SlideShare a Scribd company logo

Crack the Code

Download as PPTX, PDF
InnoTech
InnoTech

This document discusses the cyber attack lifecycle and strategies for advanced adversaries. It describes the typical stages an adversary goes through, including reconnaissance, exploitation, delivery, installation, command and control, and actions on objectives. The adversary's goal is to accomplish their task and exfiltrate information without detection. New strategic approaches are needed to detect threats across all points, including the network edge, endpoints, mobile devices, and clouds. Security controls must innovate faster to reduce the vulnerability gap against sophisticated global attackers.

1 of 34
1 | © 2015, Palo Alto Networks. Confidential and Proprietary. CRACK THE CODE DEFEATING ADVANCED ATTACKERS
Key Perspectives 2 | ©2014, Palo Alto Networks. Confidential and Proprietary. Who is the Adversary? Understanding the Cyber Attack Lifecycle How Attacks Happen
Challenges and Change Introduce Risks 3 | ©2014, Palo Alto Networks. Confidential and Proprietary. Reliance on Multiple Layers of Security Vendors Application Economy Consumerization of IT Internet of Things Social, Mobile, Analytics, CloudOrganizational RiskRisk Exposure Rate of Change/Complexity Decreasing Visibility and Control
Exploring Actor Motivations Hacktivism MischiefWarfareCrimeEspionage Terrorism These are not mutually exclusive $$$
The Advanced Adversary Majority of adversaries are just doing their job: • Bosses, families, bills to pay. • Want to get in, accomplish their task, and get out (un-detected). • Goal isn’t making your life hard. =
The Advanced Adversary Adversaries have a set of tools available to accomplish their task Defenders need a combination of people, process and technology Increase the cost for adversaries.
Cyber Attack Lifecycle Reconnaissance Weaponization and Delivery Exploitation Command-and-Control Actions on the Objective Unauthorized Access Unauthorized Use Installation 7 | ©2014, Palo Alto Networks. Confidential and Proprietary. There is no predictable path for the advanced adversary.
Reconnaissance Identify “open doors” within the organization:  Port scanning  Host sweeps  Common search techniques
Reconnaissance Simple Google Search List of Attendees at a “National Defense Industrial Association”
Reconnaissance Identify the tools used to protect an organization  Content from corporate websites  Third-party sites to identify key targets  Common search techniques
Preventing Recon People & Process Technology Can Only Prevent a Small Number of Recon Techniques
Exploitation Why use malware when you have legitimate credentials? Users are typically the path of least resistance. Exploiting the user 1
Exploitation Exploit Why use a 0-day when 2012-0158/2010-3333 still open? Old vulnerabilities may not be patched. Exploiting the software 2
Exploitation Technology:  If you can’t patch systems, limit access via user-based policy.  Deploy solutions that can prevent exploitation on the endpoint and network, even those that have not been seen before.  Use systems that learn from new exploits and can stop them in real- time. Process:  Keep software patched to reduce the attack surface. People:  Training to recognize phishing attempts and be careful with credentials.
Delivery Technology Technology Becomes Critical to Preventing Advanced Attacks
Delivery Delivering the Exploit or Malware Attackers with a specific target Malicious USB Drives, Network Exploitation, etc. Strategic Web Compromise for attackers targeting people with specific interests Phishing Everything Else Watering Hole
Phishing & Drive-by Download User clicks on link to a malicious website Targeted malicious email sent to user Malicious website silently exploits client-side vulnerability with Web Attack Toolkit System infected, attacker has full access to steal data Drive-by download of malicious payload
http://... Watering hole
Installation Highly customized and unique tools are used for every attack. Off-the-shelf tools are the most common method of attack. RealityMyth
Common Tools 20 | ©2014, Palo Alto Networks. Confidential and Proprietary. Remote Shell Direct access to the OS as logged in user Keylogger  Audio Capture  Screen Capture  Webcam Capture
Common Tools
The Underground Economy “A tool for creating Botnets on Android […] $4,000” • Easily purchase tools. • Discuss tactics with other attackers. Active marketplace for attacks: • Remote access tools. • Malware. • Exploits. • Etc.
The Underground Economy 23 | ©2014, Palo Alto Networks. Confidential and Proprietary. “Peer-to-peer Botnet […] $15,000”
Preventing Delivery and Installation Technology: Prevent malware and exploits at the network level Deploy a solution that can detect new exploits and malware, dynamically updated your protections across AV, URL and DNS. Prevent exploits that have never been seen before on the endpoint User-based policy such as limiting the download of executable files from the Internet Block commonly exploited file- types on your network
Command and Control (CnC) Communicating with infected hosts and providing instructions http://... Customized protocols, with unique encryption types are used for CnC. HTTP is most common for custom backdoors. RealityMyth
Command and Control (CnC) User Land DMZ Ingress/Egress Data Center/Infrastructure Internet Adversary Infrastructure Enterprise and adversary infrastructure
User Land DMZ Ingress/Egress Data Center/Infrastructure Internet Adversary Infrastructure Command and Control (CnC) 27 | ©2014, Palo Alto Networks. Confidential and Proprietary. Information exfiltration Malware automatically captures information Malware for automated exfiltration
User Land DMZ Ingress/Egress Data Center/Infrastructure Internet Adversary Infrastructure Command and Control (CnC) 28 | ©2014, Palo Alto Networks. Confidential and Proprietary. Second stage+ Establish CnC Malware downloads 2nd stage or beacons 2nd stage download and establish CnC channel
URL Filtering DNS Sinkholing Dynamic DNS Detect and Block Preventing Command-and-Control Proactively block high-risk URLs Identify source of malicious DNS queries Dynamic DNS category Common RAT CnC signatures
Actions on the Objective Goals Inside the Network “And Then the Bad Guys Steal All Your Data” These are Completed by an Active Operator
User Land DMZ Ingress/Egress Data Center/Infrastructure Internet Adversary Infrastructure Command and Control (CnC) CnC ultimately enables the attacker’s endgame, Actions on Objectives 31 | ©2014, Palo Alto Networks. Confidential and Proprietary. Objective based commands Information exfiltration Dump domain credentials Steal repository information Steal local credentials Deface or host malware from site Steal local information
New Strategic Approaches to Security Are Needed 32 | ©2014, Palo Alto Networks. Confidential and Proprietary. Security Organizations Are Not Innovating Fast Enough  Existing controls ineffective against new threats  Controls not evolving fast enough Attackers Are Innovating Faster  Sophistication of global attackers  Increasing value of information  Easier targets Vulnerability Gap Continues to Widen  Goal: reduce threat exposure by strengthening controls
Detect & Prevent Threats at Every Point 33 | ©2014, Palo Alto Networks. Confidential and Proprietary. At the Internet Edge Between Employees and Devices within the LAN At the Data Center Edge and between VMs At the Mobile Device Cloud Within Private and Public Clouds  Prevent attacks, both known and unknown  Protect all users and applications, in the cloud or virtualized  Integrate network and endpoint security  Analytics that correlate across the cloud
Preventing Across the Cyber Attack Lifecycle 34 | ©2014, Palo Alto Networks. Confidential and Proprietary. Reconnaissance Weaponization and Delivery Exploitation Command-and-Control Actions on the Objective Unauthorized Access Unauthorized Use Installation Exfiltrate Data4Lateral Movement3Deliver the Malware2Breach the Perimeter1

