SlideShare a Scribd company logo

Insights from-NSAs-cybersecurity-threat-operations-center

Priyanka Aash
Priyanka Aash

Dave Hogue provided one of the first in-depth perspectives from a “Day in the Life” of NSA’s Cybersecurity Threat Operations Center (NCTOC)—the mission, threat landscape, and offer best principles for CISOs and other network defenders. Mr. Hogue equipped the audience with actionable insights that they can implement into their daily operations. (Source: RSA Conference USA 2018)

Technology
1 of 16
Download to read offline
SESSION ID: #RSAC Dave Hogue INSIGHTS FROM NSA’S CYBERSECURITY THREAT OPERATIONS CENTER AIR-T08 Technical Director National Security Agency’s Cybersecurity Threat Operations Center
#RSAC NSA CYBERSECURITY | MISSION OVERVIEW SIGNALS INTELLIGENCE Intercept and exploit foreign signals INFORMATION ASSURANCE Defend National Security Systems NEXUS OF NSA AUTHORITIES
#RSAC NSA CYBERSECURITY THREAT OPERATIONS CENTER
#RSAC NSA SECURITY OPERATIONS CENTER FUNCTIONS DISCOVER, PURSUE, AND COUNTER CYBER THREATS DISRUPT CYBER ADVERSARY CAMPAIGNS AND PROGRAMS PROMOTE SHARED SITUATIONAL AWARENESS MANAGE CYBERSECURITY SYSTEMS AND CAPABILITIES COMMAND AND CONTROL OPERATIONS AND EVENTS
#RSAC NSA NETWORK DEFENSE DoDIN Department of Defense Information Networks
#RSAC OCT Yahoo confirms 3 billion accounts hacked in 2013 NOV US Military contractor leaves GBs of data unprotected in Amazon AWS DEC Triton Malware shut downs industrial Middle East Control Systems (ICS) JAN Spectre and Meltdown CPU vulnerabilities FEB Cyber-attack during Olympic Opening Ceremonies MAR German defense network experiences cyber attack Cyber activity continues to become MORE SOPHISTICATED The LEVEL OF EXPERTISE REQUIRED IS DECREASING as sophisticated internet tools become easier to use TREND IS CLEAR: moving from exploitation, to DISRUPTION 2018 ESCALATING CYBER THREATS
#RSAC NSA CYBER THREAT | THE NEW NORMAL Fundamental Shifts in Nation State Activity RUSSIA Their aggressive cyber behavior resembles the show of force we have seen displayed in their geopolitical actions IRAN Remains very sensitive to international political events, which can influence target selection and level of malicious activity DPRK Has always viewed cyber as an effective tool of state power, every conflict will have a cyber dimension CHINA Continues to use cyber espionage as a prime enabler to acquire transformative technologies, as part of their long-term plan to be a global superpower Geopolitical events have drastically altered the operating profile of sophisticated Nation state adversaries
#RSAC NSA CYBER THREAT | CURRENT TRENDS FREQUENCY OF AGGRESSIVE & ESCALATORY DISRUPTIVE CYBER BEHAVIOR In the last year alone, multiple data destruction and ransomware campaigns CONTINUOUS TECHNIQUES TO OVERCOME DEFENSIVE MEASURES ‘Legitimate’ credentials or services rather than relying on traditional malware ASYMMETRIC DAMAGE INFLICTED Correlations exist between major geopolitical events and malicious cyber activity
#RSAC A RETURN TO CYBER DEFENSE BASICS NSA has not responded to an intrusion using a 0-day exploit in the last 24 months 90% of cyber incidents due to human error With ‘Outdated’ Defense Practices such as: 1. Application White-Listing 2. Role based access controls 3. 2-Factor Authentication
#RSAC HOW CAN WE BE MORE PREDICTIVE AND PREVENTATIVE? IMPLEMENTING STRONG DEFENSE POSTURE EFFECTIVE PARNTERSHIPS TO DEVELOP THE FUTURE OF CYBERSECURITY WORKFORCE INNOVATIVE APPROACHES
#RSAC INNOVATION COMES IN MANY FORMS POLICY TECHINCAL COMMUNITY EXPERTISE PEOPLE UK’s National Cyber Security Center (NCSC) establishes a singular focal point for cyber and demonstrates that ‘simple things, done at scale, can have a positive and measurable effect.‘ Artificial Intelligence / Machine Learning – parses vast quantities of data to enable NSA Operations Teams to form a predictive and preventive defensive posture, rather than waiting for alerts to fire. Bug Bounties – DoD leverages talent and expertise of the broader cyber community ; ‘Hack the Air Force’ served as economical and proactive means of eliminating previously undiagnosed flaws NSA recruits from many disciplines. Data and information may become so highly automated that we will need great thinkers to ask questions of data that computers cannot automate INNOVATIVE APPROACHES
#RSAC NSA TOP 5 ACTIONABLE SOC PRINCIPLES INSTITUTE WELL-MANAGED & DEFENDABLE PERIMETERS & GATEWAYS ENSURE VISIBILITY & CONTINUOUS MONITORING OF THE NETWORK TO INCLUDE TRAFFIC & ENDPOINTS HARDEN NETWORKS, ENDPOINTS, & SERVICES TO BEST PRACTICES USE COMPREHENSIVE & AUTOMATED THREAT INTELLIGENCE SOURCES CREATE & FOSTER A CULTURE OF CURIOSITY & EMBRACE INNOVATIVE APPROACHES
#RSAC Top 5 Actionable SOC Principles from NSA • #1 Establish a defendable perimeter • Route traffic through a very finite number of Internet-facing gateways • Reduce the potential attack surface an adversary can potentially exploit • Utilize a combination of IOCs and behavioral/heuristics across host and network-based platforms to see and act upon cyber activity in real time • #2 Ensure visibility across the network • Must encompass all levels of the network to include gateway, midpoint, and endpoints • Pinpoint and isolate actual victims within minutes, not hours • Architect solutions for visibility on sophisticated threats blending into legitimate and encrypted activity
#RSAC Top 5 Actionable SOC Principles from NSA #3 Harden to best practices • Accelerate software and hardware updates ; remove applications/protocols that are no longer vendor-supported • Reminder – NSA has not responded to an intrusion that used a zero-day in over 24 months #4 Use comprehensive threat intelligence and machine learning • Tailor to the network environment – i.e. DoD may encounter different cyber threat activity than a hospital network • Less can be more – use data science and machine learning to reduce SOC alert fatigue • Reserve capacity to proactively hunt for undetected threat activity
#RSAC Top 5 Actionable SOC Principles from NSA #5 Create a culture of curiosity • Seek a holistic understanding of threat activity – avoid basing success on how fast tickets are closed • Think like the adversary and preemptively position defensive actions • Rotate SOC positions and functions – invigorate new advances by challenging and disrupting the status quo
#RSAC Questions? https://www.nsa.gov/resources/cybersecurity-professionals/assets/files/top-5- soc-principles.pdf NSA’s Top 5 Security Operations Center (SOC) Principles Link:

