Dragos’ Year in Review 2018 report provides insights and lessons learned from our team’s first-hand experience hunting and responding to industrial control systems (ICS) adversaries throughout the year, so we can offer recommendations for stronger defenses for industrial organizations and help drive change in the ICS cybersecurity community.
Presentation from Cyber Security for Critical Assets conference (CS4CA ) in Houston, March 26-28 2019 presented by Sergio Caltagirone, Vice President of Threat Intelligence.
Covers:
- overview of the OT threat landscape
- new OT threats Dragos has uncovered through its industrial cybersecurity technology platform, array of services, and industrial threat intelligence.
- details on major industrial threat activity groups and root causes of many recent OT compromises
Learn more here: https://dragos.com/year-in-review/
More info: www.dragos.com
Follow us on LinkedIn: https://www.linkedin.com/company/dragos-inc./
Follow us on Twitter: https://twitter.com/dragosinc
This presentation overviews the key findings and takeaways from Dragos' 2019 ICS Year in Review reports, detailing ICS vulnerability data, global ICS threat activity, and observations from Dragos' professional service engagements--including threat hunts, penetration tests, tabletop exercises, incident response, and more. Go here to read all of the Year in Review reports, view infographics, and watch the webinar: https://dragos.com/year-in-review-2019/
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks Dragos, Inc.
Robert M. Lee's, Dragos CEO, presentation from RSA 2019.
Description: Most industrial security best practices are essentially enterprise security best practices copy/pasted into industrial networks. Yet that is not an effective way to reduce risk against industrial-specific threats. Instead, we can learn from ICS attacks that have occurred. In this presentation, Robert M, Lee, CEO and co-founder of Dragos will provide first-hand insights into industrial threats and the lessons learned for industrial security.
More information here: https://dragos.com/rsa-2019/
More info: www.dragos.com
Follow us on LinkedIn: https://www.linkedin.com/company/drag....
Follow us on Twitter: https://twitter.com/dragosinc
2018 Year in Review- ICS Threat Activity GroupsDragos, Inc.
Intelligence Analyst Selena Larson, Sr. Adversary Hunter Joe Slowik, and Sr. Adversary Hunter Amy Bejtlich overview the 2018 Year in Review report detailing the eight ICS threat activity groups Dragos' Intelligence team tracks and the changing threat landscape.
In this presentation, Matt Bodman, Director of Special Programs at Dragos, demonstrates the basics of Neighborhood Keeper.
Neighborhood Keeper is a collaborative threat detection and intelligence program, led by Dragos in partnership with the DOE, that makes ICS threat analytics and data accessible to the greater ICS community. Its initial participants include: Dragos, Ameren, First Energy, Department of Energy’s Idaho National Labs, North American Electric Reliability Corporation’s Electricity Information Sharing and Analysis Center, and Southern Company.
Neighborhood Keeper will serve smaller providers who lack sufficient resources to buy and manage advanced security technologies, giving them access to collaborative ICS data at near-real-time and providing them immediate insight into the ICS threat landscape without revealing sensitive data.
For more information, please visit https://dragos.com/neighborhood-keeper/
In this presentation Daniel Michaud-Soucy, Principal Threat Analyst at Dragos, will demonstrate three separate models in order to identify gaps in ICS security posture. First, threat modeling serves as an inward look as an ICS network defender in order to properly understand the environment, the threat actors, the impacts, the risks and the crown jewels pertaining to an industrial process. Second, the ICS cyber kill chain serves as an outward look at the steps an adversary needs to take in order to achieve their objectives. Third, the bowtie model allows a graphical representation of the threats to the environment as well as the protection, detection, and response controls that help secure it. In the end, the asset owner creates a holistic picture of the security controls in their network, pertaining to the threat actors they care about and allows identification of gaps in their strategy.
Visit www.dragos.com to learn more about the Dragos industrial cybersecurity platform for increased visibility of assets, threats and guided responses.
How Long to Boom: Understanding and Measuring ICS Hacker MaturityDragos, Inc.
Sergio Caltagirone's, Dragos VP of Threat Intelligence, presentation from RSA 2019.
The industrial control system threat is growing quickly. But ICS hackers do not start by disrupting electric grids. Instead, they mature predictably leading them from things that go bad, to things that go boom. In this presentation, Sergio Caltagirone will explain how using ICS threat intelligence Dragos has developed an ICS hacker maturity model enabling us to determine how much risk a threat poses and predict how long until they reach maximum risk.
More information here: https://dragos.com/rsa-2019/
More info: www.dragos.com
Follow us on LinkedIn: https://www.linkedin.com/company/drag....
Follow us on Twitter: https://twitter.com/dragosinc
Debunking the Hacker Hype: The Reality of Widespread BlackoutsDragos, Inc.
Selena Larson, Dragos Intelligence Analyst's presentation from RSA 2019.
There have been public narratives about the US being on the precipice of a nationwide hacker-caused blackout. What is the reality of adversary activity and the potential or likelihood of a cyber attack that could disrupt the electric grid? What are hackers currently doing in ICS networks? In this presentation, Selena Larson, Intelligence Analyst at Dragos will separate fact from (science) fiction.
More information here: https://dragos.com/rsa-2019/
More info: www.dragos.com
Follow us on LinkedIn: https://www.linkedin.com/company/drag....
Follow us on Twitter: https://twitter.com/dragosinc
Presentation from Cyber Security for Critical Assets conference (CS4CA ) in Houston, March 26-28 2019 presented by Sergio Caltagirone, Vice President of Threat Intelligence.
Covers:
- overview of the OT threat landscape
- new OT threats Dragos has uncovered through its industrial cybersecurity technology platform, array of services, and industrial threat intelligence.
- details on major industrial threat activity groups and root causes of many recent OT compromises
Learn more here: https://dragos.com/year-in-review/
More info: www.dragos.com
Follow us on LinkedIn: https://www.linkedin.com/company/dragos-inc./
Follow us on Twitter: https://twitter.com/dragosinc
This presentation overviews the key findings and takeaways from Dragos' 2019 ICS Year in Review reports, detailing ICS vulnerability data, global ICS threat activity, and observations from Dragos' professional service engagements--including threat hunts, penetration tests, tabletop exercises, incident response, and more. Go here to read all of the Year in Review reports, view infographics, and watch the webinar: https://dragos.com/year-in-review-2019/
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks Dragos, Inc.
Robert M. Lee's, Dragos CEO, presentation from RSA 2019.
Description: Most industrial security best practices are essentially enterprise security best practices copy/pasted into industrial networks. Yet that is not an effective way to reduce risk against industrial-specific threats. Instead, we can learn from ICS attacks that have occurred. In this presentation, Robert M, Lee, CEO and co-founder of Dragos will provide first-hand insights into industrial threats and the lessons learned for industrial security.
More information here: https://dragos.com/rsa-2019/
More info: www.dragos.com
Follow us on LinkedIn: https://www.linkedin.com/company/drag....
Follow us on Twitter: https://twitter.com/dragosinc
2018 Year in Review- ICS Threat Activity GroupsDragos, Inc.
Intelligence Analyst Selena Larson, Sr. Adversary Hunter Joe Slowik, and Sr. Adversary Hunter Amy Bejtlich overview the 2018 Year in Review report detailing the eight ICS threat activity groups Dragos' Intelligence team tracks and the changing threat landscape.
In this presentation, Matt Bodman, Director of Special Programs at Dragos, demonstrates the basics of Neighborhood Keeper.