Recommended

Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chain
Symantec Brasil
 
Drive by downloads-cns
Drive by downloads-cnsDrive by downloads-cns
Drive by downloads-cnsmmubashirkhan
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
IBM Security
 
Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?
Radware
 
Anatomy of a Ransomware Event
Anatomy of a Ransomware EventAnatomy of a Ransomware Event
Anatomy of a Ransomware Event
Art Ocain
 
Hands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! AustinHands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Splunk
 
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
wajug
 
AI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from PatentsAI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from Patents
Alex G. Lee, Ph.D. Esq. CLP
 

Recommended

Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chain
Symantec Brasil
 
Drive by downloads-cns
Drive by downloads-cnsDrive by downloads-cns
Drive by downloads-cnsmmubashirkhan
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
IBM Security
 
Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?
Radware
 
Anatomy of a Ransomware Event
Anatomy of a Ransomware EventAnatomy of a Ransomware Event
Anatomy of a Ransomware Event
Art Ocain
 
Hands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! AustinHands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Splunk
 
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
wajug
 
AI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from PatentsAI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from Patents
Alex G. Lee, Ph.D. Esq. CLP
 
Advanced Threat Protection
Advanced Threat ProtectionAdvanced Threat Protection
Advanced Threat Protection
Lan & Wan Solutions
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security Overview
Cisco Security
 
FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not
MarketingArrowECS_CZ
 
Take the Ransom Out of Ransomware
Take the Ransom Out of RansomwareTake the Ransom Out of Ransomware
Take the Ransom Out of Ransomware
Unitrends
 
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh
 
Industry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacksIndustry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacks
kevinmass30
 
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...
FireEye, Inc.
 
Cyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSCyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoS
Kenny Huang Ph.D.
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chain
Ankita Ganguly
 
FireEye
FireEyeFireEye
FireEye
gigamon
 
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension Inc.
 
Triangulum - Ransomware Evolved - Why your backups arent good enough
Triangulum - Ransomware Evolved - Why your backups arent good enoughTriangulum - Ransomware Evolved - Why your backups arent good enough
Triangulum - Ransomware Evolved - Why your backups arent good enough
Martin Opsahl
 
Bezpečnost není jen antivirus
Bezpečnost není jen antivirusBezpečnost není jen antivirus
Bezpečnost není jen antivirus
MarketingArrowECS_CZ
 
Hands on Security - Disrupting the Kill Chain Breakout Session
Hands on Security - Disrupting the Kill Chain Breakout SessionHands on Security - Disrupting the Kill Chain Breakout Session
Hands on Security - Disrupting the Kill Chain Breakout Session
Splunk
 
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...
ClearDATACloud
 
Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurAnticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
Skybox Security
 
Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.
marketingunitrends
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
UmairFirdous
 
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICES
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICESRansomware Response Guide IBM INCIDENT RESPONSE SERVICES
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICES
Katherine Duffy
 
Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?
InnoTech
 
Nuts & Bolts of the Dynamic Attack Chain
Nuts & Bolts of the Dynamic Attack ChainNuts & Bolts of the Dynamic Attack Chain
Nuts & Bolts of the Dynamic Attack Chain
IBM Security
 

More Related Content

What's hot

Advanced Threat Protection
Advanced Threat ProtectionAdvanced Threat Protection
Advanced Threat Protection
Lan & Wan Solutions
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security Overview
Cisco Security
 
FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not
MarketingArrowECS_CZ
 
Take the Ransom Out of Ransomware
Take the Ransom Out of RansomwareTake the Ransom Out of Ransomware
Take the Ransom Out of Ransomware
Unitrends
 
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh
 
Industry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacksIndustry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacks
kevinmass30
 
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...
FireEye, Inc.
 
Cyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSCyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoS
Kenny Huang Ph.D.
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chain
Ankita Ganguly
 
FireEye
FireEyeFireEye
FireEye
gigamon
 
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension Inc.
 
Triangulum - Ransomware Evolved - Why your backups arent good enough
Triangulum - Ransomware Evolved - Why your backups arent good enoughTriangulum - Ransomware Evolved - Why your backups arent good enough
Triangulum - Ransomware Evolved - Why your backups arent good enough
Martin Opsahl
 
Bezpečnost není jen antivirus
Bezpečnost není jen antivirusBezpečnost není jen antivirus
Bezpečnost není jen antivirus
MarketingArrowECS_CZ
 
Hands on Security - Disrupting the Kill Chain Breakout Session
Hands on Security - Disrupting the Kill Chain Breakout SessionHands on Security - Disrupting the Kill Chain Breakout Session
Hands on Security - Disrupting the Kill Chain Breakout Session
Splunk
 
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...
ClearDATACloud
 
Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurAnticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
Skybox Security
 
Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.
marketingunitrends
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
UmairFirdous
 
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICES
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICESRansomware Response Guide IBM INCIDENT RESPONSE SERVICES
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICES
Katherine Duffy
 

What's hot (20)

Advanced Threat Protection
Advanced Threat ProtectionAdvanced Threat Protection
Advanced Threat Protection
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security Overview
 
FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not
 
Take the Ransom Out of Ransomware
Take the Ransom Out of RansomwareTake the Ransom Out of Ransomware
Take the Ransom Out of Ransomware
 
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
 
Industry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacksIndustry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacks
 
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...
 
Cyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSCyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoS
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chain
 
FireEye
FireEyeFireEye
FireEye
 
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA Compliance
 
Triangulum - Ransomware Evolved - Why your backups arent good enough
Triangulum - Ransomware Evolved - Why your backups arent good enoughTriangulum - Ransomware Evolved - Why your backups arent good enough
Triangulum - Ransomware Evolved - Why your backups arent good enough
 
Bezpečnost není jen antivirus
Bezpečnost není jen antivirusBezpečnost není jen antivirus
Bezpečnost není jen antivirus
 
Hands on Security - Disrupting the Kill Chain Breakout Session
Hands on Security - Disrupting the Kill Chain Breakout SessionHands on Security - Disrupting the Kill Chain Breakout Session
Hands on Security - Disrupting the Kill Chain Breakout Session
 
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...
 
Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurAnticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
 
Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICES
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICESRansomware Response Guide IBM INCIDENT RESPONSE SERVICES
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICES
 

Viewers also liked

Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?
InnoTech
 
Nuts & Bolts of the Dynamic Attack Chain
Nuts & Bolts of the Dynamic Attack ChainNuts & Bolts of the Dynamic Attack Chain
Nuts & Bolts of the Dynamic Attack Chain
IBM Security
 
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
Luigi Delgrosso
 
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
PLUMgrid
 
Inherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV DeploymentsInherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV Deployments
OPNFV
 
InduSoft System security webinar 2012
InduSoft System security webinar 2012InduSoft System security webinar 2012
InduSoft System security webinar 2012
AVEVA
 
Amien Harisen - APT1 Attack
Amien Harisen - APT1 AttackAmien Harisen - APT1 Attack
Amien Harisen - APT1 Attack
Indonesia Honeynet Chapter
 
Security best practices
Security best practicesSecurity best practices
Security best practices
AVEVA
 
Purple teaming Cyber Kill Chain
Purple teaming Cyber Kill ChainPurple teaming Cyber Kill Chain
Purple teaming Cyber Kill Chain
Haydn Johnson
 
The Anatomy of a Data Breach
The Anatomy of a Data BreachThe Anatomy of a Data Breach
The Anatomy of a Data Breach
David Hunt
 
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Knowledge Group
 

Viewers also liked (11)

Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?
 
Nuts & Bolts of the Dynamic Attack Chain
Nuts & Bolts of the Dynamic Attack ChainNuts & Bolts of the Dynamic Attack Chain
Nuts & Bolts of the Dynamic Attack Chain
 
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
 
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
 
Inherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV DeploymentsInherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV Deployments
 
InduSoft System security webinar 2012
InduSoft System security webinar 2012InduSoft System security webinar 2012
InduSoft System security webinar 2012
 
Amien Harisen - APT1 Attack
Amien Harisen - APT1 AttackAmien Harisen - APT1 Attack
Amien Harisen - APT1 Attack
 
Security best practices
Security best practicesSecurity best practices
Security best practices
 
Purple teaming Cyber Kill Chain
Purple teaming Cyber Kill ChainPurple teaming Cyber Kill Chain
Purple teaming Cyber Kill Chain
 
The Anatomy of a Data Breach
The Anatomy of a Data BreachThe Anatomy of a Data Breach
The Anatomy of a Data Breach
 
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
 

Similar to Crack the Code

The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary ReadingThe Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
Muhammad FAHAD
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security Measures
Carl B. Forkner, Ph.D.
 
The Role of Application Control in a Zero-Day Reality
The Role of Application Control in a Zero-Day RealityThe Role of Application Control in a Zero-Day Reality
The Role of Application Control in a Zero-Day Reality
Lumension
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APT
Simone Onofri
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineLastline, Inc.
 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscape
yohansurya2
 
Common Types of Cyber Attacks & How to Prevent Them.pptx
Common Types of Cyber Attacks & How to Prevent Them.pptxCommon Types of Cyber Attacks & How to Prevent Them.pptx
Common Types of Cyber Attacks & How to Prevent Them.pptx
KalponikPrem
 
Cyber security
Cyber securityCyber security
Cyber security
vishakha bhagwat
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network SecurityHarish Chaudhary
 
Software Supply Chain Attacks (June 2021)
Software Supply Chain Attacks (June 2021)Software Supply Chain Attacks (June 2021)
Software Supply Chain Attacks (June 2021)
TzahiArabov
 
NetWitness
NetWitnessNetWitness
NetWitness
TechBiz Forense Digital
 
Chapter 10.0
Chapter 10.0Chapter 10.0
Chapter 10.0
Adebisi Tolulope
 
Understanding Advanced Threats and How to Prevent Them
Understanding Advanced Threats and How to Prevent ThemUnderstanding Advanced Threats and How to Prevent Them
Understanding Advanced Threats and How to Prevent Them
MarketingArrowECS_CZ
 
SDK Whitepaper
SDK WhitepaperSDK Whitepaper
SDK Whitepaper
hanniw79
 
Chapter 2Risk AnalysisCopyright © 2014 by McGraw-Hill Educat
Chapter 2Risk AnalysisCopyright © 2014 by McGraw-Hill EducatChapter 2Risk AnalysisCopyright © 2014 by McGraw-Hill Educat
Chapter 2Risk AnalysisCopyright © 2014 by McGraw-Hill Educat
EstelaJeffery653
 
Kudler Fine Foods IT Security Report And Presentation –...
Kudler Fine Foods IT Security Report And Presentation –...Kudler Fine Foods IT Security Report And Presentation –...
Kudler Fine Foods IT Security Report And Presentation –...
Lana Sorrels
 

Similar to Crack the Code (20)

The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary ReadingThe Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security Measures
 
The Role of Application Control in a Zero-Day Reality
The Role of Application Control in a Zero-Day RealityThe Role of Application Control in a Zero-Day Reality
The Role of Application Control in a Zero-Day Reality
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APT
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscape
 
Common Types of Cyber Attacks & How to Prevent Them.pptx
Common Types of Cyber Attacks & How to Prevent Them.pptxCommon Types of Cyber Attacks & How to Prevent Them.pptx
Common Types of Cyber Attacks & How to Prevent Them.pptx
 
Cyber security
Cyber securityCyber security
Cyber security
 
Gg2511351142
Gg2511351142Gg2511351142
Gg2511351142
 
Gg2511351142
Gg2511351142Gg2511351142
Gg2511351142
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
 
