The document discusses various aspects of cyber security. It begins by highlighting the importance of cyber security and noting that the only truly secure system is one that is powered off, locked in a bunker, and guarded. It then discusses key concepts in cyber security including threats, vulnerabilities, and the CIA triad of confidentiality, integrity and availability. The document also covers specific cyber threats such as phishing, malware, ransomware, business email compromise, and COVID-19 related cyber threats. It discusses the roles and responsibilities of cyber security professionals and important best practices for security.
Insight is one of the best security operation center that influences all the necessary things that reduce the advanced threats and security risk all over your company and protects your network infrastructure across the organization. https://insightmsp.co.in/soc-as-service.php
Optimizing Security Operations: 5 Keys to SuccessSirius
Organizations are suffering from cyber fatigue, with too many alerts, too many technologies, and not enough people. Many security operations center (SOC) teams are underskilled and overworked, making it extremely difficult to streamline operations and decrease the time it takes to detect and remediate security incidents.
Addressing these challenges requires a shift in the tactics and strategies deployed in SOCs. But building an effective SOC is hard; many companies struggle first with implementation and then with figuring out how to take their security operations to the next level.
Read to learn:
--Advantages and disadvantages of different SOC models
--Tips for leveraging advanced analytics tools
--Best practices for incorporating automation and orchestration
--How to boost incident response capabilities, and measure your efforts
--How the NIST Cybersecurity Framework and CIS Controls can help you establish a strong foundation
Start building your roadmap to a next-generation SOC.
Security Management is very complex and does not limit itself to products and technologies. It is important to consider alternatives when setting up a Security Operation Center (SOC), from insight into the business plan requirements, ability and the skill set of people who will handle the SOC, the responsibilities for the team, budget and more.
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
You own a SIEM, but to be secure, you need a Security Operations Center! How do you cross the chasm? Do you hire staff or outsource? And what skills are needed? Mike Ostrowski, a cybersecurity industry veteran, will review common pitfalls experienced through the journey from SIEM to SOC, the pros and cons of an all in-house SOC vs. outsourcing, and the benefits of a hybrid SOC model.
Learning Objectives:
1: You own a SIEM, but to be secure, you need a SOC. How do you cross the chasm?
2: What are the pros and cons of in-house, fully managed and hybrid security?
3: What considerations go into deciding whether to employ a hybrid strategy?
(Source: RSA Conference USA 2018)
Cyber Security Trends
Business Concerns
Cyber Threats
The Solutions
Security Operation Center
requirement
SOC Architecture model
SOC Implementation
SOC & NOC
SOC & CSIRT
SIEM & Correlation
-----------------------------------------------------------
Definition
Gartner defines a SOC as both a team, often operating in shifts around the clock, and a facility dedicated to and organized to prevent, detect, assess and respond to cybersecurity threats and incidents, and to fulfill and assess regulatory compliance. The term "cybersecurity operation center "is often used synonymously for SOC.
A network operations center (NOC) is not a SOC, which focuses on network device management rather than detecting and responding to cybersecurity incidents. Coordination between the two is common, however.
A managed security service is not the same as having a SOC — although a service provider may offer services from a SOC. A managed service is a shared resource and not solely dedicated to a single organization or entity. Similarly, there is no such thing as a managed SOC.
Most of the technologies, processes and best practices that are used in a SOC are not specific to a SOC. Incident response or vulnerability management remain the same, whether delivered from a SOC or not. It is a meta-topic, involving many security domains and disciplines, and depending on the services and functions that are delivered by the SOC.
Services that often reside in a SOC are:
• Cyber security incident response
• Malware analysis
• Forensic analysis
• Threat intelligence analysis
• Risk analytics and attack path modeling
• Countermeasure implementation
• Vulnerability assessment
• Vulnerability analysis
• Penetration testing
• Remediation prioritization and coordination
• Security intelligence collection and fusion
• Security architecture design
• Security consulting
• Security awareness training
• Security audit data collection and distribution
Alternative names for SOC :
Security defense center (SDC)
Security intelligence center
Cyber security center
Threat defense center
security intelligence and operations center (SIOC)
Infrastructure Protection Centre (IPC)
مرکز عملیات امنیت
Insight is one of the best security operation center that influences all the necessary things that reduce the advanced threats and security risk all over your company and protects your network infrastructure across the organization. https://insightmsp.co.in/soc-as-service.php
Optimizing Security Operations: 5 Keys to SuccessSirius
Organizations are suffering from cyber fatigue, with too many alerts, too many technologies, and not enough people. Many security operations center (SOC) teams are underskilled and overworked, making it extremely difficult to streamline operations and decrease the time it takes to detect and remediate security incidents.
