This document discusses cybersecurity and provides recommendations for improving security operations. It outlines the main sources of data breaches in 2017, with malicious outsiders being the largest source at 72%. The document then lists five best practices for security operations centers, including establishing a defendable perimeter, ensuring network visibility, hardening systems to best practices, using threat intelligence and machine learning, and fostering a culture of curiosity. Finally, it advertises the NSA open source software library which contains various cybersecurity tools and guidance.
A Brief History of Cryptographic Failures
Cryptography is hard. It's not hard in the way a challenging video game is, or hard like getting through War and Peace without falling asleep, or even hard like learning a new skill. Cryptography is hard because it's both a system and a technical implementation, and failures in either part can have catastrophic (and sometimes existential) impacts. In this talk we'll take a look at some of the many ways that cryptographic systems have failed over the years, from accidental design flaws like the Data Encryption Standard (DES) defeat so elegantly demonstrated by the Electronic Frontier Foundation to intentional design flaws such as the reported National Security Agency (NSA) backdoor in the Dual Elliptic Curve (EC) Deterministic Random Bit Generator (DRBG). This talk will be a high-level discussion... no PhD in mathematics is required!
Brian Mork is the Chief Information Security Officer for Celanese, where he acts as a senior level executive reporting to the Chief Information Officer (CIO) and leading the strategy and operations of Information and Systems Security. His areas of responsibility include the Security Operations Center (SOC), SAP security, global security architecture, Industrial Control Systems (ICS) security architecture and governance, and the firewalls. He is responsible for establishing and maintaining an enterprise wide information security program to ensure that data information assets are adequately protected. Responsible for identifying, evaluating and reporting on information security risks in a manner that meets company needs, compliance and regulatory requirements. Mr. Mork oversees all technology risk management activities and acts as an advocate for all information security and business continuance best practices.
Artifacts Are for Archaeologists: Why Hunting for Malware Isn't Enough
Spoiler Alert: It's because attackers can (and do) abuse legitimate software, administrative tools, and scripting environments which are considered benign and not caught by traditional antivirus software. Since attackers can use legitimate software to conduct their nefarious behavior, how do you catch them? It’s simple: Look for the behavior.
LightCyber's Behavioral Attack Detection platform detects and highlights the network behaviors of attackers that have penetrated the perimeter. This provides visibility that allows security teams to locate and eradicate network intruders quickly, regardless of what tools the attackers are using to achieve their goals. With LightCyber's Network-to-Process Association technology, attacker behaviors can be tracked back to the exact process that originated the behavior.
We will discuss the top tools that have been detected and associated with attacker behavior inside of LightCyber customer environments, all of which are legitimate software. There will also be an overview of how LightCyber Magna works.
Mark Overholser has been a lifelong technology enthusiast, and made his passion his career. After working for many years at a multi-billion-dollar medical supply manufacturer and distributor using technology to achieve business goals, he started to wonder about what sorts of controls were in place to help make sure technology would only do good, not harm. One thing led to another, and he then was one of the first members of the new information security team. After working hard to grow the team and build the information security practice, he left to take a breather and now is working to help information security teams everywhere understand threats and get the most out of their defensive technologies.
The Art of Evading Anti-Virus
There are estimates that security analysts, to include penetration testers, are approximately 5 years behind malicious actors. Anti-virus by itself isn’t enough to stop a malicious individual from gaining access to your servers or computers anymore. In fact many of them have devised ways to evade anti-viruses. We as security professionals should understand how these individuals are doing this, and what tools are available for us to replicate these attacks. Tools such as veil-framework assist us with this. This talk will go over this tool, and how malicious individuals evade anti-viruses with ease.
Quentin Rhoads-Herrera is a security analyst for State Farm. In this position he is responsible for risk analysis and application security assessments. He is accountable for ensuring risks are identified and properly mitigated throughout the organization.
He previously served as the Information Security Director for Clearview Energy and Solarview. In this position he oversaw all information security activities. These included development of company-wide cyber security standards, development of layered defense approaches and the hardening and defense of all company systems.
Mr. Rhoads-Herrera has worked in the Information Security space for a total of seven years serving in roles ranging from Security Consultant to Information Security Director.
Ransomware: History Analysis & Mitigation
An hour long look at ransomware's beginnings, ransomware in the news, variants throughout the years, cutting edge malware analysis, and mitigation techniques.
Andy Thompson is a member of the Shadow Systems Hacker Collective, and Dallas Hackers Association, I'm active in the Dallas InfoSec community. Currently a Technical Advisor for CyberArk Software, I work with Fortune 500 companies assisting them in advancing their CyberSecurity Programs.
Detecting and Catching the Bad Guys Using Deception
Traditional controls are well known for their short comings in the face of modern cyber-attacks. Cyber security technologies will make use of signature based, behavioral, Next Generation capabilities or attempt to augment capabilities by leveraging cloud based or on premise cyber analytics warehouse and threat intelligence feeds via indicator of compromise (IOC) or other mechanisms. Although the later efforts have increased organizational cyber capabilities, they only do so with proper investments in people, process and technology. Additionally, as attackers adapt to defenses, these controls begin to experience decreasing marginal rates of defensive capability.
Deception programs, architectures and technologies endeavor to augment existing cyber security capabilities through the use of honeypots or honey net (decoys) or breadcrumbs or broken glass (deceptions).
Advanced deception technologies are differentiated by the use of distributed deception technology which features agentless, simple deployment capabilities with lightweight deceptions that leverage operating system objects deceive attackers into triggering alerts. Normal users would never trigger the deceptions as an attacker would, resulting in high fidelity alerting with near-zero false positives. Such technology consequently serves to not only augment cyber security capabilities post-breach but provides a new, highly effective post-breach cyber security capability along with precise real-time forensics.
James Muren is a strategist and delivers workshops in cyber security strategy, GRC and security architecture that are used to develop long-term strategies and tactical roadmaps for customers that addresses security for legacy and cloud architectures. As a strategic management consultant and having built fully capable cyber programs in the past, he helps mentor and lead teams for programs & projects in information technology & cyber security. James is primarily focused on the business benefits of cyber security, and the demonstration of those benefits through metrics that can be quickly communicated to executive leadership. By properly integrating security controls within a regulatory and policy context, security programs such as breach and incident response, data governance, forensics, etc. can properly demonstrate value, receive proper investment and adequately secure organizations.
James is also a researcher. His areas of research include: Continuous GRC, cyber analytics, Trusted Computing Group (TCG), Security Automation, Hardware & Software Security, ICS, SCADA, IOT, Malware Research, Full System Security Design Lifecycle and Leap Ahead technology.
Business Geekdom: 1 = 3 = 5
Each year a security team participates in several audits, meetings with the business and strategy meetings. Often times, security is seen as one imposing requirements that are either too difficult, impossible to manage or flat out ridiculous.
This is similar to a geek. A geek is defined, as, "an unfashionable or socially inept person." Is this socially ineptness actually just the lack of the ability to translate the passion of the security professional to the business professional?
In this presentation, I would like to cover how to create, establish and evangelize a framework that has one backend with several frontends. The backend is a common security control framework (not the UCF) and the front end translates to the various business units, audits and business strategies encountered in a security professionals profession each year.
Grant Gilliam is a Enterprise and Solutions Architect for CHRISTUS Health. Previously, Gilliam has been a security architect, senior security engineer and senior data security analyst. Industries worked in include healthcare, insurance, software and news media. Gilliam has also established and created his own business focusing in outsourcing non-competitive business tasks for allowing clients a strategic advantage over competitors by minimizing FTE and contractor headcount.
His educational background includes a Master of Science in Information Systems, focusing in Information Security, and Bachelor of Business Administration in Management Information Systems, both from Baylor University. The focus of his masters degree research was IT law and Intellectual Property. Gilliam also is a Certified Information Systems Security Professional, Certified Information Security Manager and Certified Information Systems Auditor.