Software Supply Chain Attacks (June 2021)
Software Supply Chain Attacks (June 2021)Software Supply Chain Attacks (June 2021)
Software Supply Chain Attacks (June 2021)
 
APT - Project
APT - Project APT - Project
APT - Project
 
NetWitness
NetWitnessNetWitness
NetWitness
 
Chapter 10.0
Chapter 10.0Chapter 10.0
Chapter 10.0
 
Understanding Advanced Threats and How to Prevent Them
Understanding Advanced Threats and How to Prevent ThemUnderstanding Advanced Threats and How to Prevent Them
Understanding Advanced Threats and How to Prevent Them
 
SDK Whitepaper
SDK WhitepaperSDK Whitepaper
SDK Whitepaper
 
Chapter 2Risk AnalysisCopyright © 2014 by McGraw-Hill Educat
Chapter 2Risk AnalysisCopyright © 2014 by McGraw-Hill EducatChapter 2Risk AnalysisCopyright © 2014 by McGraw-Hill Educat
Chapter 2Risk AnalysisCopyright © 2014 by McGraw-Hill Educat
 
Kudler Fine Foods IT Security Report And Presentation –...
Kudler Fine Foods IT Security Report And Presentation –...Kudler Fine Foods IT Security Report And Presentation –...
Kudler Fine Foods IT Security Report And Presentation –...
 

More from InnoTech

"So you want to raise funding and build a team?"
"So you want to raise funding and build a team?""So you want to raise funding and build a team?"
"So you want to raise funding and build a team?"
InnoTech
 
Artificial Intelligence is Maturing
Artificial Intelligence is MaturingArtificial Intelligence is Maturing
Artificial Intelligence is Maturing
InnoTech
 
What is AI without Data?
What is AI without Data?What is AI without Data?
What is AI without Data?
InnoTech
 
Courageous Leadership - When it Matters Most
Courageous Leadership - When it Matters MostCourageous Leadership - When it Matters Most
Courageous Leadership - When it Matters Most
InnoTech
 
The Gathering Storm
The Gathering StormThe Gathering Storm
The Gathering Storm
InnoTech
 
Sql Server tips from the field
Sql Server tips from the fieldSql Server tips from the field
Sql Server tips from the field
InnoTech
 
Quantum Computing and its security implications
Quantum Computing and its security implicationsQuantum Computing and its security implications
Quantum Computing and its security implications
InnoTech
 
Converged Infrastructure
Converged InfrastructureConverged Infrastructure
Converged Infrastructure
InnoTech
 
Making the most out of collaboration with Office 365
Making the most out of collaboration with Office 365Making the most out of collaboration with Office 365
Making the most out of collaboration with Office 365
InnoTech
 
Blockchain use cases and case studies
Blockchain use cases and case studiesBlockchain use cases and case studies
Blockchain use cases and case studies
InnoTech
 
Blockchain: Exploring the Fundamentals and Promising Potential
Blockchain: Exploring the Fundamentals and Promising Potential Blockchain: Exploring the Fundamentals and Promising Potential
Blockchain: Exploring the Fundamentals and Promising Potential
InnoTech
 
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
InnoTech
 
Using Business Intelligence to Bring Your Data to Life
Using Business Intelligence to Bring Your Data to LifeUsing Business Intelligence to Bring Your Data to Life
Using Business Intelligence to Bring Your Data to Life
InnoTech
 
User requirements is a fallacy
User requirements is a fallacyUser requirements is a fallacy
User requirements is a fallacy
InnoTech
 
What I Wish I Knew Before I Signed that Contract - San Antonio
What I Wish I Knew Before I Signed that Contract - San Antonio What I Wish I Knew Before I Signed that Contract - San Antonio
What I Wish I Knew Before I Signed that Contract - San Antonio
InnoTech
 
Disaster Recovery Plan - Quorum
Disaster Recovery Plan - QuorumDisaster Recovery Plan - Quorum
Disaster Recovery Plan - Quorum
InnoTech
 
Share point saturday access services 2015 final 2
Share point saturday access services 2015 final 2Share point saturday access services 2015 final 2
Share point saturday access services 2015 final 2
InnoTech
 
Sp tech festdallas - office 365 groups - planner session
Sp tech festdallas - office 365 groups - planner sessionSp tech festdallas - office 365 groups - planner session
Sp tech festdallas - office 365 groups - planner session
InnoTech
 
Power apps presentation
Power apps presentationPower apps presentation
Power apps presentation
InnoTech
 
Using rest to create responsive html 5 share point intranets
Using rest to create responsive html 5 share point intranetsUsing rest to create responsive html 5 share point intranets
Using rest to create responsive html 5 share point intranets
InnoTech
 

More from InnoTech (20)

"So you want to raise funding and build a team?"
"So you want to raise funding and build a team?""So you want to raise funding and build a team?"
"So you want to raise funding and build a team?"
 
Artificial Intelligence is Maturing
Artificial Intelligence is MaturingArtificial Intelligence is Maturing
Artificial Intelligence is Maturing
 
What is AI without Data?
What is AI without Data?What is AI without Data?
What is AI without Data?
 
Courageous Leadership - When it Matters Most
Courageous Leadership - When it Matters MostCourageous Leadership - When it Matters Most
Courageous Leadership - When it Matters Most
 
The Gathering Storm
The Gathering StormThe Gathering Storm
The Gathering Storm
 
Sql Server tips from the field
Sql Server tips from the fieldSql Server tips from the field
Sql Server tips from the field
 
Quantum Computing and its security implications
Quantum Computing and its security implicationsQuantum Computing and its security implications
Quantum Computing and its security implications
 
Converged Infrastructure
Converged InfrastructureConverged Infrastructure
Converged Infrastructure
 
Making the most out of collaboration with Office 365
Making the most out of collaboration with Office 365Making the most out of collaboration with Office 365
Making the most out of collaboration with Office 365
 
Blockchain use cases and case studies
Blockchain use cases and case studiesBlockchain use cases and case studies
Blockchain use cases and case studies
 
Blockchain: Exploring the Fundamentals and Promising Potential
Blockchain: Exploring the Fundamentals and Promising Potential Blockchain: Exploring the Fundamentals and Promising Potential
Blockchain: Exploring the Fundamentals and Promising Potential
 
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
 
Using Business Intelligence to Bring Your Data to Life
Using Business Intelligence to Bring Your Data to LifeUsing Business Intelligence to Bring Your Data to Life
Using Business Intelligence to Bring Your Data to Life
 