Addressing these challenges requires a shift in the tactics and strategies deployed in SOCs. But building an effective SOC is hard; many companies struggle first with implementation and then with figuring out how to take their security operations to the next level.
Read to learn:
--Advantages and disadvantages of different SOC models
--Tips for leveraging advanced analytics tools
--Best practices for incorporating automation and orchestration
--How to boost incident response capabilities, and measure your efforts
--How the NIST Cybersecurity Framework and CIS Controls can help you establish a strong foundation
Start building your roadmap to a next-generation SOC.
Security Management is very complex and does not limit itself to products and technologies. It is important to consider alternatives when setting up a Security Operation Center (SOC), from insight into the business plan requirements, ability and the skill set of people who will handle the SOC, the responsibilities for the team, budget and more.
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
You own a SIEM, but to be secure, you need a Security Operations Center! How do you cross the chasm? Do you hire staff or outsource? And what skills are needed? Mike Ostrowski, a cybersecurity industry veteran, will review common pitfalls experienced through the journey from SIEM to SOC, the pros and cons of an all in-house SOC vs. outsourcing, and the benefits of a hybrid SOC model.
Learning Objectives:
1: You own a SIEM, but to be secure, you need a SOC. How do you cross the chasm?
2: What are the pros and cons of in-house, fully managed and hybrid security?
3: What considerations go into deciding whether to employ a hybrid strategy?
(Source: RSA Conference USA 2018)
Cyber Security Trends
Business Concerns
Cyber Threats
The Solutions
Security Operation Center
requirement
SOC Architecture model
SOC Implementation
SOC & NOC
SOC & CSIRT
SIEM & Correlation
-----------------------------------------------------------
Definition
Gartner defines a SOC as both a team, often operating in shifts around the clock, and a facility dedicated to and organized to prevent, detect, assess and respond to cybersecurity threats and incidents, and to fulfill and assess regulatory compliance. The term "cybersecurity operation center "is often used synonymously for SOC.
A network operations center (NOC) is not a SOC, which focuses on network device management rather than detecting and responding to cybersecurity incidents. Coordination between the two is common, however.
A managed security service is not the same as having a SOC — although a service provider may offer services from a SOC. A managed service is a shared resource and not solely dedicated to a single organization or entity. Similarly, there is no such thing as a managed SOC.
Most of the technologies, processes and best practices that are used in a SOC are not specific to a SOC. Incident response or vulnerability management remain the same, whether delivered from a SOC or not. It is a meta-topic, involving many security domains and disciplines, and depending on the services and functions that are delivered by the SOC.
Services that often reside in a SOC are:
• Cyber security incident response
• Malware analysis
• Forensic analysis
• Threat intelligence analysis
• Risk analytics and attack path modeling
• Countermeasure implementation
• Vulnerability assessment
• Vulnerability analysis
• Penetration testing
• Remediation prioritization and coordination
• Security intelligence collection and fusion
• Security architecture design
• Security consulting
• Security awareness training
• Security audit data collection and distribution
Alternative names for SOC :
Security defense center (SDC)
Security intelligence center
Cyber security center
Threat defense center
security intelligence and operations center (SIOC)
Infrastructure Protection Centre (IPC)
مرکز عملیات امنیت
LTS Secure Security Information and Event Management (SIEM), is a technology that provides real-time analysis of security alerts generated by network hardware and applications.
Security Operation Center (SOC) is the most sensible move in order to save your business during an attempted cyber security attack. SOC Represents the Overall Security in an organization/environment which includes Cyber, Digital & Information security and the operations center is responsible for assessing and implementing the Security Posture of an Organization. Through SOC, multiple layers of security are put in place where the objective is to protect Information valuable to an organization.