Cyber Insurance – Did You Know?
We present a brief discussion of risk and the ways that risk can be handled by an organization, one of which mechanisms is the transfer of risk via insurance.
We describe key terms and concepts related to business insurance generally and cyber insurance specifically.
These concepts will include brief descriptions of duties to indemnify, duties to defend, limits, sublimits, exclusions, and retentions, as well as different types of insurance, including CGL policies, Crime policies, E&O, D&O, PGL, and cyber policies.
We present an introduction to the domain of cyber insurance, discussing how cyber events may or may not be covered by traditional insurance products as well as by cyber insurance products.
We will talk about the role of “standardized” contracts supplied by the ISO (Insurance Services Office), how these are changing in the cyber age, and the need for customized contracts.
We will also present a general discussion of the cost of cyber insurance, the market penetration of cyber insurance in the US, and the cost of cyber events, citing data from public sources as well as reports from NetDiligence®
Heather Goodnight-Hoffmann
Over 20 years as Global Sales and Business Development Consultant
Cofounder and President, Risk Centric Security, Inc.
Ponemon Institute RIM Council (Responsible Information Council)
Business Development Manager at Navilogic, Inc.
Cofounder and Partner, Cyber Breach Response Partners, LLC
Co-author & co-analyst, NetDiligence® 2016 Cyber Claims Study
Patrick Florer
37 years in Information Technology
17 year parallel career in evidence-based medicine
Cofounder and CTO, Risk Centric Security, Inc.
Member, Ponemon Institute RIM council
Distinguished Fellow, Ponemon Institute.
Cofounder and Partner, Cyber Breach Response Partners, LLC.
Co-author & co-analyst, NetDiligence® 2016 Cyber Claims Study
A Brief History of Cryptographic Failures
Cryptography is hard. It's not hard in the way a challenging video game is, or hard like getting through War and Peace without falling asleep, or even hard like learning a new skill. Cryptography is hard because it's both a system and a technical implementation, and failures in either part can have catastrophic (and sometimes existential) impacts. In this talk we'll take a look at some of the many ways that cryptographic systems have failed over the years, from accidental design flaws like the Data Encryption Standard (DES) defeat so elegantly demonstrated by the Electronic Frontier Foundation to intentional design flaws such as the reported National Security Agency (NSA) backdoor in the Dual Elliptic Curve (EC) Deterministic Random Bit Generator (DRBG). This talk will be a high-level discussion... no PhD in mathematics is required!
Brian Mork is the Chief Information Security Officer for Celanese, where he acts as a senior level executive reporting to the Chief Information Officer (CIO) and leading the strategy and operations of Information and Systems Security. His areas of responsibility include the Security Operations Center (SOC), SAP security, global security architecture, Industrial Control Systems (ICS) security architecture and governance, and the firewalls. He is responsible for establishing and maintaining an enterprise wide information security program to ensure that data information assets are adequately protected. Responsible for identifying, evaluating and reporting on information security risks in a manner that meets company needs, compliance and regulatory requirements. Mr. Mork oversees all technology risk management activities and acts as an advocate for all information security and business continuance best practices.
Artifacts Are for Archaeologists: Why Hunting for Malware Isn't Enough
Spoiler Alert: It's because attackers can (and do) abuse legitimate software, administrative tools, and scripting environments which are considered benign and not caught by traditional antivirus software. Since attackers can use legitimate software to conduct their nefarious behavior, how do you catch them? It’s simple: Look for the behavior.
LightCyber's Behavioral Attack Detection platform detects and highlights the network behaviors of attackers that have penetrated the perimeter. This provides visibility that allows security teams to locate and eradicate network intruders quickly, regardless of what tools the attackers are using to achieve their goals. With LightCyber's Network-to-Process Association technology, attacker behaviors can be tracked back to the exact process that originated the behavior.
We will discuss the top tools that have been detected and associated with attacker behavior inside of LightCyber customer environments, all of which are legitimate software. There will also be an overview of how LightCyber Magna works.
Mark Overholser has been a lifelong technology enthusiast, and made his passion his career. After working for many years at a multi-billion-dollar medical supply manufacturer and distributor using technology to achieve business goals, he started to wonder about what sorts of controls were in place to help make sure technology would only do good, not harm. One thing led to another, and he then was one of the first members of the new information security team. After working hard to grow the team and build the information security practice, he left to take a breather and now is working to help information security teams everywhere understand threats and get the most out of their defensive technologies.
The Art of Evading Anti-Virus
There are estimates that security analysts, to include penetration testers, are approximately 5 years behind malicious actors. Anti-virus by itself isn’t enough to stop a malicious individual from gaining access to your servers or computers anymore. In fact many of them have devised ways to evade anti-viruses. We as security professionals should understand how these individuals are doing this, and what tools are available for us to replicate these attacks. Tools such as veil-framework assist us with this. This talk will go over this tool, and how malicious individuals evade anti-viruses with ease.
Quentin Rhoads-Herrera is a security analyst for State Farm. In this position he is responsible for risk analysis and application security assessments. He is accountable for ensuring risks are identified and properly mitigated throughout the organization.
He previously served as the Information Security Director for Clearview Energy and Solarview. In this position he oversaw all information security activities. These included development of company-wide cyber security standards, development of layered defense approaches and the hardening and defense of all company systems.
Mr. Rhoads-Herrera has worked in the Information Security space for a total of seven years serving in roles ranging from Security Consultant to Information Security Director.
Ransomware: History Analysis & Mitigation
An hour long look at ransomware's beginnings, ransomware in the news, variants throughout the years, cutting edge malware analysis, and mitigation techniques.
Andy Thompson is a member of the Shadow Systems Hacker Collective, and Dallas Hackers Association, I'm active in the Dallas InfoSec community. Currently a Technical Advisor for CyberArk Software, I work with Fortune 500 companies assisting them in advancing their CyberSecurity Programs.
Detecting and Catching the Bad Guys Using Deception
Traditional controls are well known for their short comings in the face of modern cyber-attacks. Cyber security technologies will make use of signature based, behavioral, Next Generation capabilities or attempt to augment capabilities by leveraging cloud based or on premise cyber analytics warehouse and threat intelligence feeds via indicator of compromise (IOC) or other mechanisms. Although the later efforts have increased organizational cyber capabilities, they only do so with proper investments in people, process and technology. Additionally, as attackers adapt to defenses, these controls begin to experience decreasing marginal rates of defensive capability.
Deception programs, architectures and technologies endeavor to augment existing cyber security capabilities through the use of honeypots or honey net (decoys) or breadcrumbs or broken glass (deceptions).
Advanced deception technologies are differentiated by the use of distributed deception technology which features agentless, simple deployment capabilities with lightweight deceptions that leverage operating system objects deceive attackers into triggering alerts. Normal users would never trigger the deceptions as an attacker would, resulting in high fidelity alerting with near-zero false positives. Such technology consequently serves to not only augment cyber security capabilities post-breach but provides a new, highly effective post-breach cyber security capability along with precise real-time forensics.
James Muren is a strategist and delivers workshops in cyber security strategy, GRC and security architecture that are used to develop long-term strategies and tactical roadmaps for customers that addresses security for legacy and cloud architectures. As a strategic management consultant and having built fully capable cyber programs in the past, he helps mentor and lead teams for programs & projects in information technology & cyber security. James is primarily focused on the business benefits of cyber security, and the demonstration of those benefits through metrics that can be quickly communicated to executive leadership. By properly integrating security controls within a regulatory and policy context, security programs such as breach and incident response, data governance, forensics, etc. can properly demonstrate value, receive proper investment and adequately secure organizations.