Neighborhood Keeper is a collaborative threat detection and intelligence program, led by Dragos in partnership with the DOE, that makes ICS threat analytics and data accessible to the greater ICS community. Its initial participants include: Dragos, Ameren, First Energy, Department of Energy’s Idaho National Labs, North American Electric Reliability Corporation’s Electricity Information Sharing and Analysis Center, and Southern Company.
Neighborhood Keeper will serve smaller providers who lack sufficient resources to buy and manage advanced security technologies, giving them access to collaborative ICS data at near-real-time and providing them immediate insight into the ICS threat landscape without revealing sensitive data.
For more information, please visit https://dragos.com/neighborhood-keeper/
In this presentation Daniel Michaud-Soucy, Principal Threat Analyst at Dragos, will demonstrate three separate models in order to identify gaps in ICS security posture. First, threat modeling serves as an inward look as an ICS network defender in order to properly understand the environment, the threat actors, the impacts, the risks and the crown jewels pertaining to an industrial process. Second, the ICS cyber kill chain serves as an outward look at the steps an adversary needs to take in order to achieve their objectives. Third, the bowtie model allows a graphical representation of the threats to the environment as well as the protection, detection, and response controls that help secure it. In the end, the asset owner creates a holistic picture of the security controls in their network, pertaining to the threat actors they care about and allows identification of gaps in their strategy.
Visit www.dragos.com to learn more about the Dragos industrial cybersecurity platform for increased visibility of assets, threats and guided responses.
How Long to Boom: Understanding and Measuring ICS Hacker MaturityDragos, Inc.
Sergio Caltagirone's, Dragos VP of Threat Intelligence, presentation from RSA 2019.
The industrial control system threat is growing quickly. But ICS hackers do not start by disrupting electric grids. Instead, they mature predictably leading them from things that go bad, to things that go boom. In this presentation, Sergio Caltagirone will explain how using ICS threat intelligence Dragos has developed an ICS hacker maturity model enabling us to determine how much risk a threat poses and predict how long until they reach maximum risk.
More information here: https://dragos.com/rsa-2019/
More info: www.dragos.com
Follow us on LinkedIn: https://www.linkedin.com/company/drag....
Follow us on Twitter: https://twitter.com/dragosinc
Debunking the Hacker Hype: The Reality of Widespread BlackoutsDragos, Inc.
Selena Larson, Dragos Intelligence Analyst's presentation from RSA 2019.
There have been public narratives about the US being on the precipice of a nationwide hacker-caused blackout. What is the reality of adversary activity and the potential or likelihood of a cyber attack that could disrupt the electric grid? What are hackers currently doing in ICS networks? In this presentation, Selena Larson, Intelligence Analyst at Dragos will separate fact from (science) fiction.
More information here: https://dragos.com/rsa-2019/
More info: www.dragos.com
Follow us on LinkedIn: https://www.linkedin.com/company/drag....
Follow us on Twitter: https://twitter.com/dragosinc
Meet Me in the Middle: Threat Indications and Warning in Principle and PracticeDragos, Inc.
From #CTISUMMIT.
More info here: https://dragos.com/blog/industry-news/meet-me-in-the-middle-threat-indications-and-warning-in-principle-and-practice/
Video here: https://youtu.be/79RdB3aj2vA
Discussions on threat intelligence often get bogged down between “machine speed” ingestion of atomic indicators and in-depth analysis of activity taking weeks (or months) to produce. Left in the cold in such debates is a very important but seldom considered middle ground: time-sensitive and incomplete but enriched threat intelligence. In the U.S. Navy and similar services, this is referred to as threat “indications and warning” (I&W) – a step beyond a simple observable refined to ensure accuracy and timely receipt.
The goal of I&W is to get actionable, important information to those in need of it most as quickly, efficiently, and accurately as possible, even if as a result some context or other insights are lost. As a result of this activity, consumers are better armed and equipped to deal with and counter threats as they emerge, rather than either reacting to items with no context whatsoever or only reading about their challenges weeks after the fact in a complete intelligence report. This discussion explores the concept of threat I&W within the context of network security generally and threat intelligence specifically to identify this topic as a shamefully ignored middle ground between extremes. The presentation explores the conceptual background behind this idea, then transition to real-life examples of I&W drawn from the speaker’s past activity in threat intelligence, incident response, and military operations.
Solving ICS Cybersecurity Challenges in the Electric IndustryDragos, Inc.
Electric utilities are an integral component of critical infrastructure, and as such, are unique targets for adversaries who aim to disrupt their operations and the day-to-day lives of people who depend on them.
This presentation outlines the experiences of a medium sized US electric utility and how Dragos helped various teams overcome some of their specific OT cyber security challenges.
Jason Christopher, Dragos Principal Cyber Risk Advisor, joins CyberWire for this podcast that discusses the evolution of ICS/OT ransomware, its impacts on the community, and cybersecurity best practices ICS/OT practitioners can implement to combat it. Listen to the full podcast here: https://dragos.com/resource/ransomware-in-an-industrial-world/
Dragos S4X20: Mapping ICS Incidents to the MITRE Attack FrameworkDragos, Inc.
Principal Industrial Pentester, Austin Scott, presents at S4x20 on how to map ICS incidents to the MITRE ATT&CK Framework.
View the webinar here: https://dragos.com/resource/introducing-mitre-attck-for-ics-and-why-it-matters/
Dragos S4x20: How to Build an OT Security Operations CenterDragos, Inc.
Senior Director of Business Development, Matt Cowell's, S4x20 presentation details how to build an effective OT security operations center and the tools and skills needed.
Reassessing the 2016 CRASHOVERRIDE Cyber AttackDragos, Inc.
Upon discovery and initial analysis in mid-2017, audiences primarily viewed CRASHOVERRIDE as a disruptive event targeting electric utility operations in Ukraine. Similar to the 2015 attack in the same area, CRASHOVERRIDE interrupted the flow of electricity by manipulating ICS equipment and delayed recovery operations to prolong the impact. However, CRASHOVERRIDE’s immediate effects represent only the precursors for an attempt at a more ambitious attack than what was achieved.
In this presentation, Dragos Principal Adversary Hunter Joe Slowik reexamines the CRASHOVERRIDE event and likely attacker intentions, highlighting how CRASHOVERRIDE attempted a different type of attack than 2015.
Viewers learn how to begin developing and deploying the required visibility, resilience, and response measures needed to cope with an attack like CRASHOVERRIDE.
To view the webinar, go here: https://youtu.be/yX0ZSu_rVc0
Rising Cyber Escalation US Iran Russia ICS Threats and Response Dragos, Inc.
Dragos discusses the quickly rising tensions between the US, Russia, and Iran, threat intelligence on malicious activity surrounding these tensions, and recommended responses to defend industrial control systems and critical infrastructure worldwide.
Presentations included from Dragos Threat Intelligence following these threats and the Dragos Threat Operations Center currently responding and defending against these threats.
Visit www.dragos.com for more info about industrial cybersecurity
Trisis in Perspective: Implications for ICS DefendersDragos, Inc.