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
SOC Architecture - Building the NextGen SOCPriyanka Aash
Why are APTs difficult to detect
Revisit the cyber kill chain
Process orient detection
NextGen SOC Process
Building your threat mind map
Implement and measure your SOC
Security Operations Center (SOC) Essentials for the SMEAlienVault
Closing the gaps in security controls, systems, people and processes is not an easy feat, particularly for IT practitioners in smaller organizations with limited budgets and few (if any) dedicated security staff. So, what are the essential security capabilities needed to establish a security operations center and start closing those gaps?
Join Javvad Malik of 451 Research and Patrick Bedwell, VP of Product Marketing at AlienVault for this session covering:
*Developments in the threat landscape driving a shift from preventative to detective controls
*Essential security controls needed to defend against modern threats
*Fundamentals for evaluating a security approach that will work for you, not against you
*How a unified approach to security visibility can help you get from install to insight more quickly
Security operations center 5 security controlsAlienVault
An effective Security Operation Center provides the information necessary for organizations to efficiently detect threats and subsequently contain them. While eliminating the threats we face is an impossible goal, reducing the time it takes to respond and contain them is certainly achievable. Learn 5 security controls for an effective security operations center.
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationPriyanka Aash
This session will present a real case study of methodology and advanced cybersecurity tools used along with important tips and lessons learned on implementing an ISOC project at the second largest city of the nation. Topics include the critical success factors, advanced tools and technologies for ISOC, Situational Awareness, Threat Intelligence Sharing and cybersecurity collaboration.
(Source: RSA USA 2016-San Francisco)
Find out the SOC Cyber Security at Steppa. Our SOC contains several capabilities like process and break down any PC translated information, assess and distinguish suspicious and maicious web and system activities, visualize and monitor all threats in real time.
An in-depth look at:
1. Disruptive Technology and its impact on organizations.
2. Need for a Security Operations Center (SOC) for the 21st century businesses
3. Designing and operating an effective SOC - what it takes to run a successful SOC starting from how we should prepare our minds in terms of approach to the actual implementation and operation.
4. Qualities any SOC Analyst should possess
5. Measuring the success of a SOC - We discuss critical factors to consider when determining the success of a SOC.
LTS Secure Security Information and Event Management (SIEM), is a technology that provides real-time analysis of security alerts generated by network hardware and applications.
Security Operation Center (SOC) is the most sensible move in order to save your business during an attempted cyber security attack. SOC Represents the Overall Security in an organization/environment which includes Cyber, Digital & Information security and the operations center is responsible for assessing and implementing the Security Posture of an Organization. Through SOC, multiple layers of security are put in place where the objective is to protect Information valuable to an organization.
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
SOC Architecture - Building the NextGen SOCPriyanka Aash
Why are APTs difficult to detect
Revisit the cyber kill chain
Process orient detection
NextGen SOC Process
Building your threat mind map
Implement and measure your SOC
Security Operations Center (SOC) Essentials for the SMEAlienVault
Closing the gaps in security controls, systems, people and processes is not an easy feat, particularly for IT practitioners in smaller organizations with limited budgets and few (if any) dedicated security staff. So, what are the essential security capabilities needed to establish a security operations center and start closing those gaps?
Join Javvad Malik of 451 Research and Patrick Bedwell, VP of Product Marketing at AlienVault for this session covering:
*Developments in the threat landscape driving a shift from preventative to detective controls
*Essential security controls needed to defend against modern threats
*Fundamentals for evaluating a security approach that will work for you, not against you
*How a unified approach to security visibility can help you get from install to insight more quickly
Security operations center 5 security controlsAlienVault
An effective Security Operation Center provides the information necessary for organizations to efficiently detect threats and subsequently contain them. While eliminating the threats we face is an impossible goal, reducing the time it takes to respond and contain them is certainly achievable. Learn 5 security controls for an effective security operations center.
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationPriyanka Aash
This session will present a real case study of methodology and advanced cybersecurity tools used along with important tips and lessons learned on implementing an ISOC project at the second largest city of the nation. Topics include the critical success factors, advanced tools and technologies for ISOC, Situational Awareness, Threat Intelligence Sharing and cybersecurity collaboration.