James is also a researcher. His areas of research include: Continuous GRC, cyber analytics, Trusted Computing Group (TCG), Security Automation, Hardware & Software Security, ICS, SCADA, IOT, Malware Research, Full System Security Design Lifecycle and Leap Ahead technology.
Business Geekdom: 1 = 3 = 5
Each year a security team participates in several audits, meetings with the business and strategy meetings. Often times, security is seen as one imposing requirements that are either too difficult, impossible to manage or flat out ridiculous.
This is similar to a geek. A geek is defined, as, "an unfashionable or socially inept person." Is this socially ineptness actually just the lack of the ability to translate the passion of the security professional to the business professional?
In this presentation, I would like to cover how to create, establish and evangelize a framework that has one backend with several frontends. The backend is a common security control framework (not the UCF) and the front end translates to the various business units, audits and business strategies encountered in a security professionals profession each year.
Grant Gilliam is a Enterprise and Solutions Architect for CHRISTUS Health. Previously, Gilliam has been a security architect, senior security engineer and senior data security analyst. Industries worked in include healthcare, insurance, software and news media. Gilliam has also established and created his own business focusing in outsourcing non-competitive business tasks for allowing clients a strategic advantage over competitors by minimizing FTE and contractor headcount.
His educational background includes a Master of Science in Information Systems, focusing in Information Security, and Bachelor of Business Administration in Management Information Systems, both from Baylor University. The focus of his masters degree research was IT law and Intellectual Property. Gilliam also is a Certified Information Systems Security Professional, Certified Information Security Manager and Certified Information Systems Auditor.
Cyber Insurance – Did You Know?
We present a brief discussion of risk and the ways that risk can be handled by an organization, one of which mechanisms is the transfer of risk via insurance.
We describe key terms and concepts related to business insurance generally and cyber insurance specifically.
These concepts will include brief descriptions of duties to indemnify, duties to defend, limits, sublimits, exclusions, and retentions, as well as different types of insurance, including CGL policies, Crime policies, E&O, D&O, PGL, and cyber policies.
We present an introduction to the domain of cyber insurance, discussing how cyber events may or may not be covered by traditional insurance products as well as by cyber insurance products.
We will talk about the role of “standardized” contracts supplied by the ISO (Insurance Services Office), how these are changing in the cyber age, and the need for customized contracts.
We will also present a general discussion of the cost of cyber insurance, the market penetration of cyber insurance in the US, and the cost of cyber events, citing data from public sources as well as reports from NetDiligence®
Heather Goodnight-Hoffmann
Over 20 years as Global Sales and Business Development Consultant
Cofounder and President, Risk Centric Security, Inc.
Ponemon Institute RIM Council (Responsible Information Council)
Business Development Manager at Navilogic, Inc.
Cofounder and Partner, Cyber Breach Response Partners, LLC
Co-author & co-analyst, NetDiligence® 2016 Cyber Claims Study
Patrick Florer
37 years in Information Technology
17 year parallel career in evidence-based medicine
Cofounder and CTO, Risk Centric Security, Inc.
Member, Ponemon Institute RIM council
Distinguished Fellow, Ponemon Institute.
Cofounder and Partner, Cyber Breach Response Partners, LLC.
Co-author & co-analyst, NetDiligence® 2016 Cyber Claims Study
Red, Amber, Green Status: The Human Dashboard
This session will outline the importance of presenting actionable metrics for the Security Awareness program. Oftentimes security programs are presented while omitting the most constant threat to Information Systems: the human. From a security awareness perspective, we will review analytics that include key performance indicators that may already be available to you; they just need to be added to the new human dashboard.
Laurianna Callaghan currently serves as a security consultant for Ana Academy, a Dallas based security training company. Previously, Laurianna worked with Dell where she was the creator of security analytics for a major healthcare customer which were presented at the 2016 IASAP conference. In addition, Laurianna has more than 21 years experience in various IT domains. She has served as the Director of Systems Engineering for a telemarketing firm, the UNIX/MVS Manager for a major airline and has IT experience in the healthcare, communications, transportation, education, retail, and other industry sectors. Laurianna holds both the CCNA Security and CISSP designations.
Falcon OverWatch Experts Hunt 24/7 To Stop Incidents Before They Become Breaches
Is your IT security team suffering from alert fatigue? For many organizations, chasing down every security alert can tax an already overburdened IT department, often resulting in a breach that might have been avoided. Adding to this challenge is an increase in sophisticated threats that strike so fast and frequently, traditional methods of investigation and response can’t offer adequate protection.
A new webcast from CrowdStrike, “Proactive Threat Hunting: Game-Changing Endpoint Protection Above and Beyond Alerting,” discusses why so many organizations are vulnerable to unseen threats and alert fatigue, and why having an approach that is both reactive and proactive is key. You’ll also learn about Falcon OverWatch™, CrowdStrike’s proactive threat hunting service that investigates and responds to threats immediately, dramatically increasing your ability to react before a damaging breach occurs.
Download the webcast slides to learn:
--How constantly reacting to alerts prevents you from getting ahead of the potentially damaging threats designed to bypass standard endpoint security
--Why an approach that includes proactive threat hunting, sometimes called Managed Detection and Response, is key to increasing protection against new and advanced threats
--How CrowdStrike Falcon OverWatch can provide 24/7 managed threat hunting, augmenting your security efforts with a team of cyber intrusion detection analysts and investigators who proactively identify and prioritize incidents before they become damaging breaches
Mitigating Security Risks in Vendor Agreements
Providers of software, software-as-a-service, managed services, and professional services have varying degrees of sophistication in addressing security in their form contracts. Learn from an experienced technology attorney how to understand key clauses, or discover when they are missing, to ensure that the company's vendors are compliant with the appropriate security measures before signing the deal.
Brian Kirkpatrick is the founding shareholder of Kirkpatrick Law PC and a business attorney with a technology focus. He also serves as Of Counsel to Mullin Law PC for matters involving technology and information security.
His practice revolves around clients needing assistance in technology transactions, data privacy, cyber security, software compliance and audits, and general counsel related to business matters. Brian was voted 2015 Top Technology Attorney in Tarrant County by his peers as published in Fort Worth Texas Magazine.
Brian has published numerous articles and lectured nationally on legal topics such as software as a service, software licensing, contract negotiation, cyber security and legal considerations when starting a business. He is also featured in radio news interviews, as a conference panelist, a featured speaker, and is featured in an instructional video series about conducting negotiations. Before entering the legal profession, Brian was a Vice President commercial banker.
Brian is a graduate of Texas A&M University School of Law where he was inducted into the National Order of Barristers. He also has a Masters of Arts in Applied Economics from Southern Methodist University and a Bachelors of Science in Economics from Texas A&M University - Commerce where he was inducted into the Omicron Delta Epsilon International Economics Honor Society.
Security is overdue for actionable forecasts. Like predicting the weather, similar models should work for vulnerabilities. With some open source data and a clever machine learning model, Kenna Securities can predict which vulnerabilities attackers are likely to write exploits for. Their model has 90 percent accuracy, one the day a vulnerability is released. The speaker will issue some forecasts live.
(Source: RSA Conference USA 2018)
Introducing the Vulnerability Management Maturity Model - VM3
The information security landscape has evolved significantly during the last 5 years with the emergence and wider use of new technologies such as Cloud, BYOD, Mobile and the Internet of Things. Alongside this landscape, corporate organizations‰Ûª key defense leaders, CIOs, CSOs and CISOs, have evolved in their information security defense strategies, as well as in how they think and approach information security. This different and evolved landscape, combined with defense leaders‰Ûª new mindset, has influenced key information security processes and in particular, has resulted in a greater understanding of the process of Vulnerability Management.