User requirements is a fallacy
User requirements is a fallacyUser requirements is a fallacy
User requirements is a fallacy
 
What I Wish I Knew Before I Signed that Contract - San Antonio
What I Wish I Knew Before I Signed that Contract - San Antonio What I Wish I Knew Before I Signed that Contract - San Antonio
What I Wish I Knew Before I Signed that Contract - San Antonio
 
Disaster Recovery Plan - Quorum
Disaster Recovery Plan - QuorumDisaster Recovery Plan - Quorum
Disaster Recovery Plan - Quorum
 
Share point saturday access services 2015 final 2
Share point saturday access services 2015 final 2Share point saturday access services 2015 final 2
Share point saturday access services 2015 final 2
 
Sp tech festdallas - office 365 groups - planner session
Sp tech festdallas - office 365 groups - planner sessionSp tech festdallas - office 365 groups - planner session
Sp tech festdallas - office 365 groups - planner session
 
Power apps presentation
Power apps presentationPower apps presentation
Power apps presentation
 
Using rest to create responsive html 5 share point intranets
Using rest to create responsive html 5 share point intranetsUsing rest to create responsive html 5 share point intranets
Using rest to create responsive html 5 share point intranets
 

Recently uploaded

RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...
BBPMedia1
 
The key differences between the MDR and IVDR in the EU
The key differences between the MDR and IVDR in the EUThe key differences between the MDR and IVDR in the EU
The key differences between the MDR and IVDR in the EU
Allensmith572606
 
Recruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media MasterclassRecruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media Masterclass
LuanWise
 
Kseniya Leshchenko: Shared development support service model as the way to ma...
Kseniya Leshchenko: Shared development support service model as the way to ma...Kseniya Leshchenko: Shared development support service model as the way to ma...
Kseniya Leshchenko: Shared development support service model as the way to ma...
Lviv Startup Club
 
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-indiafalcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
Falcon Invoice Discounting
 
amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05
marketing317746
 
Introduction to Amazon company 111111111111
Introduction to Amazon company 111111111111Introduction to Amazon company 111111111111
Introduction to Amazon company 111111111111
zoyaansari11365
 
Exploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social DreamingExploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social Dreaming
Nicola Wreford-Howard
 
Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)
Lviv Startup Club
 
Mastering B2B Payments Webinar from BlueSnap
Mastering B2B Payments Webinar from BlueSnapMastering B2B Payments Webinar from BlueSnap
Mastering B2B Payments Webinar from BlueSnap
Norma Mushkat Gaffin
 
Digital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and TemplatesDigital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and Templates
Aurelien Domont, MBA
 
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBdCree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
creerey
 
-- June 2024 is National Volunteer Month --
-- June 2024 is National Volunteer Month ---- June 2024 is National Volunteer Month --
-- June 2024 is National Volunteer Month --
NZSG
 
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdfikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
agatadrynko
 
The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...
Adam Smith
 
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.docBài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc
daothibichhang1
 
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
Lviv Startup Club
 
Enterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdfEnterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdf
KaiNexus
 
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdfikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
agatadrynko
 
The-McKinsey-7S-Framework. strategic management
The-McKinsey-7S-Framework. strategic managementThe-McKinsey-7S-Framework. strategic management
The-McKinsey-7S-Framework. strategic management
Bojamma2
 

Recently uploaded (20)

RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...
 
The key differences between the MDR and IVDR in the EU
The key differences between the MDR and IVDR in the EUThe key differences between the MDR and IVDR in the EU
The key differences between the MDR and IVDR in the EU
 
Recruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media MasterclassRecruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media Masterclass
 
Kseniya Leshchenko: Shared development support service model as the way to ma...
Kseniya Leshchenko: Shared development support service model as the way to ma...Kseniya Leshchenko: Shared development support service model as the way to ma...
Kseniya Leshchenko: Shared development support service model as the way to ma...
 
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-indiafalcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
 
amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05
 
Introduction to Amazon company 111111111111
Introduction to Amazon company 111111111111Introduction to Amazon company 111111111111
Introduction to Amazon company 111111111111
 
Exploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social DreamingExploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social Dreaming
 
Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)
 
Mastering B2B Payments Webinar from BlueSnap
Mastering B2B Payments Webinar from BlueSnapMastering B2B Payments Webinar from BlueSnap
Mastering B2B Payments Webinar from BlueSnap
 
Digital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and TemplatesDigital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and Templates
 
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBdCree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
 
-- June 2024 is National Volunteer Month --
-- June 2024 is National Volunteer Month ---- June 2024 is National Volunteer Month --
-- June 2024 is National Volunteer Month --
 
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdfikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
 
The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...
 
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.docBài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc
 
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
 
Enterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdfEnterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdf
 
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdfikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
 
The-McKinsey-7S-Framework. strategic management
The-McKinsey-7S-Framework. strategic managementThe-McKinsey-7S-Framework. strategic management
The-McKinsey-7S-Framework. strategic management
 