Recommended

Threat intel- -content-curation-organizing-the-path-to-successful-detection
Threat intel- -content-curation-organizing-the-path-to-successful-detectionThreat intel- -content-curation-organizing-the-path-to-successful-detection
Threat intel- -content-curation-organizing-the-path-to-successful-detection
Priyanka Aash
 
Predicting exploitability-forecasts-for-vulnerability-management
Predicting exploitability-forecasts-for-vulnerability-managementPredicting exploitability-forecasts-for-vulnerability-management
Predicting exploitability-forecasts-for-vulnerability-management
Priyanka Aash
 
Soc 2030-socs-are-broken-lets-fix- them
Soc 2030-socs-are-broken-lets-fix- themSoc 2030-socs-are-broken-lets-fix- them
Soc 2030-socs-are-broken-lets-fix- them
Priyanka Aash
 
Pulling our-socs-up
Pulling our-socs-upPulling our-socs-up
Pulling our-socs-up
Priyanka Aash
 
Incident response-in-the-cloud
Incident response-in-the-cloudIncident response-in-the-cloud
Incident response-in-the-cloud
Priyanka Aash
 
The Rise of the Purple Team
The Rise of the Purple TeamThe Rise of the Purple Team
The Rise of the Purple Team
Priyanka Aash
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course content
ShivamSharma909
 
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & RecoveryCLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
Priyanka Aash
 