This session presents a Vulnerability Management Maturity Model, referred to as VM3, and which identifies six different levels of vulnerability management maturity within which different organizations operate. Detailed findings and lessons learned from of a recent study on vulnerability management maturity are shared.
The session covers the six high level activities, as well as a surrounding business environment which characterize an organization's execution of the vulnerability management process. Key challenges present within each of the six high level activities of vulnerability management, as well as challenges imposed by the organization's surrounding business environment are identified and described. Attendees will learn and appreciate how these key challenges impede one's ability to achieve higher levels of maturity, as well as strategies on overcoming these identified challenges. Attendees will learn how they may help their organization evolve to higher levels of vulnerability management maturity, with the goal of achieving lower levels of information security risk.
Gordon MacKay, CISSP, Software/Systems Guru with a dash of security hacking, serves as CTO for Digital Defense, Inc. He applies mathematical modeling and engineering principles in investigating solutions to many of the challenges within the information security space. His solution to matching network discovered hosts within independent vulnerability assessments across time resulted in achieving patent-pending status for the company’s scanning technology.
He has presented at many conferences including ISC2 Security Summit, Cyber Texas, BSides Detroit, BSides San Antonio, BSides Austin, BSides DFW, RSA and more, and has been featured by top media outlets such as Fox News, CIO Review, Softpedia and others.
He holds a Bachelor's in Computer Engineering from McGill University and is a Distinguished Ponemon Institute Fellow.
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...MITRE - ATT&CKcon
The Vocabulary for Event Recording and Incident Sharing (VERIS) is a set of metrics designed to provide a common language for describing security incidents in a structured and repeatable manner.
VERIS has been the base analysis framework for supporting the Verizon Data Breach Investigations Report (DBIR) since its inception. However, as organizations work to interpret the richness of information present on the DBIR to a more tactical level, the Threat Action Varieties available on VERIS fail to capture the detail present on the incidents recorded.
This talk presents the Verizon Common Attack Framework (VCAF), an effort from the Security Data Science team and the DBIR team in Verizon to expand and map the ATT&CK framework in alignment with the DBIR Threat Action Varieties to provide this much-sought level of granularity in recording and analyzing recorded breaches.
Additionally, this talk describes possible outcomes when this data is available and organized as such. Examples include applying DBIR-inspired attack vector analytics upon ATT&CK layer information, effectively identifying optimal control choke points on the attack graphs according to specific industries covered by the DBIR.
How to Replace Your Legacy Antivirus Solution with CrowdStrikeCrowdStrike
THE TIME HAS COME TO REPLACE YOUR ANTIVIRUS SOLUTION
Legacy AV products are failing to stop modern threats. That’s why AV replacement is a hot topic in the industry and why enterprises in every sector are looking for answers. As breaches continue to dominate the headlines, you need to know that there is a new approach that can close the wide security gap left by yesterday’s AV solutions. Defending against today’s sophisticated polymorphic threats requires new weapons and that’s just what the CrowdStrike Falcon Platform delivers.
The key to this new approach is going beyond malware to addressing the most complex and persistent cyber threats at every stage of the kill chain. CrowdStrike does this by combining next-gen antivirus, endpoint detection and response (EDR), and a managed threat hunting service – all cloud-delivered with a single lightweight agent.
In this CrowdCast, Dan Larson, VP, Product Marketing will discuss:
--The typical challenges with legacy antivirus, from efficacy to complexity & bulky architecture
--How CrowdStrike stands above competitive offerings by providing robust threat prevention leveraging artificial intelligence and machine learning
--How Falcon’s lightweight sensor and cloud architecture dramatically reduces operational burden
--How you can seamlessly migrate from legacy antivirus to CrowdStrike Falcon
--Why CrowdStrike was positioned as a “Visionary” in the 2017 Gartner Magic Quadrant for Endpoint Protection Solutions and what it says about our standing as an effective AV replacement
Layered Security / Defense in Depth
One area that I have found that even seasoned security professionals have a problem with articulating is layered security (defense in depth). Most are familiar with their area of expertise (servers, networks, pen testing, etc.), but have never viewed security as a heterogeneous process. In my presentation I use a layered diagram to highlight what controls are in what layers, what controls interact across layers, and what a complete layered security model would look like vs. what a more typical company security model does look like.
Nathan Shepard
CISSP, CISM, CRISC, CISA
33 Years in IT.
21 Years in Information Security.
Information Security consulting at the corporate governance level.
Information Security management for outsourced InfoSec delivery.
Ioan Iacob and Marius Bucur in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
CrowdStrike Webinar: Taking Dwell-Time Out of Incident ResponseBrendon Macaraeg
Today’s attackers are more brazen and patient than ever – often masquerading as legitimate users while they search the victim’s environment for their most prized data. And the longer these attackers remain undetected, the greater the cost to the business, be that your reputation or loss of IP. Therefore, organizations must detect and respond to incidents as quickly, efficiently and accurately as possible.
In this webinar, we provide unique insights into how one Fortune 500 organization successfully responded to a sustained and sophisticated breach. You’ll hear from the incident responders and digital forensics experts who actually worked the case, and learn the the cutting-edge techniques that were used. We will cover topics such as:
* Typical infrastructure weaknesses prevalent in organizations today
* How attackers exploit IT infrastructure weaknesses
* The prevalence of attacker attempts to re-enter environments, even after full remediation
* How state-of-the-art digital detection and forensics tools like
* Falcon Host & Falcon Forensics speed remediation by providing immediate visibility AND rear-view mirror look at past activities
incident response, DFIR, reducing dwell time, cybersecurity, cyber security, best practices
Array Networks - A Layered Approach to Web and Application Security
Encryption creates the need for at least two levels of security. ADC’s provide high availability and a secure layer for SSL traffic termination, decryption, inspection and forwarding to advanced security appliances for further inspection.
Ed Keiper is a senior systems engineer with Array Networks. His background includes 10+ years of experience in cloud computing, infrastructure and security.
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMCrowdStrike
CrowdStrike Falcon with next-gen AV protects your Mac-based organization
If your organization has moved to a Mac-based platform, or are considering it, you may be aware that threats targeting Mac devices are on the rise. A new webcast from CrowdStrike, "Defending Against Threats Targeting the Mac Platform" discusses how the increase in Mac adoptions has given rise to a new class of targeted threats and explains why standard security solutions can't protect you.
In this CrowdCast, Peter Ingebrigtsen, as discussed why more companies are switching to the Mac platform, the new threats targeting Macs, and what you can do to better protect your organization.
Download the slides to learn:
Why more IT departments are switching to the Mac platform
How new threats targeting Macs are able to bypass standard security measures
How CrowdStrike's next-gen AV employs machine learning and behavioral analytics to defend against threats aimed at the Mac platform
On-Demand CrowdCast Link: https://www.crowdstrike.com/resources/crowdcasts/defending-threats-targeting-mac-platform/
Security by Design: An Introduction to Drupal SecurityTara Arnold
Security experts from Mediacurrent, Townsend Security and Lockr uncover how you can protect your site from the growing cybercrime business by starting off on the right foot. This interactive webinar will get you the foundation you need to protect your site and your organization when using Drupal.
YOU'LL LEARN:
Security by design in Drupal
Site audit and security best practices
Encrypting sensitive data
Key management (encryption & API)
Resources to improve security
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...CrowdStrike
Learn how to prevent & detect even the most complex “file-less” ransomware exploits
Ransomware continues to evolve as perpetrators develop new exploits with consequences that can be dramatic and immediate. The purveyors of ransomware continue to prosper with adversaries developing new strains such as Zepto and Cerber that are proving to be more challenging than ever. Other exploits can alter programmable logic controller (PLC) parameters and adversely impact mechanical systems. Clearly, new defense approaches are needed because organizations can no longer rely on backups and conventional security solutions to protect them. Join CrowdStrike Senior Security Architect Dan Brown as he offers details on these sophisticated new ransomware threats, and reveals recent innovations designed to offer better protection – including new indicator of attack (IOA) behavioral analysis methodologies that can detect and prevent even the most complex “file-less” ransomware exploits.
