MassTLC, profile picture
Uploaded byMassTLC
PPTX, PDF386 views

MassTLC Opening Slides and Simulation Session

The MassTLC Security Conference featured a simulated data breach of WindResources, a wind turbine manufacturer. The breach began when a sales director's computer was infected with malware from a phishing email. An investigation found other infected computers and logs showing customer credentials being accessed from Russia. The breach escalated as stolen data was found online and a customer discovered their personal details exposed. The simulation panel discussed lessons around having an incident response plan, engaging legal and law enforcement, communicating about the breach, and practicing incident response.

Embed presentation

Download to read offline
MassTLC Security Conference COMPREHENSIVE SECURITY – A 3600 VIEW OF YOUR SECURITY PROGRAM Tweet it out @MassTLC #MTLCsecurity
The MA Tech Ecosystem @MassTLC #MTLCSecurity
Thank You to Our Platinum Sponsor 3 Thank You to Our Gold Sponsors @MassTLC #MTLCSecurity Thank You to Our Silver Sponsors
Thanks to Our Global Sponsors @MassTLC #MTLCSecurity
Save the Date! September 14: MassTLC Leadership Awards Gala October 6: Software Development Conference: Data, Development, & Drive November 18: Transform @MassTLC #MTLCSecurity
Welcome Keynote: Dave Mahon, VP & Chief Security Officer, CenturyLink Simulated Breach Breakout Sessions #1 – Harnessing the 3rd Party Ecosystem – Building Your Incident Response Plan Breakout Sessions #2 – User Entity Behavior Analytics – Security Operations Analytics and Reporting – Application Security Networking and Career Fair Today’s Agenda @MassTLC #MTLCSecurity
Keynote Address Dave Mahon CenturyLink @MassTLC #MTLCSecurity
Data Breach Simulation Panel MASSTLC AUGUST 2016
Agenda Introductions Simulation – More details are learned Lessons learned
Simulation We will discuss important topics such as legal disclosure, cyber insurance, incident response plans, communication and working with law enforcement this simulation is ficticous and ……
Our Victim - WindResources WindResources is the global leading manufacturer for wind turbines. Everyone want this technology and some are willing to get it any way possible. WindResources products are network devices. WindResources customers include the government, states and consumers.
How the incident unfolded -WIP A Sales Director, John Doe, has called the WindResources helpdesk to report that his machine is acting sluggishly and that possibly this might be due to a malware infection. He has received an email regarding Nuclear Radiation and has tried unsuccessfully to open the Excel attachment. Triage is performed on John’s computer and it was observed that there are suspicious files in a TEMP folder as well as suspicious processes running. The WindResources SOC Forensics team was engaged to analyze the computer and conclude that it has been compromised. They examine web access (proxy) logs for this computer
Process Steady State • Where you want to be Validation • Validation – Is the event real? • What do I do? It is Real • What is the impact? • Who needs to be involved? • What are the next steps?
Day – 2 thru 5 While the Forensics team was doing their analysis the CERT Incident Coordinator examined email logs. The Incident Coordinator identifies other user from the list affected as well. The coordinator now engages the Forensics team to examine other computers. The forensic analysis of the other computers shows that they are infected by the same malware as was found on first computer. The web access logs obtained earlier also seem to indicate that something may have been uploaded from a machine. One of the files recovered from a computer appears to contain customer login credentials, so the coordinator obtains logs from the system. This showed many customer accounts logging in from Russia. The incident coordinator then escalated to the SOC manager as a critical incident.
Day 5+ One of the company security providers contacted the Cybersecurity team reporting that data has been recovered from a Russian hacker web site. A customer who performed a google search on his own name has found his personal details in a hacker forum.
Lessons Learned Have an incident response plan When to engage Legal Be prepared to communicate Engage in Threat-Sharing Select Points of Contact When to engage Law Enforcement Develop swift messaging Practice!