Discovery of TRISIS/TRITON was a landmark event in the Industrial Control Systems (ICS) security community. It is the fifth known ICS-specific malware (following Stuxnet, Havex, BlackEnergy2, and CRASHOVERRIDE), and the first such malware to specifically target safety instrumented systems. Since identification and public disclosure in early December 2017, much has been written on TRISIS, its operation, and mitigations; however, such mitigations are usually too specific to TRISIS and fall short in assisting defenders with safety systems other than a Schneider Electric Triconex. In May, Dragos discovered that XENOTIME, the activity group behind TRISIS, had expanded its targeting to North America and other safety systems. Given this new data, a generalized approach to safety system defense is critical knowledge for ICS security personnel. This discussion aims to provide such an approach to guarding safety systems. We will provide an overview of the TRISIS malware, including its installation, execution and modification to the controller. Next, we will break down the TRISIS event's specific tactics, techniques and procedures (TTPs) and generalize them across the ICS kill chain. Using this model, we provide present-day actionable defense strategies for asset owners, as well as guidance for forensics, restoration, and recovery should an attack be discovered. We also look to the future and recommend ways in which the state of the art can be improved by vendors and ICS owners to empower defenders with the information they need to stop future attacks.
Learn more here: https://www.dragos.com/blog/trisis/
Industrial Control Systems Cybersecurity Technology SelectionDragos, Inc.
Selection criteria for today’s ICS cybersecurity technology presented at S4 2019. Includes:
- Recommendations for best practices before evaluating an industrial cybersecurity solution in OT environments
- Outline of different ICS cybersecurity technologies such as the differences between active and passive scanning, anomaly detection, threat behavior analytics
- What’s important in an industrial control systems cybersecurity platform
- Practical guide to pilots and bake-offs
To learn more read the whitepaper Key Considerations For Selecting An Industrial Cybersecurity Solution for Asset Identification, Threat Detection, and Response https://dragos.com/resource/key-considerations-for-selecting-an-industrial-cybersecurity-solution-for-asset-identification-threat-detection-and-response/
For more about Dragos and the 2019 S4 Detection challenge, read the blog and watch the video here: https://dragos.com/blog/industry-news/dragos-results-of-s4-industrial-cybersecurity-detection-challenge-contest/
More info: www.dragos.com
Follow us on LinkedIn: https://www.linkedin.com/company/dragos-inc./
Follow us on Twitter: https://twitter.com/dragosinc
Dragos Adversary Hunter Jimmy Wylie presents "TRSIS in Perspective" at the 13th annual API conference in Houston, TX. This presentation analyzes the 2017 TRISIS event at an unspecified gas facility in Saudi Arabia--the first deliberate targeting of SIS that could have resulted in potential loss of life. This presentation also examines post-TRISIS, as Dragos has observed that XENOTIME, the adversary group responsible for TRSIS, has expanded its targeting to North America and other safety systems.
Visit www.dragos.com to learn more.
Virtualizing Industrial Controllers (PLCs/DCS Controllers) represents a fundamental shift in the industrial automation industry. Most industries have fully embraced virtualization as a means to support reliability, scalability and resource optimization. However, the industrial control system industry has been slow to adopt virtualization into automation controllers fully. These slides are from Austin Scott's S4 2019 presentation and outlines the benefits of industrial controller virtualization and why automation vendors see this as a threat to their business model. The slides describe a virtualized PLC deployment at a large refinery in North America that allowed them to scale to support the massive size of the plant and includes:
- What is PLC virtualization?
- A brief history of PLC virtualization
- Challenges with PLC virtualization
- The benefits of PLC/Controller virtualization
- Commodity controllers
How to Increase ICS Cybersecurity Return on Investment (ROI) Dragos, Inc.
In Austin's presentation, he will align his 2019 top 5 findings from the Dragos Industrial Penetration Testing team to tactical activities that can be performed to reduce cyberrisk within industrial environments. Return on Investment (ROI) is a broad and subjective term. Even in terms of industrial cyberrisk reduction, the interpretation of ROI can change drastically depending on who you ask. As a member of the Dragos Industrial Penetration Testing team, he sees the world around him in terms of exploitation effort. Exploitation effort is the investment required by an adversary to advance through a network. In his presentation, Austin will detail five ways that will significantly increase the time and energy needed for an adversary while minimizing operational and capital expenditure.
As cyber criminals and nation-states continue to improve the sophistication of attacks that bypass traditional preventive defenses, organizations must evolve their security defenses to reduce dwell time. Join Fidelis Advisor, and ex CIA CTO, Bob Flores and Fidelis Senior Manager, Tom Clare as they delve into the results of The 2018 State of Threat Detection Report and discuss what the research means for organizations large and small across the globe.
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...Kaspersky
A key business goal of any organization is to maintain the constant availability of data and systems that can be trusted for decision-making purposes. The evolving threat landscape has resulted in increasing focus, right to board level, on cybersecurity. IT operational and security teams should demonstrate a comprehensive, cohesive approach in their response to security incidents and data breaches.
Watch this recorded webinar to hear SANS Principal Instructor, Alissa Torres, Fidelis Chief Scientist, Dr. Abdul Rahman and Cyber Security expert, Tom Clare, discuss how organizations can evolve their approach to the fundamentals of a defensible security architecture toward a more robust strategy that is strong enough to defend organizations from the threats of today, and the zero-day threats of tomorrow.
You can't detect what you can't see illuminating the entire kill chainFidelis Cybersecurity
Organizations receive an overwhelming amount of alerts every day from their SIEMs, IPS/IDS, next gen firewalls, etc. Result is too many alerts and not enough manpower, visibility across the organization or enough context to make the right decisions.
We look at every stage of the attack lifecycle…and on every port and protocol. With Fidelis there’s no place for attackers to hide.
Fidelis Endpoint combines rich endpoint visibility and multiple defenses with incident response workflow automation including deep interrogation and recorded playbacks reducing response time from hours to minutes for security analysts. The Fidelis Endpoint module is a component of the Fidelis Elevate platform that delivers automated detection and response.
Here’s some of what we’ll cover:
-Visibility into all threat activity at the endpoint
-Hunting for threats directly on the endpoint, in both file system and memory
-Key event recording and automatic timeline generation
-Automated endpoint response using scripts and playbooks
-Integration with Fidelis Network to improve your team's effectiveness and efficiency
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Network security is a dynamic art, with dangers appearing as fast as black hats can exploit vulnerabilities. While there are basic “golden rules” which can make life difficult for the bad guys, it remains a challenge to keep networks secure. John Chambers, Executive Chairman of Cisco, famously said “there are two types of companies: those that have been hacked, and those who don’t know they have been hacked”. The question for most organizations isn’t if they’re going to be breached, but how quickly they can isolate and mitigate the threat. In this paper, we’ll examine best practices for effective cybersecurity – from both a proactive (access hardening) and reactive (threat isolation and mitigation) perspective. We’ll address how network automation can help minimize cyberattacks by closing vulnerability gaps and how it can improve incident response times in the event of a cyberthreat. Finally, we’ll lay a vision for continuous network security, to explore how machine-to-machine automation may deliver an auto-securing and self-healing network.
Go to www.esgjrconsultinginc.com
Meet Me in the Middle: Threat Indications and Warning in Principle and PracticeDragos, Inc.
From #CTISUMMIT.
More info here: https://dragos.com/blog/industry-news/meet-me-in-the-middle-threat-indications-and-warning-in-principle-and-practice/
Video here: https://youtu.be/79RdB3aj2vA
Discussions on threat intelligence often get bogged down between “machine speed” ingestion of atomic indicators and in-depth analysis of activity taking weeks (or months) to produce. Left in the cold in such debates is a very important but seldom considered middle ground: time-sensitive and incomplete but enriched threat intelligence. In the U.S. Navy and similar services, this is referred to as threat “indications and warning” (I&W) – a step beyond a simple observable refined to ensure accuracy and timely receipt.