Attend this CrowdCast where Dan will discuss:
--The challenges of defending against dangerous new variants, such as Zepto and Cerber
--Real-world examples of ransomware in action and the sophisticated tactics being used by a variety of adversaries
--How the CrowdStrike Falcon cloud-delivered platform can defend your organization against new super strains of ransomware that use sophisticated malware-free tactics
Save Time and Act Faster with PlaybooksThreatConnect
Ingesting threat data, malware analysis, and data enrichment can all be time consuming tasks. ThreatConnect’s Playbooks feature can automate these things along with almost any cybersecurity task using an easy drag-and-drop interface - no coding needed.
You’ll learn how to:
- Build Playbooks that automatically run based on events in your network.
- Easily send indicators to any of ThreatConnect’s 100+ integration partners including firewalls and SIEMS.
- Ingest and send data from any tool (including tools not yet integrated with ThreatConnect).
- Use Playbooks to get disconnected tools to all talk to each other.
We build a Playbook live on the webinar and also show you where to find ThreatConnect-provided Playbook templates.
Security in the age of open source - Myths and misperceptionsTim Mackey
As delivered at Interop ITX 2017.
The security of open source software is a function of the security of its components. For most applications, open source technologies are at their core, but security related issues may not be disclosed directly against the application because its use of the open-source component is hidden. In this talk, I explored how information flow benefits attackers, but how awareness can help defenders. I presented key attributes any vulnerability solution should have - including deep understanding of how open source development works and being DevOps aware.
Continuous security: Bringing agility to the secure development lifecycleRogue Wave Software
Presented at AppSec California 2017. The fact that software development is moving towards agile methodologies and DevOps is a given, the question is: How do you transform processes and tools to get the biggest advantage? Using application security testing as an example, this talk cuts through all the news, research, and standards to define a holistic process for integrating Agile testing and feedback into development teams. The talk describes specific processes, automation techniques, and the smart selection of tools to help organizations produce more secure, OWASP-compliant code and free up development time to focus on features.
Red, Amber, Green Status: The Human Dashboard
This session will outline the importance of presenting actionable metrics for the Security Awareness program. Oftentimes security programs are presented while omitting the most constant threat to Information Systems: the human. From a security awareness perspective, we will review analytics that include key performance indicators that may already be available to you; they just need to be added to the new human dashboard.
Laurianna Callaghan currently serves as a security consultant for Ana Academy, a Dallas based security training company. Previously, Laurianna worked with Dell where she was the creator of security analytics for a major healthcare customer which were presented at the 2016 IASAP conference. In addition, Laurianna has more than 21 years experience in various IT domains. She has served as the Director of Systems Engineering for a telemarketing firm, the UNIX/MVS Manager for a major airline and has IT experience in the healthcare, communications, transportation, education, retail, and other industry sectors. Laurianna holds both the CCNA Security and CISSP designations.
Falcon OverWatch Experts Hunt 24/7 To Stop Incidents Before They Become Breaches
Is your IT security team suffering from alert fatigue? For many organizations, chasing down every security alert can tax an already overburdened IT department, often resulting in a breach that might have been avoided. Adding to this challenge is an increase in sophisticated threats that strike so fast and frequently, traditional methods of investigation and response can’t offer adequate protection.
A new webcast from CrowdStrike, “Proactive Threat Hunting: Game-Changing Endpoint Protection Above and Beyond Alerting,” discusses why so many organizations are vulnerable to unseen threats and alert fatigue, and why having an approach that is both reactive and proactive is key. You’ll also learn about Falcon OverWatch™, CrowdStrike’s proactive threat hunting service that investigates and responds to threats immediately, dramatically increasing your ability to react before a damaging breach occurs.
Download the webcast slides to learn:
--How constantly reacting to alerts prevents you from getting ahead of the potentially damaging threats designed to bypass standard endpoint security
--Why an approach that includes proactive threat hunting, sometimes called Managed Detection and Response, is key to increasing protection against new and advanced threats
--How CrowdStrike Falcon OverWatch can provide 24/7 managed threat hunting, augmenting your security efforts with a team of cyber intrusion detection analysts and investigators who proactively identify and prioritize incidents before they become damaging breaches
Mitigating Security Risks in Vendor Agreements
Providers of software, software-as-a-service, managed services, and professional services have varying degrees of sophistication in addressing security in their form contracts. Learn from an experienced technology attorney how to understand key clauses, or discover when they are missing, to ensure that the company's vendors are compliant with the appropriate security measures before signing the deal.
Brian Kirkpatrick is the founding shareholder of Kirkpatrick Law PC and a business attorney with a technology focus. He also serves as Of Counsel to Mullin Law PC for matters involving technology and information security.
His practice revolves around clients needing assistance in technology transactions, data privacy, cyber security, software compliance and audits, and general counsel related to business matters. Brian was voted 2015 Top Technology Attorney in Tarrant County by his peers as published in Fort Worth Texas Magazine.
Brian has published numerous articles and lectured nationally on legal topics such as software as a service, software licensing, contract negotiation, cyber security and legal considerations when starting a business. He is also featured in radio news interviews, as a conference panelist, a featured speaker, and is featured in an instructional video series about conducting negotiations. Before entering the legal profession, Brian was a Vice President commercial banker.
Brian is a graduate of Texas A&M University School of Law where he was inducted into the National Order of Barristers. He also has a Masters of Arts in Applied Economics from Southern Methodist University and a Bachelors of Science in Economics from Texas A&M University - Commerce where he was inducted into the Omicron Delta Epsilon International Economics Honor Society.
Security is overdue for actionable forecasts. Like predicting the weather, similar models should work for vulnerabilities. With some open source data and a clever machine learning model, Kenna Securities can predict which vulnerabilities attackers are likely to write exploits for. Their model has 90 percent accuracy, one the day a vulnerability is released. The speaker will issue some forecasts live.
(Source: RSA Conference USA 2018)
Introducing the Vulnerability Management Maturity Model - VM3
The information security landscape has evolved significantly during the last 5 years with the emergence and wider use of new technologies such as Cloud, BYOD, Mobile and the Internet of Things. Alongside this landscape, corporate organizations‰Ûª key defense leaders, CIOs, CSOs and CISOs, have evolved in their information security defense strategies, as well as in how they think and approach information security. This different and evolved landscape, combined with defense leaders‰Ûª new mindset, has influenced key information security processes and in particular, has resulted in a greater understanding of the process of Vulnerability Management.
This session presents a Vulnerability Management Maturity Model, referred to as VM3, and which identifies six different levels of vulnerability management maturity within which different organizations operate. Detailed findings and lessons learned from of a recent study on vulnerability management maturity are shared.
The session covers the six high level activities, as well as a surrounding business environment which characterize an organization's execution of the vulnerability management process. Key challenges present within each of the six high level activities of vulnerability management, as well as challenges imposed by the organization's surrounding business environment are identified and described. Attendees will learn and appreciate how these key challenges impede one's ability to achieve higher levels of maturity, as well as strategies on overcoming these identified challenges. Attendees will learn how they may help their organization evolve to higher levels of vulnerability management maturity, with the goal of achieving lower levels of information security risk.
Gordon MacKay, CISSP, Software/Systems Guru with a dash of security hacking, serves as CTO for Digital Defense, Inc. He applies mathematical modeling and engineering principles in investigating solutions to many of the challenges within the information security space. His solution to matching network discovered hosts within independent vulnerability assessments across time resulted in achieving patent-pending status for the company’s scanning technology.