Recommended

Threat intel- -content-curation-organizing-the-path-to-successful-detection
Threat intel- -content-curation-organizing-the-path-to-successful-detectionThreat intel- -content-curation-organizing-the-path-to-successful-detection
Threat intel- -content-curation-organizing-the-path-to-successful-detection
Priyanka Aash
 
Predicting exploitability-forecasts-for-vulnerability-management
Predicting exploitability-forecasts-for-vulnerability-managementPredicting exploitability-forecasts-for-vulnerability-management
Predicting exploitability-forecasts-for-vulnerability-management
Priyanka Aash
 
Soc 2030-socs-are-broken-lets-fix- them
Soc 2030-socs-are-broken-lets-fix- themSoc 2030-socs-are-broken-lets-fix- them
Soc 2030-socs-are-broken-lets-fix- them
Priyanka Aash
 
Pulling our-socs-up
Pulling our-socs-upPulling our-socs-up
Pulling our-socs-up
Priyanka Aash
 
Incident response-in-the-cloud
Incident response-in-the-cloudIncident response-in-the-cloud
Incident response-in-the-cloud
Priyanka Aash
 
The Rise of the Purple Team
The Rise of the Purple TeamThe Rise of the Purple Team
The Rise of the Purple Team
Priyanka Aash
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course content
ShivamSharma909
 
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & RecoveryCLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
Priyanka Aash
 
Cloud Breach – Preparation and Response
Cloud Breach – Preparation and ResponseCloud Breach – Preparation and Response
Cloud Breach – Preparation and Response
Priyanka Aash
 
DON'T Use Two-Factor Authentication...Unless You Need It!
DON'T Use Two-Factor Authentication...Unless You Need It!DON'T Use Two-Factor Authentication...Unless You Need It!
DON'T Use Two-Factor Authentication...Unless You Need It!
Priyanka Aash
 
Applying Auto-Data Classification Techniques for Large Data Sets
Applying Auto-Data Classification Techniques for Large Data SetsApplying Auto-Data Classification Techniques for Large Data Sets
Applying Auto-Data Classification Techniques for Large Data Sets
Priyanka Aash
 
Orchestrating Software Defined Networks To Disrupt The Apt Kill Chain
Orchestrating Software Defined Networks To Disrupt The Apt Kill ChainOrchestrating Software Defined Networks To Disrupt The Apt Kill Chain
Orchestrating Software Defined Networks To Disrupt The Apt Kill Chain
Priyanka Aash
 
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextThe Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
Priyanka Aash
 
Threat Intelligence Is Like Three Day Potty Training
Threat Intelligence Is Like Three Day Potty TrainingThreat Intelligence Is Like Three Day Potty Training
Threat Intelligence Is Like Three Day Potty Training
Priyanka Aash
 
Wireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical Device
Wireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical DeviceWireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical Device
Wireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical Device
Priyanka Aash
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
Priyanka Aash
 
Confusion and deception new tools for data protection
Confusion and deception new tools for data protectionConfusion and deception new tools for data protection
Confusion and deception new tools for data protection
Priyanka Aash
 
Breaking and entering how and why dhs conducts penetration tests
Breaking and entering how and why dhs conducts penetration testsBreaking and entering how and why dhs conducts penetration tests
Breaking and entering how and why dhs conducts penetration tests
Priyanka Aash
 
Realities of Data Security
Realities of Data SecurityRealities of Data Security
Realities of Data Security
Priyanka Aash
 
Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst
Priyanka Aash
 
Dreaming of IoCs Adding Time Context to Threat Intelligence
Dreaming of IoCs Adding Time Context to Threat IntelligenceDreaming of IoCs Adding Time Context to Threat Intelligence
Dreaming of IoCs Adding Time Context to Threat Intelligence
Priyanka Aash
 
Attacks on Critical Infrastructure: Insights from the “Big Board”
Attacks on Critical Infrastructure: Insights from the “Big Board”Attacks on Critical Infrastructure: Insights from the “Big Board”
Attacks on Critical Infrastructure: Insights from the “Big Board”
Priyanka Aash
 
Continuous Automated Red Teaming (CART) - Bikash Barai
Continuous Automated Red Teaming (CART) - Bikash BaraiContinuous Automated Red Teaming (CART) - Bikash Barai
Continuous Automated Red Teaming (CART) - Bikash Barai
AllanGray11
 