More Related Content

PPTX
Detecting and Blocking Suspicious Internal Network Traffic
byLogRhythm
 
PPTX
Cloud security live hack - final meetup
byAWS User Group North (Manchester)
 
PDF
BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...
byBlueHat Security Conference
 
PPT
How to Access and Make Use of “Trapped” Cyber Data to Reduce Your Risk
bySurfWatch Labs
 
PDF
2019 04-04-dev secops-software supply chain_fst-2
byCameron Townshend
 
PDF
BlueHat v18 || Modern day entomology - examining the inner workings of the bu...
byBlueHat Security Conference
 
PDF
BlueHat v18 || software supply chain attacks in 2018 - predictions vs reality
byBlueHat Security Conference
 
PDF
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
byPriyanka Aash
 
Detecting and Blocking Suspicious Internal Network Traffic
byLogRhythm
 
Cloud security live hack - final meetup
byAWS User Group North (Manchester)
 
BlueHat v18 || The law of unintended consequences - gdpr impact on cybersecur...
byBlueHat Security Conference
 
How to Access and Make Use of “Trapped” Cyber Data to Reduce Your Risk
bySurfWatch Labs
 
2019 04-04-dev secops-software supply chain_fst-2
byCameron Townshend
 
BlueHat v18 || Modern day entomology - examining the inner workings of the bu...
byBlueHat Security Conference
 
BlueHat v18 || software supply chain attacks in 2018 - predictions vs reality
byBlueHat Security Conference
 
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
byPriyanka Aash
 

What's hot

DOCX
45
byieeeprojectsvadapalani
 
PPTX
User Behavior Analytics And The Benefits To Companies
bySpectorsoft
 
PPTX
Base Metal Forensics
byNapier University
 
PDF
Applying Auto-Data Classification Techniques for Large Data Sets
byPriyanka Aash
 
PDF
JAKU Botnet Analysis
byNapier University
 
PPTX
Crits new one_dark-goffin
byZeev Rabinovich
 
PDF
Wireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical Device
byPriyanka Aash
 
PPTX
Gov Day Sacramento 2015 - User Behavior Analytics
bySplunk
 
PDF
Threat Life Cycle Management
byFujitsu Middle East
 
PPTX
Threat intelligence - nullmeetblr 21st June 2015
byn|u - The Open Security Community
 
PDF
Using indicators to deal with security attacks
byZoho Corporation
 
PDF
Realities of Data Security
byPriyanka Aash
 
PPTX
Splunk Discovery Day Hamburg - Security Session
bySplunk
 
PDF
Lowlands Unite NL 2017 - ATA to Z
byTim De Keukelaere
 
PPTX
Using Splunk at MoneyGram International
bySplunk
 
PDF
The Rise of the Purple Team
byPriyanka Aash
 
PDF
DON'T Use Two-Factor Authentication...Unless You Need It!
byPriyanka Aash
 
PDF
Investigating, Mitigating and Preventing Cyber Attacks with Security Analytics
byIBMGovernmentCA
 
PDF
ThirdEye - LinkedIn's Business-wide monitoring platform
byAkshay Rai
 
45
byieeeprojectsvadapalani
 
User Behavior Analytics And The Benefits To Companies
bySpectorsoft
 
Base Metal Forensics
byNapier University
 
Applying Auto-Data Classification Techniques for Large Data Sets
byPriyanka Aash
 
JAKU Botnet Analysis
byNapier University
 
Crits new one_dark-goffin
byZeev Rabinovich
 
Wireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical Device
byPriyanka Aash
 
Gov Day Sacramento 2015 - User Behavior Analytics
bySplunk
 
Threat Life Cycle Management
byFujitsu Middle East
 
Threat intelligence - nullmeetblr 21st June 2015
byn|u - The Open Security Community
 
Using indicators to deal with security attacks
byZoho Corporation
 
Realities of Data Security
byPriyanka Aash
 
Splunk Discovery Day Hamburg - Security Session
bySplunk
 
Lowlands Unite NL 2017 - ATA to Z
byTim De Keukelaere
 
Using Splunk at MoneyGram International
bySplunk
 
The Rise of the Purple Team
byPriyanka Aash
 
DON'T Use Two-Factor Authentication...Unless You Need It!
byPriyanka Aash
 
Investigating, Mitigating and Preventing Cyber Attacks with Security Analytics
byIBMGovernmentCA
 