He has presented at many conferences including ISC2 Security Summit, Cyber Texas, BSides Detroit, BSides San Antonio, BSides Austin, BSides DFW, RSA and more, and has been featured by top media outlets such as Fox News, CIO Review, Softpedia and others.
He holds a Bachelor's in Computer Engineering from McGill University and is a Distinguished Ponemon Institute Fellow.
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...MITRE - ATT&CKcon
The Vocabulary for Event Recording and Incident Sharing (VERIS) is a set of metrics designed to provide a common language for describing security incidents in a structured and repeatable manner.
VERIS has been the base analysis framework for supporting the Verizon Data Breach Investigations Report (DBIR) since its inception. However, as organizations work to interpret the richness of information present on the DBIR to a more tactical level, the Threat Action Varieties available on VERIS fail to capture the detail present on the incidents recorded.
This talk presents the Verizon Common Attack Framework (VCAF), an effort from the Security Data Science team and the DBIR team in Verizon to expand and map the ATT&CK framework in alignment with the DBIR Threat Action Varieties to provide this much-sought level of granularity in recording and analyzing recorded breaches.
Additionally, this talk describes possible outcomes when this data is available and organized as such. Examples include applying DBIR-inspired attack vector analytics upon ATT&CK layer information, effectively identifying optimal control choke points on the attack graphs according to specific industries covered by the DBIR.
How to Replace Your Legacy Antivirus Solution with CrowdStrikeCrowdStrike
THE TIME HAS COME TO REPLACE YOUR ANTIVIRUS SOLUTION
Legacy AV products are failing to stop modern threats. That’s why AV replacement is a hot topic in the industry and why enterprises in every sector are looking for answers. As breaches continue to dominate the headlines, you need to know that there is a new approach that can close the wide security gap left by yesterday’s AV solutions. Defending against today’s sophisticated polymorphic threats requires new weapons and that’s just what the CrowdStrike Falcon Platform delivers.
The key to this new approach is going beyond malware to addressing the most complex and persistent cyber threats at every stage of the kill chain. CrowdStrike does this by combining next-gen antivirus, endpoint detection and response (EDR), and a managed threat hunting service – all cloud-delivered with a single lightweight agent.
In this CrowdCast, Dan Larson, VP, Product Marketing will discuss:
--The typical challenges with legacy antivirus, from efficacy to complexity & bulky architecture
--How CrowdStrike stands above competitive offerings by providing robust threat prevention leveraging artificial intelligence and machine learning
--How Falcon’s lightweight sensor and cloud architecture dramatically reduces operational burden
--How you can seamlessly migrate from legacy antivirus to CrowdStrike Falcon
--Why CrowdStrike was positioned as a “Visionary” in the 2017 Gartner Magic Quadrant for Endpoint Protection Solutions and what it says about our standing as an effective AV replacement
Layered Security / Defense in Depth
One area that I have found that even seasoned security professionals have a problem with articulating is layered security (defense in depth). Most are familiar with their area of expertise (servers, networks, pen testing, etc.), but have never viewed security as a heterogeneous process. In my presentation I use a layered diagram to highlight what controls are in what layers, what controls interact across layers, and what a complete layered security model would look like vs. what a more typical company security model does look like.
Nathan Shepard
CISSP, CISM, CRISC, CISA
33 Years in IT.
21 Years in Information Security.
Information Security consulting at the corporate governance level.
Information Security management for outsourced InfoSec delivery.
Ioan Iacob and Marius Bucur in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
CrowdStrike Webinar: Taking Dwell-Time Out of Incident ResponseBrendon Macaraeg
Today’s attackers are more brazen and patient than ever – often masquerading as legitimate users while they search the victim’s environment for their most prized data. And the longer these attackers remain undetected, the greater the cost to the business, be that your reputation or loss of IP. Therefore, organizations must detect and respond to incidents as quickly, efficiently and accurately as possible.
In this webinar, we provide unique insights into how one Fortune 500 organization successfully responded to a sustained and sophisticated breach. You’ll hear from the incident responders and digital forensics experts who actually worked the case, and learn the the cutting-edge techniques that were used. We will cover topics such as:
* Typical infrastructure weaknesses prevalent in organizations today
* How attackers exploit IT infrastructure weaknesses
* The prevalence of attacker attempts to re-enter environments, even after full remediation
* How state-of-the-art digital detection and forensics tools like
* Falcon Host & Falcon Forensics speed remediation by providing immediate visibility AND rear-view mirror look at past activities
incident response, DFIR, reducing dwell time, cybersecurity, cyber security, best practices
Array Networks - A Layered Approach to Web and Application Security
Encryption creates the need for at least two levels of security. ADC’s provide high availability and a secure layer for SSL traffic termination, decryption, inspection and forwarding to advanced security appliances for further inspection.
Ed Keiper is a senior systems engineer with Array Networks. His background includes 10+ years of experience in cloud computing, infrastructure and security.
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMCrowdStrike
CrowdStrike Falcon with next-gen AV protects your Mac-based organization
If your organization has moved to a Mac-based platform, or are considering it, you may be aware that threats targeting Mac devices are on the rise. A new webcast from CrowdStrike, "Defending Against Threats Targeting the Mac Platform" discusses how the increase in Mac adoptions has given rise to a new class of targeted threats and explains why standard security solutions can't protect you.
In this CrowdCast, Peter Ingebrigtsen, as discussed why more companies are switching to the Mac platform, the new threats targeting Macs, and what you can do to better protect your organization.
Download the slides to learn:
Why more IT departments are switching to the Mac platform
How new threats targeting Macs are able to bypass standard security measures
How CrowdStrike's next-gen AV employs machine learning and behavioral analytics to defend against threats aimed at the Mac platform
On-Demand CrowdCast Link: https://www.crowdstrike.com/resources/crowdcasts/defending-threats-targeting-mac-platform/
Security by Design: An Introduction to Drupal SecurityTara Arnold
Security experts from Mediacurrent, Townsend Security and Lockr uncover how you can protect your site from the growing cybercrime business by starting off on the right foot. This interactive webinar will get you the foundation you need to protect your site and your organization when using Drupal.
YOU'LL LEARN:
Security by design in Drupal
Site audit and security best practices
Encrypting sensitive data
Key management (encryption & API)
Resources to improve security
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...CrowdStrike
Learn how to prevent & detect even the most complex “file-less” ransomware exploits
Ransomware continues to evolve as perpetrators develop new exploits with consequences that can be dramatic and immediate. The purveyors of ransomware continue to prosper with adversaries developing new strains such as Zepto and Cerber that are proving to be more challenging than ever. Other exploits can alter programmable logic controller (PLC) parameters and adversely impact mechanical systems. Clearly, new defense approaches are needed because organizations can no longer rely on backups and conventional security solutions to protect them. Join CrowdStrike Senior Security Architect Dan Brown as he offers details on these sophisticated new ransomware threats, and reveals recent innovations designed to offer better protection – including new indicator of attack (IOA) behavioral analysis methodologies that can detect and prevent even the most complex “file-less” ransomware exploits.
Attend this CrowdCast where Dan will discuss:
--The challenges of defending against dangerous new variants, such as Zepto and Cerber
--Real-world examples of ransomware in action and the sophisticated tactics being used by a variety of adversaries
--How the CrowdStrike Falcon cloud-delivered platform can defend your organization against new super strains of ransomware that use sophisticated malware-free tactics
Save Time and Act Faster with PlaybooksThreatConnect
Ingesting threat data, malware analysis, and data enrichment can all be time consuming tasks. ThreatConnect’s Playbooks feature can automate these things along with almost any cybersecurity task using an easy drag-and-drop interface - no coding needed.
You’ll learn how to:
- Build Playbooks that automatically run based on events in your network.