(Source: RSA USA 2016-San Francisco)
Find out the SOC Cyber Security at Steppa. Our SOC contains several capabilities like process and break down any PC translated information, assess and distinguish suspicious and maicious web and system activities, visualize and monitor all threats in real time.
An in-depth look at:
1. Disruptive Technology and its impact on organizations.
2. Need for a Security Operations Center (SOC) for the 21st century businesses
3. Designing and operating an effective SOC - what it takes to run a successful SOC starting from how we should prepare our minds in terms of approach to the actual implementation and operation.
4. Qualities any SOC Analyst should possess
5. Measuring the success of a SOC - We discuss critical factors to consider when determining the success of a SOC.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
2. Which is the third largest economy?
• USA
• China
• ????
3. Importance of Cyber Security
“The only system which is truly secure is one which is
switched off and unplugged, locked in a titanium safe,
buried in a concrete bunker, and is surrounded by
nerve gas and very highly paid armed guards. Even
then, I wouldn’t stake my life on it.”
- Professor Gene Spafford
https://spaf.cerias.purdue.edu/
In security matters:
effectiveness & limitations
• There is nothing like absolute security
• We are only trying to build comfort levels, because security costs money and
lack of it costs much more
• Comfort level is a manifestation of efforts as well as a realization of their
4. Importance of Cyber Security
The Internet allows an attacker to work from anywhere on
the planet.
Risks caused by poor security knowledge and practice:
Identity Theft
Monetary Theft
Legal Ramifications (for yourself and your organization)
Sanctions or termination if policies are not followed
According to the SANS Institute, the top vectors for
vulnerabilities available to a cyber criminal are:
Web Browser
IM Clients
Web Applications
Excessive User Rights
5. Cyber Security
• Cyber security refers to the body of technologies,
processes, and practices designed to protect
networks, devices, programs, and data from attack,
damage, or unauthorized access.
7. Cyber Security is Safety
• Security:We must protect our computers and data in
the same way that we secure the doors to our homes.
• Safety: We must behave in ways that protect us
against risks and threats that come with technology.
10. What is a Secure System? (CIA Triad)
Availability
• Confidentiality – restrict
access to authorized
individuals
• Integrity – data has not
been altered in an
unauthorized manner
• Availability – information
can be accessed and
modified by authorized
individuals in an
appropriate timeframe
14. Threats and Vulnerabilities
What are we protecting our and our stakeholders
information from?
Threats: Any circumstances or events that can
potentially harm an information system by
destroying it, disclosing the information stored on
the system, adversely modifying data, or making
the system unavailable
Vulnerabilities: Weakness in an information system
or its components that could be exploited.
15. WHAT KINDS
OF THREATS
ARE THERE?
Phishing and
Spear- phishing
Attacks
Social Engineering Scams
Common Malware and
Ransomware
Business Email
Compromise
Fake websites that steal
data or infect devices
And much more
16. Phishing
Phishing refers to the practice of creating fake emails or SMS that appear to
come from someone you trust, such as: Bank, Credit Card Company, Popular
Websites
The email/SMS will ask you to “confirm your account details or your
vendor’s account details”, and then direct you to a website that looks just
like the real website, but whose sole purpose is for steal information.
Of course, if you enter your information, a cybercriminal could use it to
steal your identity and possible make fraudulent purchases with your
money.
17. Phishing Statistics
Verizon DBIR 2020: Phishing is the biggest cyber threat for
SMBs, accounting for 30% of SMB breaches
KnowBe4: 37.9% of Untrained Users Fail Phishing Tests
84% of SMBs are targeted by Phishing attacks
A new Phishing site launches every 20 seconds
74% of all Phishing websites use HTTPS
94% of Malware is delivered via email
19. Social Engineering
When attempting to steal information or a
person’s identity, a hacker will often try to
trick you into giving out sensitive information
rather than breaking into your computer.
Social Engineering can happen:
Over the phone
By text message
Instant message
Email
20. Malware = “malicious software”
Malware is any kind of unwanted software that is
installed without your consent on your computer
and other digital devices.
Viruses, Worms, Trojan horses, Bombs, Spyware,
Adware, Ransomware are subgroups of malware.