Crack the Code

  • 1. 1 | © 2015, Palo Alto Networks. Confidential and Proprietary. CRACK THE CODE DEFEATING ADVANCED ATTACKERS
  • 2. Key Perspectives 2 | ©2014, Palo Alto Networks. Confidential and Proprietary. Who is the Adversary? Understanding the Cyber Attack Lifecycle How Attacks Happen
  • 3. Challenges and Change Introduce Risks 3 | ©2014, Palo Alto Networks. Confidential and Proprietary. Reliance on Multiple Layers of Security Vendors Application Economy Consumerization of IT Internet of Things Social, Mobile, Analytics, CloudOrganizational RiskRisk Exposure Rate of Change/Complexity Decreasing Visibility and Control
  • 4. Exploring Actor Motivations Hacktivism MischiefWarfareCrimeEspionage Terrorism These are not mutually exclusive $$$
  • 5. The Advanced Adversary Majority of adversaries are just doing their job: • Bosses, families, bills to pay. • Want to get in, accomplish their task, and get out (un-detected). • Goal isn’t making your life hard. =
  • 6. The Advanced Adversary Adversaries have a set of tools available to accomplish their task Defenders need a combination of people, process and technology Increase the cost for adversaries.
  • 7. Cyber Attack Lifecycle Reconnaissance Weaponization and Delivery Exploitation Command-and-Control Actions on the Objective Unauthorized Access Unauthorized Use Installation 7 | ©2014, Palo Alto Networks. Confidential and Proprietary. There is no predictable path for the advanced adversary.
  • 8. Reconnaissance Identify “open doors” within the organization:  Port scanning  Host sweeps  Common search techniques
  • 9. Reconnaissance Simple Google Search List of Attendees at a “National Defense Industrial Association”
  • 10. Reconnaissance Identify the tools used to protect an organization  Content from corporate websites  Third-party sites to identify key targets  Common search techniques
  • 11. Preventing Recon People & Process Technology Can Only Prevent a Small Number of Recon Techniques
  • 12. Exploitation Why use malware when you have legitimate credentials? Users are typically the path of least resistance. Exploiting the user 1
  • 13. Exploitation Exploit Why use a 0-day when 2012-0158/2010-3333 still open? Old vulnerabilities may not be patched. Exploiting the software 2
  • 14. Exploitation Technology:  If you can’t patch systems, limit access via user-based policy.  Deploy solutions that can prevent exploitation on the endpoint and network, even those that have not been seen before.  Use systems that learn from new exploits and can stop them in real- time. Process:  Keep software patched to reduce the attack surface. People:  Training to recognize phishing attempts and be careful with credentials.
  • 16. Delivery Delivering the Exploit or Malware Attackers with a specific target Malicious USB Drives, Network Exploitation, etc. Strategic Web Compromise for attackers targeting people with specific interests Phishing Everything Else Watering Hole
  • 17. Phishing & Drive-by Download User clicks on link to a malicious website Targeted malicious email sent to user Malicious website silently exploits client-side vulnerability with Web Attack Toolkit System infected, attacker has full access to steal data Drive-by download of malicious payload
  • 19. Installation Highly customized and unique tools are used for every attack. Off-the-shelf tools are the most common method of attack. RealityMyth
  • 20. Common Tools 20 | ©2014, Palo Alto Networks. Confidential and Proprietary. Remote Shell Direct access to the OS as logged in user Keylogger  Audio Capture  Screen Capture  Webcam Capture
  • 22. The Underground Economy “A tool for creating Botnets on Android […] $4,000” • Easily purchase tools. • Discuss tactics with other attackers. Active marketplace for attacks: • Remote access tools. • Malware. • Exploits. • Etc.
  • 23. The Underground Economy 23 | ©2014, Palo Alto Networks. Confidential and Proprietary. “Peer-to-peer Botnet […] $15,000”
  • 24. Preventing Delivery and Installation Technology: Prevent malware and exploits at the network level Deploy a solution that can detect new exploits and malware, dynamically updated your protections across AV, URL and DNS. Prevent exploits that have never been seen before on the endpoint User-based policy such as limiting the download of executable files from the Internet Block commonly exploited file- types on your network
  • 25. Command and Control (CnC) Communicating with infected hosts and providing instructions http://... Customized protocols, with unique encryption types are used for CnC. HTTP is most common for custom backdoors. RealityMyth
  • 26. Command and Control (CnC) User Land DMZ Ingress/Egress Data Center/Infrastructure Internet Adversary Infrastructure Enterprise and adversary infrastructure
  • 27. User Land DMZ Ingress/Egress Data Center/Infrastructure Internet Adversary Infrastructure Command and Control (CnC) 27 | ©2014, Palo Alto Networks. Confidential and Proprietary. Information exfiltration Malware automatically captures information Malware for automated exfiltration
  • 28. User Land DMZ Ingress/Egress Data Center/Infrastructure Internet Adversary Infrastructure Command and Control (CnC) 28 | ©2014, Palo Alto Networks. Confidential and Proprietary. Second stage+ Establish CnC Malware downloads 2nd stage or beacons 2nd stage download and establish CnC channel
  • 29. URL Filtering DNS Sinkholing Dynamic DNS Detect and Block Preventing Command-and-Control Proactively block high-risk URLs Identify source of malicious DNS queries Dynamic DNS category Common RAT CnC signatures
  • 30. Actions on the Objective Goals Inside the Network “And Then the Bad Guys Steal All Your Data” These are Completed by an Active Operator
  • 31. User Land DMZ Ingress/Egress Data Center/Infrastructure Internet Adversary Infrastructure Command and Control (CnC) CnC ultimately enables the attacker’s endgame, Actions on Objectives 31 | ©2014, Palo Alto Networks. Confidential and Proprietary. Objective based commands Information exfiltration Dump domain credentials Steal repository information Steal local credentials Deface or host malware from site Steal local information
  • 32. New Strategic Approaches to Security Are Needed 32 | ©2014, Palo Alto Networks. Confidential and Proprietary. Security Organizations Are Not Innovating Fast Enough  Existing controls ineffective against new threats  Controls not evolving fast enough Attackers Are Innovating Faster  Sophistication of global attackers  Increasing value of information  Easier targets Vulnerability Gap Continues to Widen  Goal: reduce threat exposure by strengthening controls
  • 33. Detect & Prevent Threats at Every Point 33 | ©2014, Palo Alto Networks. Confidential and Proprietary. At the Internet Edge Between Employees and Devices within the LAN At the Data Center Edge and between VMs At the Mobile Device Cloud Within Private and Public Clouds  Prevent attacks, both known and unknown  Protect all users and applications, in the cloud or virtualized  Integrate network and endpoint security  Analytics that correlate across the cloud
  • 34. Preventing Across the Cyber Attack Lifecycle 34 | ©2014, Palo Alto Networks. Confidential and Proprietary. Reconnaissance Weaponization and Delivery Exploitation Command-and-Control Actions on the Objective Unauthorized Access Unauthorized Use Installation Exfiltrate Data4Lateral Movement3Deliver the Malware2Breach the Perimeter1