The goal of I&W is to get actionable, important information to those in need of it most as quickly, efficiently, and accurately as possible, even if as a result some context or other insights are lost. As a result of this activity, consumers are better armed and equipped to deal with and counter threats as they emerge, rather than either reacting to items with no context whatsoever or only reading about their challenges weeks after the fact in a complete intelligence report. This discussion explores the concept of threat I&W within the context of network security generally and threat intelligence specifically to identify this topic as a shamefully ignored middle ground between extremes. The presentation explores the conceptual background behind this idea, then transition to real-life examples of I&W drawn from the speaker’s past activity in threat intelligence, incident response, and military operations.
Solving ICS Cybersecurity Challenges in the Electric IndustryDragos, Inc.
Electric utilities are an integral component of critical infrastructure, and as such, are unique targets for adversaries who aim to disrupt their operations and the day-to-day lives of people who depend on them.
This presentation outlines the experiences of a medium sized US electric utility and how Dragos helped various teams overcome some of their specific OT cyber security challenges.
Jason Christopher, Dragos Principal Cyber Risk Advisor, joins CyberWire for this podcast that discusses the evolution of ICS/OT ransomware, its impacts on the community, and cybersecurity best practices ICS/OT practitioners can implement to combat it. Listen to the full podcast here: https://dragos.com/resource/ransomware-in-an-industrial-world/
Dragos S4X20: Mapping ICS Incidents to the MITRE Attack FrameworkDragos, Inc.
Principal Industrial Pentester, Austin Scott, presents at S4x20 on how to map ICS incidents to the MITRE ATT&CK Framework.
View the webinar here: https://dragos.com/resource/introducing-mitre-attck-for-ics-and-why-it-matters/
Dragos S4x20: How to Build an OT Security Operations CenterDragos, Inc.
Senior Director of Business Development, Matt Cowell's, S4x20 presentation details how to build an effective OT security operations center and the tools and skills needed.
Reassessing the 2016 CRASHOVERRIDE Cyber AttackDragos, Inc.
Upon discovery and initial analysis in mid-2017, audiences primarily viewed CRASHOVERRIDE as a disruptive event targeting electric utility operations in Ukraine. Similar to the 2015 attack in the same area, CRASHOVERRIDE interrupted the flow of electricity by manipulating ICS equipment and delayed recovery operations to prolong the impact. However, CRASHOVERRIDE’s immediate effects represent only the precursors for an attempt at a more ambitious attack than what was achieved.
In this presentation, Dragos Principal Adversary Hunter Joe Slowik reexamines the CRASHOVERRIDE event and likely attacker intentions, highlighting how CRASHOVERRIDE attempted a different type of attack than 2015.
Viewers learn how to begin developing and deploying the required visibility, resilience, and response measures needed to cope with an attack like CRASHOVERRIDE.
To view the webinar, go here: https://youtu.be/yX0ZSu_rVc0
Rising Cyber Escalation US Iran Russia ICS Threats and Response Dragos, Inc.
Dragos discusses the quickly rising tensions between the US, Russia, and Iran, threat intelligence on malicious activity surrounding these tensions, and recommended responses to defend industrial control systems and critical infrastructure worldwide.
Presentations included from Dragos Threat Intelligence following these threats and the Dragos Threat Operations Center currently responding and defending against these threats.
Visit www.dragos.com for more info about industrial cybersecurity
Trisis in Perspective: Implications for ICS DefendersDragos, Inc.
Discovery of TRISIS/TRITON was a landmark event in the Industrial Control Systems (ICS) security community. It is the fifth known ICS-specific malware (following Stuxnet, Havex, BlackEnergy2, and CRASHOVERRIDE), and the first such malware to specifically target safety instrumented systems. Since identification and public disclosure in early December 2017, much has been written on TRISIS, its operation, and mitigations; however, such mitigations are usually too specific to TRISIS and fall short in assisting defenders with safety systems other than a Schneider Electric Triconex. In May, Dragos discovered that XENOTIME, the activity group behind TRISIS, had expanded its targeting to North America and other safety systems. Given this new data, a generalized approach to safety system defense is critical knowledge for ICS security personnel. This discussion aims to provide such an approach to guarding safety systems. We will provide an overview of the TRISIS malware, including its installation, execution and modification to the controller. Next, we will break down the TRISIS event's specific tactics, techniques and procedures (TTPs) and generalize them across the ICS kill chain. Using this model, we provide present-day actionable defense strategies for asset owners, as well as guidance for forensics, restoration, and recovery should an attack be discovered. We also look to the future and recommend ways in which the state of the art can be improved by vendors and ICS owners to empower defenders with the information they need to stop future attacks.
Learn more here: https://www.dragos.com/blog/trisis/
Industrial Control Systems Cybersecurity Technology SelectionDragos, Inc.
Selection criteria for today’s ICS cybersecurity technology presented at S4 2019. Includes:
- Recommendations for best practices before evaluating an industrial cybersecurity solution in OT environments
- Outline of different ICS cybersecurity technologies such as the differences between active and passive scanning, anomaly detection, threat behavior analytics
- What’s important in an industrial control systems cybersecurity platform
- Practical guide to pilots and bake-offs
To learn more read the whitepaper Key Considerations For Selecting An Industrial Cybersecurity Solution for Asset Identification, Threat Detection, and Response https://dragos.com/resource/key-considerations-for-selecting-an-industrial-cybersecurity-solution-for-asset-identification-threat-detection-and-response/
For more about Dragos and the 2019 S4 Detection challenge, read the blog and watch the video here: https://dragos.com/blog/industry-news/dragos-results-of-s4-industrial-cybersecurity-detection-challenge-contest/
More info: www.dragos.com
Follow us on LinkedIn: https://www.linkedin.com/company/dragos-inc./
Follow us on Twitter: https://twitter.com/dragosinc
Dragos Adversary Hunter Jimmy Wylie presents "TRSIS in Perspective" at the 13th annual API conference in Houston, TX. This presentation analyzes the 2017 TRISIS event at an unspecified gas facility in Saudi Arabia--the first deliberate targeting of SIS that could have resulted in potential loss of life. This presentation also examines post-TRISIS, as Dragos has observed that XENOTIME, the adversary group responsible for TRSIS, has expanded its targeting to North America and other safety systems.
Visit www.dragos.com to learn more.
Virtualizing Industrial Controllers (PLCs/DCS Controllers) represents a fundamental shift in the industrial automation industry. Most industries have fully embraced virtualization as a means to support reliability, scalability and resource optimization. However, the industrial control system industry has been slow to adopt virtualization into automation controllers fully. These slides are from Austin Scott's S4 2019 presentation and outlines the benefits of industrial controller virtualization and why automation vendors see this as a threat to their business model. The slides describe a virtualized PLC deployment at a large refinery in North America that allowed them to scale to support the massive size of the plant and includes:
- What is PLC virtualization?
- A brief history of PLC virtualization
- Challenges with PLC virtualization
- The benefits of PLC/Controller virtualization
- Commodity controllers
How to Increase ICS Cybersecurity Return on Investment (ROI) Dragos, Inc.
