Next Generation of Data Leakage & Loss Prevention Technologies.
GTB Technologies provides products for data loss prevention in corporate networks and endpoints, in motion and at rest. Its flagship product, the GTB Inspector is a winner of multiple awards and rave reviews in the press .
alon@gttb.com
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Sean Whalen
Respond proactively to threats like a defense contractor. It’s more realistic than you might think!
A practical guide of how to build intelligence-driven cyber defenses using open source software, based on real implementations of best practices, adapted from the Lockheed Martin Cyber Kill Chain model.
Lofty Ideals: The Nature of Clouds and EncryptionSean Whalen
An overview of the legal, privacy, and security issues surrounding modern cloud services and cryptography
Created as an alumnus talk for the Computer & Network Support Technology Fairfield Career Center senior class of 2016.
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Sean Whalen
Respond proactively to threats like a defense contractor. It’s more realistic than you might think!
A practical guide of how to build intelligence-driven cyber defenses using open source software, based on real implementations of best practices, adapted from the Lockheed Martin Cyber Kill Chain model.
Lofty Ideals: The Nature of Clouds and EncryptionSean Whalen
An overview of the legal, privacy, and security issues surrounding modern cloud services and cryptography
Created as an alumnus talk for the Computer & Network Support Technology Fairfield Career Center senior class of 2016.
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...Positive Hack Days
Author: John Bambenek
The cat-and-mouse game between malware researchers and malware operators has been going for years. The defense community is getting faster at responding to growing threats and taking down command and control centers of malware operators before they causes too much damage. Meanwhile, “bad guys” are building multitier redundant architectures utilizing P2P networks, Tor, and domain generation algorithms (DGA) to improve availability of supporting infrastructure against take-down operations. This report will cover the research of both American and Russian analysts into the use of such techniques and what can be learned about the adversaries who use them. Additionally, the speaker will introduce a new tool that helps researchers dig into DGAs.
Praesidio CTO, Sean Cassidy presented at FinDEVr New York 2016 on role-based behavior analytics, using patterns and anomalies in user behavior as indicators of attack. View his slides from the presentation here.
Overview:
It is easy for attackers to beat traditional security measures: antivirus, firewalls, and intrusion detection systems. This is because those methods are akin to blacklisting known bad behavior. Attackers need only to modify their behavior slightly to avoid the blacklist. Anomaly detection, instead models normal user behavior and alerts when attackers deviate from that without any humans specifying what normal behavior is.
So what is anomaly detection, how does it work, and how can you apply it to your network?
Leveraging Mobile & Wireless Technology for Law and Order by Lishoy Bhaskar at c0c0n - International Cyber Security and Policing Conference http://is-ra.org/c0c0n/speakers.html
Implementing security for your library | PLAN Tech Day ConferenceBrian Pichman
When we talk about security for your library, we should understand some of the tools people may use to harm your network and infrastructure. In this session, learn how hackers may hack and ways to protect yourself. IT security is more than just a buzzword; it’s a necessity to understand and implement the correct measures to keep you, your library, and your patrons safe.
La realización de un Test de Intrusión Físico tiene como finalidad conseguir acceso físico a una determinada ubicación, y no es una tarea sencilla. Requiere preparación, investigación, análisis, coordinación, mucha simulación y la aplicación de una metodología flexible que pueda adaptarse a las condiciones particulares de cada objetivo.
Analizar el entorno, evadir todo tipo de sistemas de seguridad física y colaborar en equipo (Red Team), son aspectos fundamentales para lograr la intrusión, y con ello posteriormente, el acceso a equipos, red y un sinfín de datos en las instalaciones del objetivo.Si quieres saber qué es un Red Team y profundizar en la realización de intrusiones físicas, esta es tu charla.
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...Positive Hack Days
Ведущий: Джефф Кац
По прогнозам Cisco, в этом году 25 млрд устройств будут подключены к интернету, а к 2020 году число увеличится вдвое. Планируя разработку решения в сфере Интернета вещей (IoT), вы должны подумать о том, что в один прекрасный день к вам нагрянет ФСБ . Вопрос безопасности пользователей нужно продумать заранее, не следует откладывать его на потом. Докладчик расскажет, как использовать преимущества IoT-продуктов, не ущемляя личных прав ваших клиентов. Доклад сопровождается примерами услуг, в которых конфиденциальность и безопасность были обеспечены в начале разработки.