- Easily send indicators to any of ThreatConnect’s 100+ integration partners including firewalls and SIEMS.
- Ingest and send data from any tool (including tools not yet integrated with ThreatConnect).
- Use Playbooks to get disconnected tools to all talk to each other.
We build a Playbook live on the webinar and also show you where to find ThreatConnect-provided Playbook templates.
Security in the age of open source - Myths and misperceptionsTim Mackey
As delivered at Interop ITX 2017.
The security of open source software is a function of the security of its components. For most applications, open source technologies are at their core, but security related issues may not be disclosed directly against the application because its use of the open-source component is hidden. In this talk, I explored how information flow benefits attackers, but how awareness can help defenders. I presented key attributes any vulnerability solution should have - including deep understanding of how open source development works and being DevOps aware.
Continuous security: Bringing agility to the secure development lifecycleRogue Wave Software
Presented at AppSec California 2017. The fact that software development is moving towards agile methodologies and DevOps is a given, the question is: How do you transform processes and tools to get the biggest advantage? Using application security testing as an example, this talk cuts through all the news, research, and standards to define a holistic process for integrating Agile testing and feedback into development teams. The talk describes specific processes, automation techniques, and the smart selection of tools to help organizations produce more secure, OWASP-compliant code and free up development time to focus on features.
Want to detect threats in your organization? Stop reading every feed and curate your threat intel and content so they actually work for your security architecture. By managing meaningful threat intelligence so the external intel maps to internal threat models and curating your content sensibly, you can create a high-functioning SOC that both detects and defends against cyberattacks.
(Source: RSA Conference USA 2018)
Everything you really need to know about IDS (Intrusion Detection Systems) Combining with HoneyPots. Deployment and usage techniques used in the past and today. How to setup and deploy onto any network including the cloud. Reasons why this should be used in all networks. How to bring BIG DATA down to Small Data that is easy to understand and monitor.
It’s all over the news that data breaches occur daily! I asked WHY these hackers can download terabytes of data in timespans of months without being noticed. What are these companies paying their SOC team millions of dollars for? How come all the money is going to devices to prevent breaches and little to none in detecting when they occur? Don’t people know there are only two types of companies “those that been hacked, and those that don’t know they been hacked”. What can I do to detect a breach within seconds on any network scale? I think I figured it out. In my talk you’ll learn how you and your clients can benefit by applying my exclusive techniques, which I’ve successfully deployed. So the next time you get hacked the hacker would not be able to steal all those credit cards and photos of that Halloween party.
Applied cognitive security complementing the security analyst Priyanka Aash
Security incidents are increasing dramatically and becoming more sophisticated, making it almost impossible for security analysts to keep up. A cognitive solution that can learn about security from structured and unstructured information sources is essential. It can be applied to empower security analysts with insights to qualify incidents and investigate risks quickly and accurately.
(Source : RSA Conference 2017)
Cyber Risk Management in 2017 - Challenges & RecommendationsUlf Mattsson
With cyber attacks on the rise, securing your data is more imperative than ever. In future, organizations will face severe penalties if their data isn’t robustly secured. This will have a far reaching impact for how businesses deal with security in terms of managing their cyber risk.
Join this presentation to learn the cyber security controls prescribed by regulation, how this impacts compliance, and how cyber risk management helps CISOs understand the degree these controls are in place and where to prioritize their cyber dollars and ensure they are not at risk for fines.
Viewers will learn:
- The latest cybercrime trends and targets
- Trends in board involvement in cybersecurity
- How to effectively manage the full range of enterprise risks
- How to protect against ransomware
- Visibility into third party risk
- Data security metrics
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
https://www.brighttalk.com/webcast/14723/234829?utm_source=Compliance+Engineering&utm_medium=brighttalk&utm_campaign=234829 :
With cyber attacks on the rise, securing your data is more imperative than ever. In future, organizations will face severe penalties if their data isn’t robustly secured. This will have a far reaching impact for how businesses deal with security in terms of managing their cyber risk.
Join this presentation to learn the cyber security controls prescribed by regulation, how this impacts compliance, and how cyber risk management helps CISOs understand the degree these controls are in place and where to prioritize their cyber dollars and ensure they are not at risk for fines.
Viewers will learn:
- The latest cybercrime trends and targets
- Trends in board involvement in cybersecurity
- How to effectively manage the full range of enterprise risks
- How to protect against ransomware
- Visibility into third party risk
- Data security metrics
The State of Application Security: What Hackers BreakImperva
Companies of all sizes face a universal security threat from today's organized hacking industry. Why? Hackers are decreasing costs and expanding their reach with tools and technologies that allow for automated attacks against Web applications. The hacker’s arsenal includes armies of zombies (i.e. global networks of compromised computers) that access large amounts of personal and corporate data that can be sold on the black market.
As part of Imperva's ongoing Hacker Intelligence Initiative, we monitored and categorized individual attacks across the Internet over a period of six months. This webinar will detail the results of this research, which encompasses attacks witnessed via onion router (TOR) traffic as well as attacks targeting 30 different enterprise and government Web applications. The research includes:
• Insight into how automation allows hackers to generate 7 attacks per second
• Overview of the top vulnerabilities exploited by hackers: directory traversal, cross-site scripting (XSS), SQL injection, and remote file inclusion (RFI)
• Detail into which countries generate the most malicious activity
• Recommendations, both technical and nontechnical, for security teams and executive
The State of Application Security: What Hackers BreakImperva
Companies of all sizes face a universal security threat from today's organized hacking industry. Why? Hackers are decreasing costs and expanding their reach with tools and technologies that allow for automated attacks against Web applications. The hacker’s arsenal includes armies of zombies (i.e. global networks of compromised computers) that access large amounts of personal and corporate data that can be sold on the black market.
As part of Imperva's ongoing Hacker Intelligence Initiative, we monitored and categorized individual attacks across the Internet over a period of six months. This webinar will detail the results of this research, which encompasses attacks witnessed via onion router (TOR) traffic as well as attacks targeting 30 different enterprise and government Web applications.
Unit III AssessmentQuestion 1 1. Compare and contrast two.docxmarilucorr
Unit III Assessment:
Question 1
1. Compare and contrast two learning theories. Which one do you believe is most effective? Why?
Your response should be at least 200 words in length.
Question 2
1. Explain how practice helps learning. Give examples of how this has helped you.
Your response should be at least 200 words in length.
Running head: RANSOMWARE ATTACK 1
RANSOMWARE ATTACK 2
Situational Report on Ransomware Attack
Name
Institution
Date
Ransomware Attack-Situational Report
The current attack involves ransomware located inside the organizational network. The ransomware attacker has also raised the demand to $5000 in Bitcoin per nation-state. Virtual currencies such as Bitcoin present significant challenges and has widespread financial implications. The malware was zipped and protected with a password. The affected hosts had executable files and also malicious artifacts. The malware dropped some items in the database. The malware also had to write privileges as it uploaded some files to the webserver (Johnson, Badger, Waltermire Snyder & Skorupka, 2016). The malware also retrieved some files from the server using the “GET” HTTP request. The file hash and requested passed onto the urls indicate a breach of security.
Security Incident Report / SITREP #2017-Month-Report#
Incident Detector’s Information
Date/Time of Report
15/02/2018 1.40 p.m.
First Name
Amanda
Last Name
Smith
OPDIV
Avitel/Information Security
Title/Position
System Analyst
Work Email Address
[email protected]
Contact Phone Numbers
Work 321-527-4477
Government Mobile
Government Pager
Other
Reported Incident Information
Initial Report Filed With (Name, Organization)
CISO, Avitel Analysts
Start Date/Time
15/02/2018
Incident Location
HR Office
Incident Point of Contact (if different than above)
Internal Ransomware
Priority
Level 2
Possible Violation of ISO/IEC 27002:2013
YES ISO/IEC 27002
Privacy Information - ISO 27000 (Country Privacy Act Law)
The incident violated ISO 27000. The attack is an indication of failure in the state of the corporate network or existing security policies.
