
security vulnerabilities in a
consistent and repeatable
manner?