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...Positive Hack Days
Author: John Bambenek
The cat-and-mouse game between malware researchers and malware operators has been going for years. The defense community is getting faster at responding to growing threats and taking down command and control centers of malware operators before they causes too much damage. Meanwhile, “bad guys” are building multitier redundant architectures utilizing P2P networks, Tor, and domain generation algorithms (DGA) to improve availability of supporting infrastructure against take-down operations. This report will cover the research of both American and Russian analysts into the use of such techniques and what can be learned about the adversaries who use them. Additionally, the speaker will introduce a new tool that helps researchers dig into DGAs.
Praesidio CTO, Sean Cassidy presented at FinDEVr New York 2016 on role-based behavior analytics, using patterns and anomalies in user behavior as indicators of attack. View his slides from the presentation here.
Overview:
It is easy for attackers to beat traditional security measures: antivirus, firewalls, and intrusion detection systems. This is because those methods are akin to blacklisting known bad behavior. Attackers need only to modify their behavior slightly to avoid the blacklist. Anomaly detection, instead models normal user behavior and alerts when attackers deviate from that without any humans specifying what normal behavior is.
So what is anomaly detection, how does it work, and how can you apply it to your network?
Leveraging Mobile & Wireless Technology for Law and Order by Lishoy Bhaskar at c0c0n - International Cyber Security and Policing Conference http://is-ra.org/c0c0n/speakers.html
Implementing security for your library | PLAN Tech Day ConferenceBrian Pichman
When we talk about security for your library, we should understand some of the tools people may use to harm your network and infrastructure. In this session, learn how hackers may hack and ways to protect yourself. IT security is more than just a buzzword; it’s a necessity to understand and implement the correct measures to keep you, your library, and your patrons safe.
La realización de un Test de Intrusión Físico tiene como finalidad conseguir acceso físico a una determinada ubicación, y no es una tarea sencilla. Requiere preparación, investigación, análisis, coordinación, mucha simulación y la aplicación de una metodología flexible que pueda adaptarse a las condiciones particulares de cada objetivo.
Analizar el entorno, evadir todo tipo de sistemas de seguridad física y colaborar en equipo (Red Team), son aspectos fundamentales para lograr la intrusión, y con ello posteriormente, el acceso a equipos, red y un sinfín de datos en las instalaciones del objetivo.Si quieres saber qué es un Red Team y profundizar en la realización de intrusiones físicas, esta es tu charla.
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...Positive Hack Days
Ведущий: Джефф Кац
По прогнозам Cisco, в этом году 25 млрд устройств будут подключены к интернету, а к 2020 году число увеличится вдвое. Планируя разработку решения в сфере Интернета вещей (IoT), вы должны подумать о том, что в один прекрасный день к вам нагрянет ФСБ . Вопрос безопасности пользователей нужно продумать заранее, не следует откладывать его на потом. Докладчик расскажет, как использовать преимущества IoT-продуктов, не ущемляя личных прав ваших клиентов. Доклад сопровождается примерами услуг, в которых конфиденциальность и безопасность были обеспечены в начале разработки.
Refugees on Rails Berlin - #2 Tech Talk on SecurityGianluca Varisco
#2 Tech Talk on Security @ Refugees on Rails Berlin (Tue 8 Dec 2015)
A Cyber Security walk-through focused on current threats, trends and few predictions for 2016.
Homeland Security - strengthening the weakest linkFlaskdata.io
In the Data security at home workshop we will discuss what happens when files come home and when removable devices and notebooks owned by your employees go to work. We will help clarify the threats and understand the issues of home (land) security and how to get your employees to practice what your preach
Security Visualization - State of 2010 and 2011 PredictionsRaffael Marty
At the recent SANS Incident response and log management summit, I was part of a panel on security visualization. As an introduction, I presented the attached slides on the security visualization trends and where we are today.
I looked at four areas for security visualization: Data, Cloud, Tools, and Security. I started with looking at the log maturity scale that I developed a while ago. Barely any of the present companies could place themselves to the right of correlation point. It's sad, but probably everyone expected it. We have a long way to go with log analysis!
Dudi Matot - CEO at Seculert spoke at AGC 2013 in San Francisco about how security vendors are still trying to sell the old 90s technology,
and are looking under the flashlight instead of using the new technologies that help us to better find advanced persistent threats.