The target suffered adversely by limiting the conference participants from accessing the network resources. The violation was intentional.
Incident Type
Alteration of information from the server. There are database queries indicating that the attack involved modifying some entries in the database.
US-CERT Category
Ransomware/ Unauthorized Access
CERT Submission Number, where it exists
The ransomware attack can be reported to the CCIRC Canadian Cyber Incidence Response Centre Team for an appropriate response to the incident.
Description
The ransomware makes it quite difficult to guess the password unless the conference participants pay the demanded amount. The Crypto-ransomware locks the system unless the system is unlocked via the password.
1. User asked to update links
2. User disables security controls
3. Malware opens a command prompt
4. The script u ...
Visão geral sobre a solução iDefense da VeriSign de resposta a incidentes em tempo real, remediação de fraudes on-line, gerenciamento de riscos, conhecimentos dos impactos globais das ameaças, proteção proativa, entre outros benefícios.
Visão geral sobre a solução iDefense da VeriSign de resposta a incidentes em tempo real, remediação de fraudes on-line, gerenciamento de riscos, conhecimentos dos impactos globais das ameaças, proteção proativa, entre outros benefícios.
Cyber Security Department
Graduation Project (407422)
Project Title Here ….
Submitted By:
Student Name
Student ID
Name 1
Id1
Term:
Date:
33 | Page
Table of Contents
1.Introduction5
2.Problem Statement5
3.Background5
4.Requirements and specification5
4.1.UserGroups5
4.2.Functional Requirements6
4.3.Non-Functional Requirements (NFRs)7
5.System Design10
5.1.
Solution
Concept10
5.2.Proposed System Architecture11
5.2.1Alternative 111
5.2.2Aternative 211
5.2.3etc11
5.2.4Production and Staging Environments13
5.3.Component Design13
5.3.1Hardware Components13
5.3.2Software Components13
5.3.2.1User Interface – Web client13
5.3.2.2.UseCaseDescription13
5.3.2.3.Back-End Database14
4.4.Design Evaluation15
6.Implementation16
6.1System Implemented Architecture16
6.1.1.Tier Two – Application Server and Web-Server16
6.1.1.1.The Web-Server16
<<if needed>>16
6.2Access Levels16
6.3System Services or Functionalities16
7.Testing, Analysis and Evaluation17
7.1Testing Methodology17
7.2System Analysis and Evaluation17
7.3Test Execution and Test Results17
7.3.1Integration Testing17
7.3.2Functional Testing17
7.4Examples on testing18
7.4.1Check password Strength18
<< this might be an example of testing password strength>>18
8.Issues, Engineering Tools and Standards18
8.1.Issues18
8.2.Engineering Tools and Standards18
9.Teamwork18
10.Conclusion20
10.1.Conclusion20
10.2.Future Work20
Appendix A: Test Plan21
Appendix B: Progress Report-Teamwork22
Appendix C- Attachments and Source Code24
References25
29 | Page
List of Figures
Figure 5 Use-Case Diagram12
Figure 7 High Level Implementation Architecture15
Figure 14 Security Domains Access Levels15
List of Tables
Table 1 User Groups5
Table 2 Non Functional Requirements7
Table 3 System Use Case Description12
Table 4 Comparing On-Cloud and On-Site Options14
Table 7 Team responsiblites, Contributions, and expertise18
1. Introduction
Systems and workstations that are running Microsoft Windows but have not been patched against the vulnerability that is known as "Eternal Blue" are susceptible to having their data stolen if the vulnerability has not been patched. A vulnerability is a fault in a computer system that, when exploited, could compromise the device's or system's level of security (Ding, et al., 2019). After the security flaw has been exploited, the hacker will be able to steal information, which will result in a data breach. The SMBv01 protocol that is utilized by Windows systems is the target of the vulnerability known as Eternal Blue.
Techniques such as heap spraying and buffers overrun are utilized throughout the attack in order to gain access to systems and devices that are powered by Windows operating systems. Notably, this vulnerability was exploited in the WannaCry ransomware attack that occurred in 2017, which encrypted the files of victims and demanded a ransom in order to decrypt the information. After it was initially launched, the attack would quickly spread to other systems, delivering co ...
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
# Internet Security: Safeguarding Your Digital World
In the contemporary digital age, the internet is a cornerstone of our daily lives. It connects us to vast amounts of information, provides platforms for communication, enables commerce, and offers endless entertainment. However, with these conveniences come significant security challenges. Internet security is essential to protect our digital identities, sensitive data, and overall online experience. This comprehensive guide explores the multifaceted world of internet security, providing insights into its importance, common threats, and effective strategies to safeguard your digital world.
## Understanding Internet Security
Internet security encompasses the measures and protocols used to protect information, devices, and networks from unauthorized access, attacks, and damage. It involves a wide range of practices designed to safeguard data confidentiality, integrity, and availability. Effective internet security is crucial for individuals, businesses, and governments alike, as cyber threats continue to evolve in complexity and scale.
### Key Components of Internet Security
1. **Confidentiality**: Ensuring that information is accessible only to those authorized to access it.
2. **Integrity**: Protecting information from being altered or tampered with by unauthorized parties.
3. **Availability**: Ensuring that authorized users have reliable access to information and resources when needed.
## Common Internet Security Threats
Cyber threats are numerous and constantly evolving. Understanding these threats is the first step in protecting against them. Some of the most common internet security threats include:
### Malware
Malware, or malicious software, is designed to harm, exploit, or otherwise compromise a device, network, or service. Common types of malware include:
- **Viruses**: Programs that attach themselves to legitimate software and replicate, spreading to other programs and files.
- **Worms**: Standalone malware that replicates itself to spread to other computers.
- **Trojan Horses**: Malicious software disguised as legitimate software.
- **Ransomware**: Malware that encrypts a user's files and demands a ransom for the decryption key.
- **Spyware**: Software that secretly monitors and collects user information.
### Phishing
Phishing is a social engineering attack that aims to steal sensitive information such as usernames, passwords, and credit card details. Attackers often masquerade as trusted entities in email or other communication channels, tricking victims into providing their information.
### Man-in-the-Middle (MitM) Attacks
MitM attacks occur when an attacker intercepts and potentially alters communication between two parties without their knowledge. This can lead to the unauthorized acquisition of sensitive information.
### Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
5. NCTOC Security Operations Center Principles
https://www.nsa.gov/resources/cybersecurity-professionals/assets/files/top-5-soc-principles.pdf
Five Security Best Practices
1) Establish a Defendable Perimeter
2) Ensure Visibility Across the Network
3) Harden to Best Practices
4) Use Threat Intelligence & Machine Learning
5) Create a Culture of Curiosity
6. https://code.nsa.gov/
NSA Open Source Software Library
Windows-Event-Log-Messages
Retrieves the definitions of Windows Event Log
messages embedded in Windows binaries and
provides them in discoverable formats. #nsacyber
Spectre-and-Meltdown-Guidance
Guidance for the Spectre and Meltdown
vulnerabilities. #nsacybe
unfetter
Identifies defensive gaps in security posture by leveraging
Mitre's ATT&CK framework. #nsacyber
Event-Forwarding-Guidance
Configuration guidance for implementing collection of
security relevant Windows Event Log events by using
Windows Event Forwarding. #nsacybe
Windows-Secure-Host-Baseline
Configuration guidance for implementing the Windows 10
and Windows Server 2016 DoD Secure Host Baseline
settings. #nsacyber
Guides and Tools for Cybersecurity