Editor's Notes

  1. SMAC: Social, Mobile, Analytics, Cloud/Virtualization is creating advanced vulnerabilities and complexities to manage Perfect storm: Apps create the attack horse to ride in on, mobility creates a massive increase in the number of points of entry, and cloud creates the chance to strike once and win a thousand points of access. Change results in tremendous risk. Visibility, as well as the controls involved to mitigate risk, must increase within a constantly changing landscape. Dramatic increase in organized, well-funded organizations bent on causing harm through sophisticated, orchestrated, persistent attacks Advanced suites of hackware readily available and shared/sold on the internet Perimeter-based security is ineffective Endpoint AV is ineffective Proliferation of security solutions is ineffective and difficult to manage Detect approach is ineffective Sandboxes are not created equal
  2. Talking Points: Cyber is in front of all of these as a reminder that these motivations are not new, it is just a matter of the medium the attacker is using Motivations as “hats” an attacker can wear Some fuzzy areas between motivations; an attacker might wear two or more “hats” for a single attack (opportunistic or other shifting factor) Although motivations may shift for a single actor, that actor will often employ the same TTPs, tools and other resources in all of their attacks Concept: Defending against the adversary operating in the aggregate (not just an incident, but a series of events leading to that objective)
  3. Advanced adversaries aren’t these mythic figures or groups with unlimited resources, crafting every piece in a custom made attack, there are only 3-5 groups like this in the entire world, and they are the .01%. 99.9% of attackers are just like you and me. Humans are responsible for all of the attacks you experience. They have bosses, families, bills to pay. They want to get in, accomplish their task, and get out (un-detected) Their goal isn’t making your life hard The media and others may try to convince you differently – but these assumptions are wrong!
  4. Adversaries have a set of tools available to accomplish their task Use the right tool for the job, no need to use a bazooka if a lock-pick will open the door. Functionality can be extended Exfiltration Command & Control Post-Operation Defenders need a combination of people, process and technology Having only one of the components invalidates the other. For instance, the greatest security products in the world can’t prevent attacks if they are not configured and monitored correctly. The also cannot stop a user from revealing sensitive information. Ensure adversaries NEED the bazooka, not the lock-picks or Don’t be the low-hanging fruit
  5. Most of us have the means to stop known attacks, but what’s been historically difficult is stopping unknown attacks. To gain a better understanding of adversaries and the stages that each attack follows, here’s a quick look at the Attack Kill Chain. The Attack Kill Chain is a sequence of events that an attacker goes through to successfully infiltrate a network and exfiltrate data from it. The good news is that blocking just one step in this chain is all that is needed to protect a company’s network and data from attack. We’ve borrowed from the pioneering work that Lockheed Martin did when they created the Cyber Kill Chain and here is how we view each stage in the kill chain: Reconnaissance: Just like burglars and thieves, attackers carefully plan their attacks. They research, identify, and select targets, oftentimes using phishing tactics or extracting public information from an employee’s LinkedIn profile or corporate websites. These criminals also scan for network vulnerabilities and services or applications they can exploit. Weaponization & Delivery: Next, the attackers determine which methods to use. They may choose to embed intruder code within seemingly innocuous files like a PDF or Word document or email message. Or, for highly-targeted attacks, attackers may craft deliverables to catch specific interests of an individual. Exploitation: Once attackers gain access “inside” an organization, they can activate attack code on the victim’s host and ultimately take control of the target machine. Installation: Attackers will seek to establish privileged operations, root kit, escalate privileges, and establish persistence. Command-and-Control: Attackers establish a command channel back through the Internet to a specific server so they can communicate and pass data back and forth between infected devices and their server. Actions on the Objective: Attackers may have many different motivations for attack, and it’s not always for profit. Their reasons could be data exfiltration, destruction of critical infrastructure, or to deface web property or create fear/extortion.
  6. They get in via Hr or finance, for example…. Target Organization Website PDFs, Powerpoint, XLS, etc Conference/Event Websites Attendee Lists, Presentations Google Foo filetype:xls inurl:attendees Social Networks/Job Postings Identify technologies in Used This isn’t about “spray-and-pray” attacks Corp websites: , which may include email addresses, customer lists, partner lists, etc.
  7. Google Search reveals XLS spreadsheets containing names, titles, e-mail addresses and phone numbers of attendees to a “National Defense Industrial Association” event.
  8. Job posting for a firewall engineer reveals which products this company is deploying. LinkedIn Profile for security analyst at a large company reveals which products they are using. Does this fit in weapon? I’m going to buy a weapon that can defeat these.
  9. This is your wake-up call for basic training and good process! Know what the adversary knows on your corporate website and third-party content sources with regular checks Preform “red-team” exercises to identify possible targets within your organization Pay special attention the training and access of privileges or highly visibility users Configure hardware and software not to give away any unnecessary information, like type and version number Technology can only prevent a few recon techniques, like port scans and host sweeps.
  10. This phishing page was used in one of the attack’s Trend Micro calls “Operation Pawn Storm”. Phishing using fake Outlook Web Access pages is commonly used against businesses because nearly everyone uses it and the log-in pages look almost the same. This attack was on Academi, a security training organization. The attackers registered a similar domain for this attack. Phishing (OWA) Why use malware when you have credentials? Spam with email link to fake site, exploit kits, etc.
  11. Old Vulnerabilities Why use an 0-day when 2012-0158/2010-3333 still open? 0-Days are the Bazooka Printers – can be used to break into an org. They never patch these things. Not all exploits are created equal Zero days Sudden, widespread impact Targets trending to lower patch rates Opportunistic — 99% of exploited vulnerabilities are more than 1 year old (discovery) Software security patches (attempt to) fix vulnerabilities that might be exploited Talking points: Zero days are the height of exploitation, as they target vulnerabilities for which there is little or no awareness and for which there are no patches Add to that sudden, widespread vulnerabilities when they are disclosed. Recent years have been full of these. Heartbleed anyone? Then think about some of those production systems for various organizations where the fear of loss of availability or just poor patch management has historically led to a ripe platform for exploitation. ColdFusion is a great historical example of this. Often, when an exploit is disclosed, the associated vulnerability is fixed through a patch But think about the points above and you can see why exploitation thrives in the wild Also bear in mind that sometimes patches don’t actually fix the vulnerability and that patches are software as well. In other words, they may introduce additional vulnerabilities of their own. DBIR 99.9% of attacks used CVE more than 1 year old
  12. Exploited in the Wild? Patch it now Can’t patch this system? Limit web/email access to minimum using policies. Eliminate the old gaps, catch the 0-days. Something about WildFire and/or Traps.
  13. This is your wake-up call for basic training and good process! Assume you’ve done everything right, trained your people and instituted processes to mitigate risk As we move to new stages of the cyber kill-chain, Technology becomes even more critical to preventing advanced attacks