Advances in cloud scale machine learning for cyber-defense
Advances in cloud scale machine learning for cyber-defenseAdvances in cloud scale machine learning for cyber-defense
Advances in cloud scale machine learning for cyber-defense
Priyanka Aash
 
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsSPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
Rod Soto
 
IOCs Are Dead—Long Live IOCs!
IOCs Are Dead—Long Live IOCs!IOCs Are Dead—Long Live IOCs!
IOCs Are Dead—Long Live IOCs!
Priyanka Aash
 
How to Respond to Industrial Intrusions
How to Respond to Industrial Intrusions How to Respond to Industrial Intrusions
How to Respond to Industrial Intrusions
Dragos, Inc.
 
Machine learning cybersecurity boon or boondoggle
Machine learning cybersecurity boon or boondoggleMachine learning cybersecurity boon or boondoggle
Machine learning cybersecurity boon or boondoggle
Priyanka Aash
 
Be the Hunter
Be the Hunter Be the Hunter
Be the Hunter
Rahul Neel Mani
 
Prezentare_RSA.pptx
Prezentare_RSA.pptxPrezentare_RSA.pptx
Prezentare_RSA.pptx
AgusNursidik
 

More Related Content

What's hot

Cloud Breach – Preparation and Response
Cloud Breach – Preparation and ResponseCloud Breach – Preparation and Response
Cloud Breach – Preparation and Response
Priyanka Aash
 
DON'T Use Two-Factor Authentication...Unless You Need It!
DON'T Use Two-Factor Authentication...Unless You Need It!DON'T Use Two-Factor Authentication...Unless You Need It!
DON'T Use Two-Factor Authentication...Unless You Need It!
Priyanka Aash
 
Applying Auto-Data Classification Techniques for Large Data Sets
Applying Auto-Data Classification Techniques for Large Data SetsApplying Auto-Data Classification Techniques for Large Data Sets
Applying Auto-Data Classification Techniques for Large Data Sets
Priyanka Aash
 
Orchestrating Software Defined Networks To Disrupt The Apt Kill Chain
Orchestrating Software Defined Networks To Disrupt The Apt Kill ChainOrchestrating Software Defined Networks To Disrupt The Apt Kill Chain
Orchestrating Software Defined Networks To Disrupt The Apt Kill Chain
Priyanka Aash
 
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextThe Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
Priyanka Aash
 
Threat Intelligence Is Like Three Day Potty Training
Threat Intelligence Is Like Three Day Potty TrainingThreat Intelligence Is Like Three Day Potty Training
Threat Intelligence Is Like Three Day Potty Training
Priyanka Aash
 
Wireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical Device
Wireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical DeviceWireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical Device
Wireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical Device
Priyanka Aash
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
Priyanka Aash
 
Confusion and deception new tools for data protection
Confusion and deception new tools for data protectionConfusion and deception new tools for data protection
Confusion and deception new tools for data protection
Priyanka Aash
 
Breaking and entering how and why dhs conducts penetration tests
Breaking and entering how and why dhs conducts penetration testsBreaking and entering how and why dhs conducts penetration tests
Breaking and entering how and why dhs conducts penetration tests
Priyanka Aash
 
Realities of Data Security
Realities of Data SecurityRealities of Data Security
Realities of Data Security
Priyanka Aash
 
Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst
Priyanka Aash
 
Dreaming of IoCs Adding Time Context to Threat Intelligence
Dreaming of IoCs Adding Time Context to Threat IntelligenceDreaming of IoCs Adding Time Context to Threat Intelligence
Dreaming of IoCs Adding Time Context to Threat Intelligence
Priyanka Aash
 
Attacks on Critical Infrastructure: Insights from the “Big Board”
Attacks on Critical Infrastructure: Insights from the “Big Board”Attacks on Critical Infrastructure: Insights from the “Big Board”
Attacks on Critical Infrastructure: Insights from the “Big Board”
Priyanka Aash
 
Continuous Automated Red Teaming (CART) - Bikash Barai
Continuous Automated Red Teaming (CART) - Bikash BaraiContinuous Automated Red Teaming (CART) - Bikash Barai
Continuous Automated Red Teaming (CART) - Bikash Barai
AllanGray11
 
Advances in cloud scale machine learning for cyber-defense
Advances in cloud scale machine learning for cyber-defenseAdvances in cloud scale machine learning for cyber-defense
Advances in cloud scale machine learning for cyber-defense
Priyanka Aash
 
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsSPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
Rod Soto
 
IOCs Are Dead—Long Live IOCs!
IOCs Are Dead—Long Live IOCs!IOCs Are Dead—Long Live IOCs!
IOCs Are Dead—Long Live IOCs!
Priyanka Aash
 
How to Respond to Industrial Intrusions
How to Respond to Industrial Intrusions How to Respond to Industrial Intrusions
How to Respond to Industrial Intrusions
Dragos, Inc.
 