In Austin's presentation, he will align his 2019 top 5 findings from the Dragos Industrial Penetration Testing team to tactical activities that can be performed to reduce cyberrisk within industrial environments. Return on Investment (ROI) is a broad and subjective term. Even in terms of industrial cyberrisk reduction, the interpretation of ROI can change drastically depending on who you ask. As a member of the Dragos Industrial Penetration Testing team, he sees the world around him in terms of exploitation effort. Exploitation effort is the investment required by an adversary to advance through a network. In his presentation, Austin will detail five ways that will significantly increase the time and energy needed for an adversary while minimizing operational and capital expenditure.
As cyber criminals and nation-states continue to improve the sophistication of attacks that bypass traditional preventive defenses, organizations must evolve their security defenses to reduce dwell time. Join Fidelis Advisor, and ex CIA CTO, Bob Flores and Fidelis Senior Manager, Tom Clare as they delve into the results of The 2018 State of Threat Detection Report and discuss what the research means for organizations large and small across the globe.
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...Kaspersky
A key business goal of any organization is to maintain the constant availability of data and systems that can be trusted for decision-making purposes. The evolving threat landscape has resulted in increasing focus, right to board level, on cybersecurity. IT operational and security teams should demonstrate a comprehensive, cohesive approach in their response to security incidents and data breaches.
Watch this recorded webinar to hear SANS Principal Instructor, Alissa Torres, Fidelis Chief Scientist, Dr. Abdul Rahman and Cyber Security expert, Tom Clare, discuss how organizations can evolve their approach to the fundamentals of a defensible security architecture toward a more robust strategy that is strong enough to defend organizations from the threats of today, and the zero-day threats of tomorrow.
You can't detect what you can't see illuminating the entire kill chainFidelis Cybersecurity
Organizations receive an overwhelming amount of alerts every day from their SIEMs, IPS/IDS, next gen firewalls, etc. Result is too many alerts and not enough manpower, visibility across the organization or enough context to make the right decisions.
We look at every stage of the attack lifecycle…and on every port and protocol. With Fidelis there’s no place for attackers to hide.
Fidelis Endpoint combines rich endpoint visibility and multiple defenses with incident response workflow automation including deep interrogation and recorded playbacks reducing response time from hours to minutes for security analysts. The Fidelis Endpoint module is a component of the Fidelis Elevate platform that delivers automated detection and response.
Here’s some of what we’ll cover:
-Visibility into all threat activity at the endpoint
-Hunting for threats directly on the endpoint, in both file system and memory
-Key event recording and automatic timeline generation
-Automated endpoint response using scripts and playbooks
-Integration with Fidelis Network to improve your team's effectiveness and efficiency
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Network security is a dynamic art, with dangers appearing as fast as black hats can exploit vulnerabilities. While there are basic “golden rules” which can make life difficult for the bad guys, it remains a challenge to keep networks secure. John Chambers, Executive Chairman of Cisco, famously said “there are two types of companies: those that have been hacked, and those who don’t know they have been hacked”. The question for most organizations isn’t if they’re going to be breached, but how quickly they can isolate and mitigate the threat. In this paper, we’ll examine best practices for effective cybersecurity – from both a proactive (access hardening) and reactive (threat isolation and mitigation) perspective. We’ll address how network automation can help minimize cyberattacks by closing vulnerability gaps and how it can improve incident response times in the event of a cyberthreat. Finally, we’ll lay a vision for continuous network security, to explore how machine-to-machine automation may deliver an auto-securing and self-healing network.
Go to www.esgjrconsultinginc.com
Toward Continuous Cybersecurity With Network AutomationKen Flott
Network security is a dynamic art, with dangers appearing as
fast as black hats can exploit vulnerabilities. While there are
basic “golden rules” which can make life difficult for the bad
guys, it remains a challenge to keep networks secure. John
Chambers, Executive Chairman of Cisco, famously said “there
are two types of companies: those that have been hacked, and
those who don’t know they have been hacked”. The question
for most organizations isn’t if they’re going to be breached, but
how quickly they can isolate and mitigate the threat.
In this paper, we’ll examine best practices for effective
cybersecurity – from both a proactive (access hardening)
and reactive (threat isolation and mitigation) perspective.
We’ll address how network automation can help minimize
cyberattacks by closing vulnerability gaps and how it can
improve incident response times in the event of a cyberthreat.
Finally, we’ll lay a vision for continuous network security, to
explore how machine-to-machine automation may deliver an
auto-securing and self-healing network.
Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...Draup3
Cyber threat analytics, cyber threat detection, and cybersecurity for data privacy & protection are the most common use cases across industries. Download the report to read about the regional hotspots, associated players, cybersecurity ecosystems, and more.
SOC as a Service manages and monitors your logs, devices, network and assets for internal IT teams. It provides skills to combat cybersecurity threats. Get now! - https://mdr.comodo.com/soc-as-a-service.php?afid=10110
This webinar series is designed to help internal auditors looking to equip themselves with competencies and confidence to handle audit of IT controls and information security, and learn about the emerging technologies and their underlying risks
The series focuses on contemporary IT audit approaches relevant to Internal Auditors and the processes underlying risk based IT audits.
Session 10 of 10
This Webinar focuses on Advanced Persistent Threats and targeted cyber attacks:
• Advanced Persistent Threats – the shifting paradigm to targeted attacks
• Understanding Advanced Persistent threats
• Overview of popular types of APTs
• Impact of APTs on sensitive data as well as organisation reputation
• Characteristics and Attack sequence of APT attacks and the challenges in detecting APTs
• Assessing, Managing and Auditing APT Risks
• Data loss and Cyber intrusions
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
https://www.brighttalk.com/webcast/14723/234829?utm_source=Compliance+Engineering&utm_medium=brighttalk&utm_campaign=234829 :
With cyber attacks on the rise, securing your data is more imperative than ever. In future, organizations will face severe penalties if their data isn’t robustly secured. This will have a far reaching impact for how businesses deal with security in terms of managing their cyber risk.
Join this presentation to learn the cyber security controls prescribed by regulation, how this impacts compliance, and how cyber risk management helps CISOs understand the degree these controls are in place and where to prioritize their cyber dollars and ensure they are not at risk for fines.
Viewers will learn:
- The latest cybercrime trends and targets
- Trends in board involvement in cybersecurity
- How to effectively manage the full range of enterprise risks
- How to protect against ransomware
- Visibility into third party risk
- Data security metrics
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Cristian Garcia G.
El panorama de amenazas en evolución basado en nuestro ISTR (Reporte de Anual de Amenazas en Internet Vol. 24) recientemente publicado, refleja las últimas tendencias y cómo se aplican a Colombia y América Latina. Las principales tendencias de transformación digital, como la nube y la movilidad, junto con los nuevos desafíos de seguridad han cambiado el panorama de ciberseguridad por lo que la estrategia debe enfocarse en términos de riesgos clave, regulaciones y hallazgos sobre la madurez de la seguridad. Recomendaciones para enfocar y mejorar las posturas de ciberseguridad para abordar estas tendencias, incluidos los marcos clave, las tecnologías, los procesos y los cambios culturales son parte integral de los pasos a seguir.
Presentacion realizada en Argentina y Paraguay Durante Marzo 2014.
En Argentina por Faustino Sanchez. En Paraguay por Santiago Cavanna.