Malware
21. A virus tries to infect a carrier, which in turn
relies on the carrier to spread the virus around.
A computer virus is a program that can replicate
itself and spread from one computer to another.
Viruses
22. Direct infection: virus can infect files every time a user
opens that specific infected program, document or file.
Fast Infection: is when a virus infects any file that is
accessed by the program that is infected.
Slow infection: is when the virus infects any new or
modified program, file or document.
Great way to trick a antivirus program!
Sparse Infection: is the process of randomly infecting
files, etc. on the computer.
RAM-resident infection: is when the infection buries
itself in your Computer’s Random Access Memory.
Viruses cont.
23. Logic Bombs: is programming code that is designed to
execute or explode when a certain condition is
reached.
Most the time it goes off when a certain time is reached or a
program fails to execute. But it these bombs wait for a
triggered event to happen.
Most common use of this is in the financial/business world.
Most IT employees call this the disgruntled employee
syndrome.
Bombs
24. Trojan horse: is a program or software designed to look like a
useful or legitimate file.
Once the program is installed and opened it steals information or
deletes data.
Trojan horses compared to other types of malware is that it
usually runs only once and then is done functioning.
Some create back-door effects
Another distribution of Trojans is by infecting a server that hosts
websites.
Downfall of Trojans: very reliant on the user.
Trojans
25. Worms and viruses get interchanged commonly in the
media.
In reality a worm is more dangerous than a virus.
User Propagation vs. Self Propagation
Worm is designed to replicate itself and disperse
throughout the user’s network.
Email Worms and Internet Worms are the two most
common worm.
Worms
26. Email worm goes into a user’s contact/address book
and chooses every user in that contact list.
It then copies itself and puts itself into an attachment;
then the user will open the attachment and the process
will start over again!
Example: I LOVE YOU WORM
Email Worm
27. An Internet Worm is designed to be conspicuous to the
user.
The worms scans the computer for open internet ports
that the worm can download itself into the computer.
Once inside the computer the worms scans the
internet to infect more computers.
Internet Worms
28. Zombie & Botnet
Secretly takes over another networked computer
by exploiting software flows
Builds the compromised computers into a zombie
network or botnet
a collection of compromised machines running
programs, usually referred to as worms, Trojan horses,
or backdoors, under a common command and control
infrastructure.
Uses it to indirectly launch attacks
E.g., DDoS, phishing, spamming, cracking
29. Adware is a type of malware designed to display
advertisements in the user’s software.
They can be designed to be harmless or harmful; the adware
gathers information on what the user searches the World Wide
Web for.
With this gathered information it displays ads corresponding to
information collected.
Spyware is like adware it spies on the user to see what
information it can collect off the user’s computer to display pop
ads on the user’s computer.
Spyware unlike adware likes to use memory from programs
running in the background of the computer to keep close watch
on the user.
This most often clogs up the computer causing the program or
computer to slow down and become un-functional.
Adware and Spyware
31. Identity Theft
Impersonation by private information
Thief can ‘become’ the victim
Reported incidents rising
Methods of stealing information
Shoulder surfing
Snagging
Dumpster diving
Social engineering
High-tech methods
Identity Theft
32. Loss of privacy
Personal information is stored electronically
Purchases are stored in a database
Data is sold to other companies
Public records on the Internet
Internet use is monitored and logged
None of these techniques are illegal
Identity Theft
34. Ransomware
Ransomware is a type of
malware that restricts your
access to systems and files,
typically by encryption and then
demands a ransom to restore
access.
Often, systems are infected by
ransomware through a link in a
malicious email. When the user
clicks the link, the ransomware
is downloaded to the user’s
computer, smartphone or other
device. Ransomware may spread
through connected networks.
35. Ransomware
Top Ransomware Vulnerabilities:
• RDP or Virtual Desktop endpoints without MFA
• Citrix ADC systems affected by CVE-2019-19781
• Pulse Secure VPN systems affected by CVE-2019-11510
• Microsoft SharePoint servers affected by CVE-2019-0604
• Microsoft Exchange servers affected by CVE-2020-0688
• Zoho ManageEngine systems affected by CVE-2020-10189
https://www.microsoft.com/security/blog/2020/04/28/ransomware-groups-continue-to-target-healthcare-
critical-services-heres-how-to-reduce-risk/
36. Ransomware Controls
Weapons-Grade Data Backups
Religious Patch Management
Plan to Fail Well (Incident Response Plan)
Know who to call!