  14. Phishing, including spear phishing, is by far the most-common tactic used because it’s simple and effective. It relies on good information gathered during the recon phase. Users are conditioned to read e-mails and open attachments if they seem relevant to their positions, training them to do otherwise isn’t really feasible. Watering Hole attacks are harder to pull off because they require compromising a web server, but that’s really just a 2-stage attack. Attack the website owner first (through spear phishing) then take over the web server. If these two primary mechanisms fail, the pragmatic adversary might start getting creative but typically only if they couldn’t get in using the simpler methods. Note to audience: You can always use Direct malware via email. Skip the exploitation.
  15. Off-the-shelf tools Common Advantage: Highly capable tools, freely available. Disadvantage: Common use means AV may detect Complete control over infected system, easy to use. Many Options PoisonIvy, gh0st RAT, NetWire, Dark Comet, CyberGate, XtremeRAT… Used by all levels of attacker. Custom Tools Disadvantage: Larger investment up front Advantage: Very unlikely to be detected by AV Normally much simpler than OTS RATs, remote shell is the goal. Often only used as initial implant to gain a foothold.
  16. Poison Ivy exploit kit
  17. HTTP is most common for custom backdoors Passes through proxies, blends in, unlikely to be blocked. 29/40 named in APT1 report use HTTP for CnC (“WEBC2”) Dynamic DNS Domains Free, harder to correlate SSL helps evade detection
  18. Talking points: Now we’ve reached the malware Command and Control (CnC) phase This slide and the next one describe some visual components that will be used The first is this conceptual view of a notional enterprise There is userland where the standard users perform their work The data center and infrastructure components house core servers like the domain controllers, IS platforms and data repositories There is a DMZ, which also might include any other public facing portals or services extended to remote users Finally, there is an ingress / egress point (which may be broken out by the above conceptual groupings) that allows access to and from the Internet
  19. Talking points: Now, let’s put this all together and start looking at some common CnC patterns Something to keep in mind for the following CnC slides is that a defender ultimately needs to focus on breaking an attacker’s CnC before Actions on Objectives are met As a convention, objects in red represent malicious activity So, let’s get started with the first CnC pattern. Once malware lands on a box and is installed, it might execute preset commands, typically of a smash-and-grab variety These communications normally use common ports and protocols (e.g., http, https) to increase the likelihood of successful communication This is network traffic that can be detected and potentially blocked
  20. Talking points: This slide depicts another common pattern More interesting malware reaches out for additional malware and/or commands from the attacker This step is where second-stage malware might be downloaded and run Once a suitable stage of malware is installed on the victim machine, like a Remote Administration Tool (RAT), it will then attempt to establish a CnC channel This is the point at which a periodic phone home, typically referred to as a beacon, begins Beacons are mainly used to obtain the next set of commands from an attacker Beacons or other initial malware communication can also contain recon information from the compromised target, such as OS configuration, loaded software versions, and logged on user information. Clever malware also moves beyond simple web requests for CnC and tries to emulate human behavior (e.g., Gmail, Pastebin, Twitter, Facebook) in receiving its attacker commands
  21. Blocking sub-features, like file sharing or chat Controlling access to and within SaaS applications
  22. Goals Inside the Network Find the target data Access the target data Exfiltrate the data Avoid getting caught. These are completed by an active operator: An individual issuing commands through the malware Operators have a goal, may follow a script and often make mistakes (typos) Longest, most complex phase May last days, weeks or months Consists of many short-term goals, not necessarily linear Often ignored phase of the Attack Lifecycle “And then the bad guys steal all your data”
  23. Talking points: This slide focuses on what can happen once target assets are reached A good rule of thumb for any environment is to operate under the assumption that the adversary is already inside the perimeter The different kinds of objectives here map to motivations for different adversary types Most environment will have their own blend on these threats that they must mitigate Once they are in the network, the malware doesn’t matter. The Pragmatic Adversary won’t create a custom tool to do what a built-in tool already can.
  24. The takeaway here is the security organizations are not innovating fast enough, and attackers are becoming much more sophisticated in their planning, with their tactics continuously evolving as well. This polarization creates a continuously widening vulnerability gap in an organization’s security. And the stakes are even higher when the value of information is increasing. Example: “Stolen medical and healthcare records are the ‘Rolls Royce’ with a black market value of approximately $200 per record as evidenced in hacker forums. As a comparison, credit card records sell for about $1 per record.” – Value from prescription (controlled substances) and access to bank account information. Goal is to reduce threat exposure by strengthening controls.
  25. Traditionally, businesses have focused on “detect and respond.” But inadequate - generally provide alerts on threats only and take a “detection-focused” approach, which requires manual intervention or costly Incidence Response once a breach occurs. Plus, these legacy solutions are a “patchwork” of point products that not only lack the ability to protect against all threat vectors, but also make it very difficult to coordinate and share intelligence among the various devices. At Palo Alto Networks, we focus strongly on designing for prevention, preparing for remediation.  We believe a security strategy must be formed from a philosophical position of “I can prevent attacks” with the correct implementation of best practices across people-process-technology. As such, your architecture must be able to detect and prevent threats at every point across the organization: Attacks targeting your mobile workers Attacks targeting your perimeter Attacks moving between employees and devices within your LAN, or from guests or other 3rd party contractors that might have access to your network Attacks targeting the heart of your virtualized data center Attacks targeting your cloud-based infrastructure, both private and public
  26. Here’s an example of how a comprehensive security solution can work together to block an advanced cyberattack. Each critical stage within the kill chain is covered - from the initial attempt to breach your perimeter, to delivering malware on the endpoint, then moving laterally through your network until they get to their ultimately target and attempt to exfiltrate data. Each of these steps is met with a multi-layered defense model that Prevents known Delivery mechanisms from functioning (NGFW App-ID & SSL decryption, GlobalProtect, URL Filtering; Threat Prevention; Wildfire). Prevents known malicious code from Installing (Threat Prevention, Wildfire, Traps). Prevents known Command & Control channels from communicating (NGFW App-ID, Threat Prevention, URL Filtering, WildFire). Prevents known Exfiltration schemes from sending sensitive information out of the enterprise (NGFW App-ID & SSL decryption, Threat Prevention, URL Filtering). Detects unknown threats (WildFire and Traps) and automatically deploys new prevention controls across the platform, and to the global subscriber base, within minutes of discovery. Transforming the previously unknown into a known. Many best of breed point products can detect and some can prevent at key elements in the kill chain, but they rely on the organization to manually integrate them into a seamless architecture.