Machine learning cybersecurity boon or boondoggle
Machine learning cybersecurity boon or boondoggleMachine learning cybersecurity boon or boondoggle
Machine learning cybersecurity boon or boondoggle
Priyanka Aash
 

What's hot (20)

Cloud Breach – Preparation and Response
Cloud Breach – Preparation and ResponseCloud Breach – Preparation and Response
Cloud Breach – Preparation and Response
 
DON'T Use Two-Factor Authentication...Unless You Need It!
DON'T Use Two-Factor Authentication...Unless You Need It!DON'T Use Two-Factor Authentication...Unless You Need It!
DON'T Use Two-Factor Authentication...Unless You Need It!
 
Applying Auto-Data Classification Techniques for Large Data Sets
Applying Auto-Data Classification Techniques for Large Data SetsApplying Auto-Data Classification Techniques for Large Data Sets
Applying Auto-Data Classification Techniques for Large Data Sets
 
Orchestrating Software Defined Networks To Disrupt The Apt Kill Chain
Orchestrating Software Defined Networks To Disrupt The Apt Kill ChainOrchestrating Software Defined Networks To Disrupt The Apt Kill Chain
Orchestrating Software Defined Networks To Disrupt The Apt Kill Chain
 
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextThe Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
 
Threat Intelligence Is Like Three Day Potty Training
Threat Intelligence Is Like Three Day Potty TrainingThreat Intelligence Is Like Three Day Potty Training
Threat Intelligence Is Like Three Day Potty Training
 
Wireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical Device
Wireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical DeviceWireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical Device
Wireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical Device
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
 
Confusion and deception new tools for data protection
Confusion and deception new tools for data protectionConfusion and deception new tools for data protection
Confusion and deception new tools for data protection
 
Breaking and entering how and why dhs conducts penetration tests
Breaking and entering how and why dhs conducts penetration testsBreaking and entering how and why dhs conducts penetration tests
Breaking and entering how and why dhs conducts penetration tests
 
Realities of Data Security
Realities of Data SecurityRealities of Data Security
Realities of Data Security
 
Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst
 
Dreaming of IoCs Adding Time Context to Threat Intelligence
Dreaming of IoCs Adding Time Context to Threat IntelligenceDreaming of IoCs Adding Time Context to Threat Intelligence
Dreaming of IoCs Adding Time Context to Threat Intelligence
 
Attacks on Critical Infrastructure: Insights from the “Big Board”
Attacks on Critical Infrastructure: Insights from the “Big Board”Attacks on Critical Infrastructure: Insights from the “Big Board”
Attacks on Critical Infrastructure: Insights from the “Big Board”
 
Continuous Automated Red Teaming (CART) - Bikash Barai
Continuous Automated Red Teaming (CART) - Bikash BaraiContinuous Automated Red Teaming (CART) - Bikash Barai
Continuous Automated Red Teaming (CART) - Bikash Barai
 
Advances in cloud scale machine learning for cyber-defense
Advances in cloud scale machine learning for cyber-defenseAdvances in cloud scale machine learning for cyber-defense
Advances in cloud scale machine learning for cyber-defense
 
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsSPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
 
IOCs Are Dead—Long Live IOCs!
IOCs Are Dead—Long Live IOCs!IOCs Are Dead—Long Live IOCs!
IOCs Are Dead—Long Live IOCs!
 