1. Enterprise Data Loss Prevention
The most affordable DLP system in the
space
Alon Refaeli – EMEA Business Development Manager at GTB Technologies Inc.
alon@gttb.com
2. DLP Issues Top Concern for CSOs
Merrill Lynch CISO Survey, June 27, 2007 The 2008 Global Information Security Workforce Study, Frost & Sullivan, April 22, 2008
2
3. The Reality of Today’s Networks
• Web Mail
• File Transfers
• Information • IM
Sharing • Social Networking
• Skype
• Bots
• SAAS
• Virus
• PAAS
• Hackers
• Cloud Computing
• Port Hopping
• Web Apps
• Tunneling
3
4. Threats are Targeting Information
• Business Partners
• Webmail
Leakage
• Social Networking
Uneducated User
• Cloud
Theft
• Nation States
Malicious Insider
• Organized Non-
State Actors (e.g.,
Terrorist groups)
Exfiltration • Organized Crime
External Threat • Advanced Persistent
Actors Threats
Copyright 2011 GTB DLP Suite
5. What the analysts say:
Frost & Sullivan believes that GTB is on track to becoming
the dominant provider of DLP/ILP solutions in the financial
market. World dlp research September 2008
When using fingerprinted data, the catch rate is 100%. If you
have sensitive data on your enterprise you need this
device… you will sleep much better knowing your data is
protected. SC Magazine 2007
Copyright 2011 GTB DLP Suite Slide
6. The GTB DLP components
Network Endpoint eDiscovery
• Scans all • Discover • Scan Desktops
outbound traffic • Protect • Scans file shares
• Highest • Audit • Reports on
accuracy • Control vulnerable files
• Able to block • Content-Aware
Content- • Automatic batch
without a proxy
server
• File format
agnostic
Supports all languages
Centralized policy, reporting and workflow
GTB DLP Suite
Copyright 2011 Slide
7. DLP answers three questions:
1. Who is sending 2. What data is 3. Who is
my data? being sent? receiving my data?
• Insiders • PII • IP address
• Intruders • PHI • Email destination
• Spyware/Viruses • Source Code • Geographic
• IP location
GTB DLP Suite
Copyright 2011 Slide
8. The 8 use-cases for Network DLP
use-
1. Control a broken 2. Demonstrate 3. Automate Email 4. Detect or Block
business process Compliance Encryption encrypted content
•Who is sending, •I have no way of •How do I automate •Should I allow
what data and to enforcing data loss encrypting emails encrypted data to
whom? compliance which require it? leave without
regulation content
inspection?
7. Detect/Block TCP
8. Employees’
5. Severity Blocking 6. Visibility to SSL from non-trusted
non-
Education
users
•Some breaches are •I have no visibility to •How do I detect •My employees are
so severe that I SSL in general and transmissions from not complying with
prefer to altogether HTTPS in particular! non-
non-trusted users the Written
block them! (Malware/Viruses/Tr Information
ojans) Security Policy
(WISP)
Copyright 2011 GTB DLP Suite Slide
9. What data must be protected?
Personal identifiable information (PII)
• Credit card number
• Social security number
• Customer name
• Address
• Telephone number
• Account number/Member number
• PIN or password
• Username & password
• Drivers license number
• Date of birth
Copyright 2011 GTB DLP Suite Slide
10. Fingerprint Detection Engine –Structured Data
The most accurate detection engine in the DLP space
Feature Benefit
Can fingerprint any database Highest flexibility
Multi-field detection No false positives
Automatic fingerprints refresh Easy maintenance and operation
Automatically deletes fingerprints that are no longer
Options for time-based sensitive content
sensitive
Supports user-defined fields Protects your direct business data
Fingerprints 1 million fields in 10 minutes Very high performance
Copyright 2011 GTB DLP Suite Slide 10
12. Fingerprint Detection Engine – Unstructured Data
The most accurate detection engine in the DLP space
Feature Benefit
Multiple data stream fingerprints using
Allows for partial file match
proprietary algorithm
Options for binary or text detection Detects images inside files
Options for excluded content Detects sensitive data only
Automatically deletes fingerprints that are no longer
Options for time-based sensitive content
sensitive
User defined sensitivity (in bytes) Highest possible control on what is detected
Virtual zero false positive rate Highest accuracy
Multi-language support Files in any language can be protected
Copyright 2011 GTB DLP Suite Slide 12
13. Data Patterns Detection
• Extended REGEX templates out of the box
• Patterns defined through REGEX in PHP
• Lexicons support
• User defined severity level per pattern rule
• Multi field weights and occurrences
• Support for all languages
Copyright 2011 GTB DLP Suite Slide