Training and Testing Your People
Don’t Open that Email Link/Attachment
37. Business/Official Email Compromise
BEC is a big problem for you and your organization:
Your email is compromised.
Another employee of your organization is compromised
Almost always, these emails fall into 2 categories:
1. Downloading and spreading additional malware
automatically
2. Urging the customer to perform a financial
transaction immediately
Tips and Tricks to share with customers:
BEC made up half of cyber-crime losses in 2019; $75K
per scam
Standard phishing email awareness – don’t click links
or download attachments
Pay attention to the email address
Enable MFA for business email accounts
44. COVID-19 Cyber Threats
• Google: 18+ Million COVID-19 emails in just the one
week, in addition to 240M daily COVID-19 spam
messages
• Phishing up 667% right now
• FBI IC3: 4x complaints per day (1K before COVID-19, now
3k-4k per day)
• 148% spike in ransomware attacks due to COVID-19
• 30%-40% increase in attacker interest relating to RDP (as
measured by Shodan)
• 26% increase in e-comm web skimming in March
• Healthcare, Financial Services, Medical Suppliers and
Manufacturing, Government and Media Outlets all seeing
a large increase in cyber threats
45. Cyber Crime
Cyber Crime is a generic term that refers to all criminal
activities done using the medium of communication
devices, computers, mobile phones, tablets etc. It can be
categorized in three ways:
•The computer as a target – attacking the computers of
others.
•The computer as a weapon- Using a computer to commit
“traditional crime” that we see in the physical world.
•The computer as an accessory- Using a computer as a
“fancy filing cabinet” to store illegal or stolen information.
46.
47.
48. How do you look like to Bad guys?
66.233.160.64
52. System Hacking
system.
System hacking is a vast subject that
consists of hacking the different software-
based technological systems such as laptops,
desktops, etc.
System hacking is defined as the
compromise of computer systems and
software to access the target computer
and steal or misuse their sensitive
information.
Here the malicious hacker exploits the
weaknesses in a computer system or
network to gain unauthorized access to its
data or take illegal advantage.
Hackers generally use viruses, malware,
Trojans, worms, phishing techniques, email
spamming, social engineering, exploit
operating system vulnerabilities, or port
vulnerabilities to access any victim's
56. Global Cyber Security Trends – The next wave
Recent studies reveal three major findings:
•Growing threat to national security - web espionage becomes
increasingly advanced, moving from curiosity to well-funded and
well-organized operations aimed at not only financial, but also
political or technical gain
•Increasing threat to online services – affecting individuals and
industry because of growth of sophistication of attack techniques
•Emergence of a sophisticated market for software flaws –
that can be used to carry out espionage and attacks on Govt.
and Critical information infrastructure. Findings indicate a blurred
line between legal and illegal sales of software vulnerabilities
Mischievous activities in cyber space have expanded from
novice geeks to organized criminal gangs that are going Hi-
tech
57. Attacks today are AUTOMATED!
It’s not some dude sitting at his hacker desk all day typing out
ping commands to IP addresses via the command prompt
manually…
58. What does a Cyber Security Professional look like?
59. What does a Cyber Security Professional look like?
60. Eugene Kaspersky, CEO Kaspersky Labs, £1.1bn
James Lyne, CTO, SANS
David Ulevitch, Founder OpenDNS Katie Moussouris, Microsoft Bug Bounty creator
Dr Laura Toogood, MD Digitalis Reputation
8
Erin Jacobs, CSO at UCB Financial Services
In reality…
61. How We Protect Information?
People
Training, education, awareness, repetition
Process
Governance, oversight, policy, reporting
Technology
Firewalls, IDS/ISP
, SIEM, anti-malware
Strong passwords, Logging/monitoring
Which is the weakest link?
62. Social Engineering Best Practices
USE YOUR SECURITY SPIDER SENSE!