How to Respond to Industrial Intrusions
How to Respond to Industrial Intrusions How to Respond to Industrial Intrusions
How to Respond to Industrial Intrusions
 
Machine learning cybersecurity boon or boondoggle
Machine learning cybersecurity boon or boondoggleMachine learning cybersecurity boon or boondoggle
Machine learning cybersecurity boon or boondoggle
 

Similar to Insights from-NSAs-cybersecurity-threat-operations-center

Be the Hunter
Be the Hunter Be the Hunter
Be the Hunter
Rahul Neel Mani
 
Prezentare_RSA.pptx
Prezentare_RSA.pptxPrezentare_RSA.pptx
Prezentare_RSA.pptx
AgusNursidik
 
DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS
DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS
DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS
Cristian Garcia G.
 
CV-SMB-infographic-small
CV-SMB-infographic-smallCV-SMB-infographic-small
CV-SMB-infographic-small
Jeff Geissler
 
RSA ASIA 2014 - Internet of Things
RSA ASIA 2014 - Internet of Things RSA ASIA 2014 - Internet of Things
RSA ASIA 2014 - Internet of Things
Wolfgang Kandek
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Angeloluca Barba
 
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Dragos, Inc.
 
IRJET-Ethical Hacking
IRJET-Ethical HackingIRJET-Ethical Hacking
IRJET-Ethical Hacking
IRJET Journal
 
Recon for the Defender: You Know Nothing (about Your Assets), Jon Snow
Recon for the Defender: You Know Nothing (about Your Assets), Jon SnowRecon for the Defender: You Know Nothing (about Your Assets), Jon Snow
Recon for the Defender: You Know Nothing (about Your Assets), Jon Snow
Priyanka Aash
 
RSA 2018: Recon For the Defender - You know nothing (about your assets)
RSA 2018: Recon For the Defender - You know nothing (about your assets)RSA 2018: Recon For the Defender - You know nothing (about your assets)
RSA 2018: Recon For the Defender - You know nothing (about your assets)
Jonathan Cran
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
itnewsafrica
 
Tenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud SecurityTenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud Security
MarketingArrowECS_CZ
 
Intelligence Driven Threat Detection and Response
Intelligence Driven Threat Detection and ResponseIntelligence Driven Threat Detection and Response
Intelligence Driven Threat Detection and Response
EMC
 
Symantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionSymantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security Solution
DLT Solutions
 
So You Want a Job in Cybersecurity
So You Want a Job in CybersecuritySo You Want a Job in Cybersecurity
So You Want a Job in Cybersecurity
Teri Radichel
 
cybersecurity-careers.pdf
cybersecurity-careers.pdfcybersecurity-careers.pdf
cybersecurity-careers.pdf
RakeshKumar442494
 
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
Happiest Minds Technologies
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
Shah Sheikh
 
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
Amazon Web Services
 
For Critical Infrastructure Protection
For Critical Infrastructure ProtectionFor Critical Infrastructure Protection
For Critical Infrastructure Protection
Priyanka Aash
 

Similar to Insights from-NSAs-cybersecurity-threat-operations-center (20)

Be the Hunter
Be the Hunter Be the Hunter
Be the Hunter
 
Prezentare_RSA.pptx
Prezentare_RSA.pptxPrezentare_RSA.pptx
Prezentare_RSA.pptx
 
DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS
DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS
DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS
 
CV-SMB-infographic-small
CV-SMB-infographic-smallCV-SMB-infographic-small
CV-SMB-infographic-small
 
RSA ASIA 2014 - Internet of Things
RSA ASIA 2014 - Internet of Things RSA ASIA 2014 - Internet of Things
RSA ASIA 2014 - Internet of Things
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
 
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
 
IRJET-Ethical Hacking
IRJET-Ethical HackingIRJET-Ethical Hacking
IRJET-Ethical Hacking
 
Recon for the Defender: You Know Nothing (about Your Assets), Jon Snow
Recon for the Defender: You Know Nothing (about Your Assets), Jon SnowRecon for the Defender: You Know Nothing (about Your Assets), Jon Snow
Recon for the Defender: You Know Nothing (about Your Assets), Jon Snow
 
RSA 2018: Recon For the Defender - You know nothing (about your assets)
RSA 2018: Recon For the Defender - You know nothing (about your assets)RSA 2018: Recon For the Defender - You know nothing (about your assets)
RSA 2018: Recon For the Defender - You know nothing (about your assets)
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Tenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud SecurityTenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud Security
 
Intelligence Driven Threat Detection and Response
Intelligence Driven Threat Detection and ResponseIntelligence Driven Threat Detection and Response
Intelligence Driven Threat Detection and Response
 
Symantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionSymantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security Solution
 
So You Want a Job in Cybersecurity
So You Want a Job in CybersecuritySo You Want a Job in Cybersecurity
So You Want a Job in Cybersecurity
 
cybersecurity-careers.pdf
cybersecurity-careers.pdfcybersecurity-careers.pdf
cybersecurity-careers.pdf
 
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
 
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
 
For Critical Infrastructure Protection
For Critical Infrastructure ProtectionFor Critical Infrastructure Protection
For Critical Infrastructure Protection
 

More from Priyanka Aash

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Priyanka Aash
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
Priyanka Aash
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
Priyanka Aash
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
Priyanka Aash
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
Priyanka Aash
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
Priyanka Aash
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
Priyanka Aash
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Priyanka Aash
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
Priyanka Aash
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
Priyanka Aash
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
Priyanka Aash
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
Priyanka Aash
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
Priyanka Aash
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
Priyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Priyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Priyanka Aash
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Priyanka Aash
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Priyanka Aash
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
Priyanka Aash
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Priyanka Aash
 

More from Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Recently uploaded

Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
Postman
 
Recommendation System using RAG Architecture
Recommendation System using RAG ArchitectureRecommendation System using RAG Architecture
Recommendation System using RAG Architecture
fredae14
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Webinar: Designing a schema for a Data Warehouse
Webinar: Designing a schema for a Data WarehouseWebinar: Designing a schema for a Data Warehouse
Webinar: Designing a schema for a Data Warehouse
Federico Razzoli
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Wask
 

Recently uploaded (20)

Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
 
Recommendation System using RAG Architecture
Recommendation System using RAG ArchitectureRecommendation System using RAG Architecture
Recommendation System using RAG Architecture
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
Webinar: Designing a schema for a Data Warehouse
Webinar: Designing a schema for a Data WarehouseWebinar: Designing a schema for a Data Warehouse
Webinar: Designing a schema for a Data Warehouse
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
 