Trata sobre el problema de la presencia de vulnerabilidades en aplicaciones, el impacto que tiene en las organizaciones y la forma que se encuentra disponible para descubrirlas en forma temprana y facilitar su remediacion
Links disponibles en
http://www.santiagocavanna.com/segurinfo-2014-el-costo-oculto-de-las-aplicaciones-vulnerables/
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptabilityitnewsafrica
Pat Pather, Chief Executive Officer at Forensic Sciences Institute, delivered a presentation on Cyber Security Unchartered: Vigilance, Innovation and Adaptability- Exploring the Depths of Cybersecurity, at Public Sector Cybersecurity Summit 2023 on the 3rd of October 2023. #PublicSec2023 #Conference #Cybersecurity #PublicSector
In this presentation we will look at the cause and effect of the problem, analyze preparedness and learn how you can better prepare, detect, respond and recover from cyber-attacks.
Looking to understand how hackers and other attackers use cyber technology to attack your network and your executives? This slide set provides an overview and details the anatomy of a cyber attack, and the strategies you can use to manage and mitigate risk.
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...SolarWinds
According to the fourth annual Federal Cybersecurity Survey from SolarWinds and Market Connections, insider threats are the leading source of threats to federal agencies. Human error is one of the most common insider threats, followed by abuse of privileges, and theft. The increased sophistication of threats, volume of attacks, and end-user policy violations make agencies more vulnerable than ever. In this webinar, we discussed how implementing the right tools, as well as continuously monitoring systems and networks, can provide the data to make informed decisions and help agencies safeguard against insider threats, and quickly identify and fix vulnerabilities.
During this webinar our presenters discussed:
The 2017 SolarWinds Federal Cybersecurity Survey, and the top sources of threats
How the right tools and technologies can provide IT infrastructure data to help safeguard against malicious and non-malicious internal threats, including:
Utilizing fault, performance, and log management data to help ensure that devices are continuously monitored and operating correctly
Leveraging configuration management to help prevent errors and reduce vulnerabilities
How the implementation of Security Incident and Event Management (SIEM) tools can better equip agencies to quickly detect and respond to security threats and help to reduce vulnerability, including:
Utilizing log data to detect malicious or out-of-policy actions, fine-tune firewall configurations, and monitor Active Directory® changes
How to track devices and users on your network and maintain historic data for forensics
WEBINAR: How To Use Artificial Intelligence To Prevent Insider ThreatsInterset
Interset CTO Stephan Jou joins Holger Schulze, CEO at Cybersecurity Insiders, to discuss the impact of insider attacks and how AI can be used to mitigate these threats. To watch the webinar recording, click here: https://register.gotowebinar.com/register/2916777136713869315
Want to learn more about the risks of insider threats? Check out highlights from the 2018 Insider Threat Report: https://www.slideshare.net/Interset/2018-insider-threat-report-infographic
Securing Electric Utility InfrastructureDragos, Inc.
A Case Study on Asset Baselining, Threat Detection, and Response - presented by Tim Watkins, Schweitzer Engineering Laboratories, and Matt Cowell, Dragos.
The webinar – now available on-demand at https://selinc.com/events/on-demand-webinar/126340/ – provides insights on baselining your operation, building cyber defense, and streamlining ongoing management. SEL and Dragos also shared a case study based on a recent joint effort to address key cybersecurity challenges at a mid-sized US electric utility.
Learn more about Dragos at https://dragos.com or follow us at https://twitter.com/dragosinc
Learn more about SEL cybersecurity at https://selinc.com/solutions/security-for-critical-infrastructure/ or follow us at https://twitter.com/SEL_news
The advent of complex communication networks has revolutionized operational architecture in industrial environments over the last 20-30 years. The availability of real-time operational data has proven to effectively compress decision cycles, increase productivity, and has freed organizations of many resource constraints in their operational environments. However, the fact remains that the reliance on real-time operational data and asset connectivity and communication within industrial environments has also opened the way for attackers to potentially compromise asset functions through the very communication networks that are now depended upon for control of physical processes and safety. Additionally, the steady worldwide increase of industrial cyber-attacks has motivated security professionals to develop a plethora of assessment frameworks to help identify weak points in network defense and lower risk.
Dragos & SRP, PI World 2019: Utilizing Operations Data for Enhanced Cyber Thr...Dragos, Inc.
Adversary groups and activities targeting industrial control systems are on the rise. Security teams are now tasked with defending increasingly complex and critical control systems without interrupting operations. This presentation highlights plans and progress of a large public electric utility to extend threat detection capability using PI system data sets. Integration with a threat detection platform improves situational awareness and adds value in three ways. It first provides confidence for quickly eliminating threat activity as a root cause of operational upsets. The second benefit is improved likelihood of detecting malicious tradecraft targeting control systems. Finally, the integrated approach provides data in support of control system incident response and forensic activities.
Video for presentation here: https://youtu.be/Inn6FPaXN1w
Learn more www.dragos.com
Insights To Building An Effective Industrial Cybersecurity Strategy For Your ...Dragos, Inc.
Key Considerations for Executives from Dragos Executive Year In Review on Industrial Cybersecurity Strategy by Robert M Lee
Addresses questions of :
- How do we know if we’re underspending or overspending on ICS/industrial cybersecurity?
- What is the best thing we can do to get started that will help move us forward in OT security?
- If a major attack happens, what is the role of the government?
More Info here:
https://dragos.com/resource/insights-to-build-an-effective-industrial-cybersecurity-strategy-for-your-organization/
https://www.linkedin.com/company/dragos-inc./
Twitter: https://twitter.com/dragosinc
Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors Dragos, Inc.
Joe Slowik, Dragos Sr. Adversary Hunter's presentation from RSA 2019.
Cyber-defense centers on “what” a technology is designed to look for, with capabilities and limitations depending on the method. Three distinct approaches have emerged: traditional IOCs, anomaly detection and behavioral analytics. Unfortunately, marketing has muddied these terms beyond recognition. In this presentation, Joe Slowik, Adversary Hunter at Dragos will critically examine each approach and its capabilities.
More information here: https://dragos.com/rsa-2019/
More info: www.dragos.com
Follow us on LinkedIn: https://www.linkedin.com/company/drag....
Follow us on Twitter: https://twitter.com/dragosinc
Uncovering ICS Threat Activity Groups for Intelligence-Driven Defense: Dragos has released information about eight threat activity groups that have targeted industrial companies. These groups range from espionage, to learning industrial environments for future effects, to causing a power outage and targeting human life directly. But what are threat activity groups? They are different than what is normally tracked in the community as threat actors and have a different focus for defenders.
The Four Types of Threat Detection and Use Cases in Industrial SecurityDragos, Inc.
Dragos' Sergio Caltagirone and Robert M. Lee discuss the four types of threat detection methods for industrial control systems operations, while providing ICS-specific use cases, to help you determine which detection strategy is most effective for your organization.
The recorded webinar can be found here: hhttps://youtu.be/zqvDu0OaY8k
Aslo check out: Four Types of Threat Detection White Paper: https://dragos.com/blog/FourTypesOfTh...
Part of the Secrets of ICS Cybersecurity webinar series: https://dragos.com/blog/20181017Webin...
More info www.dragos.com
Follow us on LinkedIn: https://www.linkedin.com/company/drag....
Follow us on Twitter: https://twitter.com/dragosinc
Dragos Adversary Hunter Joe Slowik presents on Behavior-Based Defense in ICS at the 13th annual API conference in Houston, TX. This presentation discusses how identifying adversary behaviors and their common requirements and behaviors can help network defenders prepare for future events--exemplifying how network defense for sensitive environments is strengthened through continuous improvement from prior events.