ALWAYS validate requests for
information if you’re not 100000%
sure
Call a number YOU know
Google it…
ALWAYS ASK QUESTIONS!
Is this who I think it is FOR SURE?
Did someone mention this to me
personally, or was it discussed at a staff
meeting?
Is this the FIRST I’m hearing about this?
63. BEC Best Practices
Think through Out of Office emailresponders
Avoid using free web-based email for business
Not only less-professional, but easier to hack,
typosquat, or spoof
Domains and email addresses are cheap, especially
compared to BEC
Register similar domains to yours to prevent
typosquatting e.g. delaplex.com vs. delapelx.com
Be careful about the information you share on
your website or Social Media (LinkedIn, Facebook)
about job duties or positions, especially for
positions with transactional or purchasing authority
64. Sun Tzu on the Art of War
If you know the enemy and
know yourself, you need not
fear the result of a hundred
battles.
If you know yourself but not
the enemy, for every victory
gained you will also suffer a
defeat.
If you know neither the enemy
nor yourself, you will succumb
in every battle.
65. WHAT IS FOOTPRINTING?
Definition: the gathering of information
about a potential system or network (the
fine art of gathering target information)
a.k.a. fingerprinting
Attacker’s point of view
Identify potential target systems
Identify which types of attacks may be useful
on target systems
Defender’s point of view
Know available tools
May be able to tell if system is being
footprinted, be more prepared for possible
attack
Vulnerability analysis: know what
information you’re giving away, what
weaknesses you have
66. WHAT IS FOOTPRINTING?
System (Local or Remote)
IP Address, Name and Domain
Operating System
Type (Windows, Linux, Solaris,
Mac)
Version (XP/Vista/7/10,
Redhat, Fedora, SuSe, Ubuntu,
OS X)
Usernames (and their
passwords)
File structure
Open Ports (what
services/programs are running
on the system)
Networks / Enterprises
System information for all
hosts
Network topology
Gateways
Firewalls
Overall topology
Network traffic information
Specialized servers
Web, Database, FTP, Email,
etc.
Social Media
67. Vulnerability Scanner
Functions of Vulnerability Scanner are far different
from firewall or intrusion detection system.
Vulnerability scanning tools helps you in protecting
your organization from any kind of security risks or
threats by scanning with deep inspection of
endpoints to ensure that they are configured securely
and correctly.
The prime aim of running a vulnerability scanner is to
identify the devices that are open for vulnerabilities.
68. Types of Vulnerability Scanner
Port scanner
Network vulnerability scanner
Web application security scanner
Database security scanner.
Host based vulnerability scanner
ERP security scanner.
Single vulnerability tests.
69. Virus Detection
• Simple Anti-virus Scanners
– Look for signatures (fragments of known virus code)
– Heuristics for recognizing code associated with viruses
• Example: polymorphic viruses often use decryption loops
– Integrity checking to detect file modifications
– Keep track of file sizes, checksums, keyed HMACs of contents
• Generic decryption and emulation
– Emulate CPU execution for a few hundred instructions, recognize
known virus body after it has been decrypted
– Does not work very well against viruses with mutating bodies and
viruses
not located near beginning of infected executable
70. Virus Detection
• Simple Anti-virus Scanners
– Look for signatures (fragments of known virus code)
– Heuristics for recognizing code associated with viruses
• Example: polymorphic viruses often use decryption loops
– Integrity checking to detect file modifications
– Keep track of file sizes, checksums, keyed HMACs of contents
• Generic decryption and emulation
– Emulate CPU execution for a few hundred instructions, recognize
known virus body after it has been decrypted
– Does not work very well against viruses with mutating bodies and
viruses
not located near beginning of infected executable
71. Cyber Security and Privacy Starts and
Ends with Us!
Security Tips
Commit to a disciplined practice of information
security and continue to refresh yourself so you
don’t become a point of vulnerability in our
security defenses.
72. Summary
• Cybersecurity will require a
significant workforce with
deep domain knowledge.
• Almost everything is hooked
up to the internet in some
sort of form.
• Recent events have
widened the eyes of many
security experts.
• The ability to gain access to
high security organizations,
infrastructures or
mainframes has frightened
many people.
• Could one click of the
mouse start World War III?