Insights from-NSAs-cybersecurity-threat-operations-center

  • 1. SESSION ID: #RSAC Dave Hogue INSIGHTS FROM NSA’S CYBERSECURITY THREAT OPERATIONS CENTER AIR-T08 Technical Director National Security Agency’s Cybersecurity Threat Operations Center
  • 2. #RSAC NSA CYBERSECURITY | MISSION OVERVIEW SIGNALS INTELLIGENCE Intercept and exploit foreign signals INFORMATION ASSURANCE Defend National Security Systems NEXUS OF NSA AUTHORITIES
  • 3. #RSAC NSA CYBERSECURITY THREAT OPERATIONS CENTER
  • 4. #RSAC NSA SECURITY OPERATIONS CENTER FUNCTIONS DISCOVER, PURSUE, AND COUNTER CYBER THREATS DISRUPT CYBER ADVERSARY CAMPAIGNS AND PROGRAMS PROMOTE SHARED SITUATIONAL AWARENESS MANAGE CYBERSECURITY SYSTEMS AND CAPABILITIES COMMAND AND CONTROL OPERATIONS AND EVENTS
  • 5. #RSAC NSA NETWORK DEFENSE DoDIN Department of Defense Information Networks
  • 6. #RSAC OCT Yahoo confirms 3 billion accounts hacked in 2013 NOV US Military contractor leaves GBs of data unprotected in Amazon AWS DEC Triton Malware shut downs industrial Middle East Control Systems (ICS) JAN Spectre and Meltdown CPU vulnerabilities FEB Cyber-attack during Olympic Opening Ceremonies MAR German defense network experiences cyber attack Cyber activity continues to become MORE SOPHISTICATED The LEVEL OF EXPERTISE REQUIRED IS DECREASING as sophisticated internet tools become easier to use TREND IS CLEAR: moving from exploitation, to DISRUPTION 2018 ESCALATING CYBER THREATS
  • 7. #RSAC NSA CYBER THREAT | THE NEW NORMAL Fundamental Shifts in Nation State Activity RUSSIA Their aggressive cyber behavior resembles the show of force we have seen displayed in their geopolitical actions IRAN Remains very sensitive to international political events, which can influence target selection and level of malicious activity DPRK Has always viewed cyber as an effective tool of state power, every conflict will have a cyber dimension CHINA Continues to use cyber espionage as a prime enabler to acquire transformative technologies, as part of their long-term plan to be a global superpower Geopolitical events have drastically altered the operating profile of sophisticated Nation state adversaries
  • 8. #RSAC NSA CYBER THREAT | CURRENT TRENDS FREQUENCY OF AGGRESSIVE & ESCALATORY DISRUPTIVE CYBER BEHAVIOR In the last year alone, multiple data destruction and ransomware campaigns CONTINUOUS TECHNIQUES TO OVERCOME DEFENSIVE MEASURES ‘Legitimate’ credentials or services rather than relying on traditional malware ASYMMETRIC DAMAGE INFLICTED Correlations exist between major geopolitical events and malicious cyber activity
  • 9. #RSAC A RETURN TO CYBER DEFENSE BASICS NSA has not responded to an intrusion using a 0-day exploit in the last 24 months 90% of cyber incidents due to human error With ‘Outdated’ Defense Practices such as: 1. Application White-Listing 2. Role based access controls 3. 2-Factor Authentication
  • 10. #RSAC HOW CAN WE BE MORE PREDICTIVE AND PREVENTATIVE? IMPLEMENTING STRONG DEFENSE POSTURE EFFECTIVE PARNTERSHIPS TO DEVELOP THE FUTURE OF CYBERSECURITY WORKFORCE INNOVATIVE APPROACHES
  • 11. #RSAC INNOVATION COMES IN MANY FORMS POLICY TECHINCAL COMMUNITY EXPERTISE PEOPLE UK’s National Cyber Security Center (NCSC) establishes a singular focal point for cyber and demonstrates that ‘simple things, done at scale, can have a positive and measurable effect.‘ Artificial Intelligence / Machine Learning – parses vast quantities of data to enable NSA Operations Teams to form a predictive and preventive defensive posture, rather than waiting for alerts to fire. Bug Bounties – DoD leverages talent and expertise of the broader cyber community ; ‘Hack the Air Force’ served as economical and proactive means of eliminating previously undiagnosed flaws NSA recruits from many disciplines. Data and information may become so highly automated that we will need great thinkers to ask questions of data that computers cannot automate INNOVATIVE APPROACHES
  • 12. #RSAC NSA TOP 5 ACTIONABLE SOC PRINCIPLES INSTITUTE WELL-MANAGED & DEFENDABLE PERIMETERS & GATEWAYS ENSURE VISIBILITY & CONTINUOUS MONITORING OF THE NETWORK TO INCLUDE TRAFFIC & ENDPOINTS HARDEN NETWORKS, ENDPOINTS, & SERVICES TO BEST PRACTICES USE COMPREHENSIVE & AUTOMATED THREAT INTELLIGENCE SOURCES CREATE & FOSTER A CULTURE OF CURIOSITY & EMBRACE INNOVATIVE APPROACHES
  • 13. #RSAC Top 5 Actionable SOC Principles from NSA • #1 Establish a defendable perimeter • Route traffic through a very finite number of Internet-facing gateways • Reduce the potential attack surface an adversary can potentially exploit • Utilize a combination of IOCs and behavioral/heuristics across host and network-based platforms to see and act upon cyber activity in real time • #2 Ensure visibility across the network • Must encompass all levels of the network to include gateway, midpoint, and endpoints • Pinpoint and isolate actual victims within minutes, not hours • Architect solutions for visibility on sophisticated threats blending into legitimate and encrypted activity
  • 14. #RSAC Top 5 Actionable SOC Principles from NSA #3 Harden to best practices • Accelerate software and hardware updates ; remove applications/protocols that are no longer vendor-supported • Reminder – NSA has not responded to an intrusion that used a zero-day in over 24 months #4 Use comprehensive threat intelligence and machine learning • Tailor to the network environment – i.e. DoD may encounter different cyber threat activity than a hospital network • Less can be more – use data science and machine learning to reduce SOC alert fatigue • Reserve capacity to proactively hunt for undetected threat activity
  • 15. #RSAC Top 5 Actionable SOC Principles from NSA #5 Create a culture of curiosity • Seek a holistic understanding of threat activity – avoid basing success on how fast tickets are closed • Think like the adversary and preemptively position defensive actions • Rotate SOC positions and functions – invigorate new advances by challenging and disrupting the status quo