Visit www.dragos.com to learn more.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
6. Vulnerabilities Observations
• 32% ofall advisories had errorsin description andscore
• 80% ofadvisories providedno alternate mitigation advice other than patch
• 18% ofvulnerabilities could beused togain initial access (majority require existing access)
• 60%of advisories cover components which areinsecure-by-design, sopatching them does little tomitigate risk
• 34% ofnetwork vulnerabilities focused on ICSprotocols – remaining were generic protocols such as http, ftp
7. Why does this matter?
Security decisions and compliance requirementfulfillment are made based on public
vulnerabilityinformation.
Generic advice is not meaningful because end users maynot beable to apply patches due
to scheduled patch cycles, inability to accept downtime, etc.
Inaccuratevulnerabilityadvisories can potentially causeunexpected consequences, and
may not reducerisk.
9. Vulnerabilities Likelihood
• High: Perimeter-connected or even internet-connected. Typically Purdue
Level 4 or Level 3.
• Medium: Network devices which will cross-connect multiple networks.
Typically Purdue level 2/3.
• Low: Central assets on control networks. Typically Purdue Level 2.
• None: Field devices. Typically Purdue Level 1
10. Areas of Improvement
• Advisory accuracy
• Advisory mitigation advice
• Vendors self-reporting
• Researcher-vendor collaboration
• More focus on ICSprotocols and less on“generic” protocols in ICS
devices
• Moredetails on impact and likelihood
14. Activity Group Spotlight: XENOTIME
• Activity groupbehind TRISIS targeting Safety Instrumented Systems (SIS).
• In 2018, Dragosidentified new XENOTIME activity targeting entities in the US,and
devices beyond Triconex.
• Dragosidentified several compromises ofICSvendors andmanufacturers in 2018 by
activity associated with XENOTIME.
• The groupuses customized malwarespecifically for the targetenvironment, stolen
credentials tomove between networks, legitimate but compromised servers for
communication, and some Living off the Land techniques.
22. Threat Hunting & Response - Summary
• 55% ofDragos’ DragosTOC engagements in 2018 focused on energy (oil, gas, electric, transmission, generation,
management, andrenewables)
• 44% equally split between engineering andproduction ofchemical, biomedical, andpharmaceutical products;
manufacturing; transportation andshipping; water utilities andwastewater treatment
• 80% of engagements were proactive & focused on helping customers gain an understanding of their industrial
environments (positive trend in the industry)
• 32% ofIR engagements involved an initial vector dating over 365 days
23. Areas of Improvement
• Formalizing Threat Hunting (proactive) procedures
• Identifying gaps in collection using a CMF (Collection Management
Framework)
• Preparation andaction planning for IRevents in ICSnetworks
First slide, I promise is not a product pitch. All I want to do here is illustrate the Dragos team feels uniquely qualified we can be up here speaking with you about this important topic.
Honestly, I believe that a security company is really only as good as the intelligence it provides and this is a core component of our business. Sergio, our VP of Intelligence created the diamond model for intrusion analysis, and our adversary hunters and intelligence analysts provide ICS threat reporting both for technical and executive functions on a weekly basis. Our Intel team works closely with our threat operations center, which is our services team - they help companies with things like threat hunting, table top exercises, and incident response. They are taking what they learn from the field, bring that knowledge in-house, and also allow us to create a product that is specifically built to help the Industrial community.
In 2018 Dragos released our first YIR reports, which there were three, reflecting upon events and data collected in 2017. The reports provide insights and lessons learned from our team hunting and responding to ICS threats throughout the year. This allows us offer recommendations for stronger defenses within industrial organizations and help drive change in the ICS cybersecurity community. This year we have added a fourth report geared toward Executives.
The reason for doing this is pretty simple:
Generally as an industry there is a lack of meaningful metrics
You cannot manage or improve what you cant measure
Lastly, at Dragos, our tagline is securing civilization and we are hoping to set an example and inspire the greater community to move forward
Let’s start with a summary of vulnerabilities. Dragos collects and independently analyzes product vulnerability data from private and public sources including various CERT’s such as ICS-CERT, as well as uncovers product vulnerabilities and collaborates with vendors on disclosure.
- On average, organizations disclosed 17 product vulnerabilities a month through 2018. This was slightly greater than the 14 vulnerabilities a month disclosed in 2017
- While this is a ~22% uptick, we see this as a relatively flat trend - still something that needs to be addressed regardless.
Key statistics to note in this area:
As far as the public CVSS advisories were concerned, we found that 32% had errors in description and score (vs 18% error rate in vendor produced CVSS scoring) -> One 3rd party bug handling organization we analyzed had 56% of their CVSS scores incorrect.
Also about a third of of network vulnerabilities focused on ICS protocols – the other two-thirds were generic protocols such as http, ftp, which is likely caused by the lack of testing tools in the ICS network as well as researcher skill.
many organizations use public advisory data to either reduce risk or satisfy compliance requirements. Inaccurate advisories mean that these efforts are wasted and that relying upon advisories to prioritize patching or other remediation is not meeting the goal of reducing risk.
Advisories continue to provide generic advice for network-exposed and local-access security vulnerabilities: “Deploy firewalls and use only trusted networks.” However, if end users cannot apply patches due to scheduled patch cycles,
inability to accept downtime, or various other reasons, this generic advice is not meaningful. Deploying new firewalls or changing network architecture is less likely to happen than patching for most facilities, and without clear guidelines on HOW to deploy firewalls it doesn't really help anyway.
Instead, advisories must provide reasonable alternative options. The advice mentioned above does not make sense for local vulnerabilities and is not actionable for network-exposed vulnerabilities. Advisories should contain information pertaining to the service exposing the vulnerability and provide a list of networked systems that require access to the service for proper functionality, either in the advisory or via references to technical documentation
in 2018 it ~60% of advisories that impacted HMI+Field Device+EWS categories, so mitigating those vulns would have little affect on overall security due to the insecure-by-design nature of control systems protocols. these are bugs that affect systems which use insecure protocols. basically if an attacker is at a place on the network where they can even try to use one of these vulnerabilities, it's likely that they could just issue commands directly to the controllers.
Vulnerabilities are classified in two ways - impact and likelihood
We define impact as a loss of view (unable to view/read state) or a loss of control (inability to modify system state).
Vulnerabilities which lead to both a loss of view and control occur in the core of traditional control networks affecting both field devices (PLCs, RTUs, etc.) as well as management devices such as human-machine interface (HMI) systems and engineering workstation (EWS) software. This means that over half (60%) of ICS-related vulnerabilities can cause an operations outage, at least for the component affected by the advisory.
We attribute likelihood to network location – given that the primary attack vector will come from within the enterprise network
High: These are Perimeter-connected or internet-connected and accessible by a non-ICS network. These systems will be connected to Level 4 or Level 3 on the Purdue Model. Historians and firewalls.
Medium: Network devices which will cross-connect multiple networks and are managed from one of the connected networks. Most often occur Purdue Level 2, 3, or a special management network
Low: Your HMIs, EWSs etc. These map to Purdue Level 2 networks.
None: Assets generally several steps from another network, your PLCs, RTUs - Purdue Level 1 networks.
So, the likelihood of these vulnerabilities affecting assets in the Medium, Low, and None categories, your most important assets, is 80%.
Improve advisory accuracy to better inform end users to help make risk mitigation and compliance decisions.
Provide additional, actionable mitigation advice beyond patching or generic security advice to better enable end users who cannot patch due to various restrictions can mitigate vulnerabilities and improve security until patching is practicable.
In 2018, vendors self-reporting vulnerabilities increased in 2018, and the frequency and accuracy improved. Vendor-reported vulnerability advisories tend to be more accurate, so vendors should work internally and cooperate/collaborate with external researchers to provide comprehensive vulnerability advisories.
Most advisories covered generic protocols such as HTTP, FTP, and proprietary but not ICS-specific protocols. This is likely because security testing tools exist for generic IT protocols. There is still a lack of tools for assisting testers in ICS-specific testing. Vendors and researchers should increase focus on control systems protocol issues and development of ICS protocol testing tools.
Dragos creates ICS threat intelligence from a mix of public and private sources and conveys to our customers via reports and IOC’s
I will focus on four areas of the ICS threat landscape
Activity Groups
Non-ICS specific targeting malware
Midpoint network access
and Supply Chain Infiltration
Dragos categorizes behavior by “activity group,” which is fundamentally a collection of observable elements that include an adversary’s methods of operation, infrastructure used to execute actions, and what targets they focus on. We currently publicly label eight ICS-focused activity groups and track more unlabeled activity of interest. In 2017, we identified 5 groups. In 2018, we added 3 more, XENOTIME, ALLANITE, and RASPITE.
High level -
- RASPITE is linked to newly-identified behavior targeting US electric utilities.
ALLANITE also targets electric utilities in the US, in addition to UK
XENOTIME, the activity group associated with TRISIS, expanded its operations beyond the Middle East - also concerning here is that compromises of ICS vendors beyond Triconix with activity associated with XENOTIME.
- MAGNALLIUM: victimology expanded to additional targets, including entities in Europe and North America. Uses phishing emails purporting to be job advertisements relating to oil and gas companies to gain access to victims’ machines.
- CHRYSENE: Dragos uncovered multiple samples of CHRYSENE-related malware and other activity, indicating the group remains active and is evolving in more than one area, including revising and updating its malicious software toolkit.
CHRYSENE aims to evade existing anti-virus and other detection mechanisms.
- DYMAOLLOY: Dragos identified multiple new malware infections matching DYMALLOY’s behavior. May indicate a potential resurgence of DYMALLOY activity, or a different entity leveraging similar toolsets. This is concerning; the malware Dragos recently identified as part of new activity is only associated with known intrusions into ICS networks.
XENOTIME, the activity group associated with TRISIS, expanded its operations beyond the Middle East, and is now into the US - also concerning here is that in 2018 Dragos identified several compromises of ICS vendors and manufacturers, beyond the Triconex system, by activity associated with XENOTIME
Numerous campaigns leveraged one of several automated mechanisms to spread: an exploit for WANNACRY, credential capture and reuse for NotPetya, and self-propagating first-stage malware to deliver RYUK. This remains a continuing threat. In August 2018, an operational error during software installation at Taiwan Semiconductor Manufacturing Company caused a WannaCry infection and affected over 10,000 machines, leading to a financial impact of at least $250 million.
Olympic Destroyer — the malware known for causing a network disruption during the PyeongChang 2018 Winter Olympic Games — represented another IT-focused malware with the potential to bridge the IT-ICS gap. Although not an immediate threat to ICS networks, Olympic Destroyer provides an example for exploit-less propagation within a victim network paired with a disruptive effect that could cause significant disruption in ICS environments.
In 2019, we saw a new type of ransomware called LockerGoga that impacted operations at multiple ICS-related entities. The infection spread in a new way, by compromising the Microsoft Active Directory service and pushed malicious software to hosts connected to the AD via a Group Policy Object (GPO).
In May, researchers identified malware targeting small office/home office (SOHO) network devices and some commercial equipment that harvested information, stole credentials, and could cause a denial of service. While this malware does not appear to be targeted towards ICS, a Ukrainian chemical plant reportedly identified the malware on its network. The malware alone does not have destructive capabilities, however information gathered could further lead to a damaging attack.
Unfortunately, Dragos assessments occasionally identify SOHO-type equipment in ICS environments as part of “shadow IT” operations. Ensuring a complete and accurate inventory of network devices will aid ICS asset owners and defenders in determining if such equipment is present. Furthermore, such equipment should never be Internet accessible – however, if one is partaking in “shadow IT” operations, an inappropriate or insecure installation is highly probable, with the corresponding possibility of Internet connectivity.
Third-party access to OT networks is a common and necessary component of modern operations. However, when access is granted to vendors and others, can also expose an asset operator to significant risk. Third-party or supply chain compromise leverages explicit trust between parties and bypasses a large part of the security stack, to gain access a target.
Other significant activity of interest involves the compromise of legitimate websites enabling exploitation and access of networks when engineers and operators access these sites or download legitimate-looking software (e.g., ICS watering holes). Activity groups including DYMALLOY and ALLANITE use this method.
Further underscoring potential for third-party infections, the Department of Justice in December indicted alleged members of the APT 10 hacking group in part for accessing companies’ Managed Service Providers (MSPs) to gain access into primary victim networks to steal sensitive information.
Additionally in 2019, we saw the ShadowHammer hacking operation which compromised an ASUS update server and pushed out malicious updates.
Organizations can lower their risk profiles and proactively protect against common attack techniques by performing security best practices. Implement proper security hygiene and the principle of least privilege based on a deep knowledge of the environment.
Defending against a dynamic threat landscape requires adopting a “Whole of Kill Chain” approach, keying in on adversary behaviors from the initial intrusions through second-stage impacts. Defenders can use a mix of modern threat detection strategies including indicator- or behavior-based methods, or approaches relying on modeling and configuration.
Identifying patterns in behavior and malicious activity alongside static operations – can help improve identification of malicious activity within the environment. TBAs help define activity groups, providing analytic identifiers that allow defenders to detect malicious behavior.
ICS threat intelligence can give asset owners and operators actionable information to anticipate and defend against threats by providing visibility into the current landscape, trends, and targeting. Threat intelligence combines information from various sources and expert assessments to form conclusions that decision-makers can use to implement vertical-specific controls that result in effective security postures.
Lastly, lets jump into threat hunting and response.
The Dragos Threat Operations Center (TOC) provides a synopsis of lessons learned in 2018 while proactively hunting for adversaries in industrial environments and responding to industrial intrusions among oil and gas, electric, advanced manufacturing, water, mining, and transportation industries.
- 20% of Dragos engagements were responsive (rapid response and IR retainers leveraged for an incident). These engagements were launched due to suspicion or confirmation an active engagement was underway and response assistance was requested.
- 80% were proactive (assessments, tabletop exercises, MDR, and IR retainers that were not leveraged for an incident). These engagements were launched with no indication or prior suspicion the network was compromised
Why this is important: validates the threat of ICS network compromise, while also showing a proactive trend in industries’ desire to improve and learn more about their environment and defenses
- Dragos’ engagement types throughout 2018 demonstrate the industry is focused on hunting for adversary tradecraft and is also focused on increasing knowledge of their own networks
Allocation of engagement types demonstrates a wide gap in maturity– we’re encouraged by the increasing number of organizations aiming to strengthen defensibility.
Communities are sharing information about what works and what doesn’t
Verticals are getting better, networks are becoming more defensible due to proactive stance
Areas of Improvement:
Formalizing Threat Hunting (proactive) procedures
Identifying gaps in collection using a CMF (Collection Management Framework)
Preparation and action planning for IR events in ICS networks
-
Adversaries are ‘living off the land’ with dwell times over a year in many cases
Proactive assessments help detect unknown threats and gaps in collection & detection
IR plans should be “battle ready” and tested often