ThirdEye - LinkedIn's Business-wide monitoring platform
byAkshay Rai
 

Similar to MassTLC Opening Slides and Simulation Session

PDF
Accelerating OT - A Case Study
byDigital Bond
 
PDF
Today's Cyber Challenges: Methodology to Secure Your Business
byJoAnna Cheshire
 
PDF
Power Plants Security Webinar Presentation
byCertrec
 
PPTX
Building Cyber Resilience: No Safe Harbor
byAdvanced Technology Consulting (ATC)
 
PPT
cyber security incident exercises TTX .ppt
byZharfanHanif
 
PPTX
2016 - Cyber Security for the Public Sector
byScott Geye
 
PPTX
SoCal HIMSS Privacy Security Webinar
byMarty Miller
 
PDF
Cybersecurity for Energy: Moving Beyond Compliance
byEnergySec
 
PDF
Big data Propels SIEM into the era of Security Analytics
byEMC
 
PDF
Implementing An Automated Incident Response Architecture
byPriyanka Aash
 
PPTX
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
byrobbiesamuel
 
PPTX
iuvo Technologies Business & IT Leadership Symposium 2019 - Michael Joseph
byiuvoTechnologies
 
PPTX
Nonprofit Cybersecurity Readiness - Community IT Innovators Webinar
byCommunity IT Innovators
 
PDF
Security Operations Center scenario Interview based Questions
bypriyanshamadhwal2
 
PDF
Explore SOC (Security Operations Center)-based Interview Questions to Unlock ...
byinfosecTrain
 
PDF
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
byAPNIC
 
PDF
Ch5-Incident Response Management.pdfncident Response Management.
bySuhail Qadir Mir
 
PPTX
chapter on Incident Response Management.
bySuhail Qadir Mir
 
PPTX
Tsc2021 cyber-issues
byErnest Staats
 
PPT
December ISSA Meeting Executive Security Presentation
bywhmillerjr
 
Accelerating OT - A Case Study
byDigital Bond
 
Today's Cyber Challenges: Methodology to Secure Your Business
byJoAnna Cheshire
 
Power Plants Security Webinar Presentation
byCertrec
 
Building Cyber Resilience: No Safe Harbor
byAdvanced Technology Consulting (ATC)
 
cyber security incident exercises TTX .ppt
byZharfanHanif
 
2016 - Cyber Security for the Public Sector
byScott Geye
 
SoCal HIMSS Privacy Security Webinar
byMarty Miller
 
Cybersecurity for Energy: Moving Beyond Compliance
byEnergySec
 
Big data Propels SIEM into the era of Security Analytics
byEMC
 
Implementing An Automated Incident Response Architecture
byPriyanka Aash
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
byrobbiesamuel
 
iuvo Technologies Business & IT Leadership Symposium 2019 - Michael Joseph
byiuvoTechnologies
 
Nonprofit Cybersecurity Readiness - Community IT Innovators Webinar
byCommunity IT Innovators
 
Security Operations Center scenario Interview based Questions
bypriyanshamadhwal2
 
Explore SOC (Security Operations Center)-based Interview Questions to Unlock ...
byinfosecTrain
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
byAPNIC
 
Ch5-Incident Response Management.pdfncident Response Management.
bySuhail Qadir Mir
 
chapter on Incident Response Management.
bySuhail Qadir Mir
 
Tsc2021 cyber-issues
byErnest Staats
 
December ISSA Meeting Executive Security Presentation
bywhmillerjr
 

More from MassTLC

PPTX
MassIntelligence 2018: Intelligent Connected Cities
byMassTLC
 
PPTX
MassIntelligence 2018: How to Rapidly Prototype an AI Solution
byMassTLC
 
PPTX
MassIntelligence 2018: Connecting the Nation's Top Fishing Port
byMassTLC
 
PPTX
MassIntelligence 2018: Transportation & Mobility, Alex Wyglinski
byMassTLC
 
PPTX
Andres Corrada-Emmanuel - Ground Truth Problems in Business
byMassTLC
 
PDF
MassTLC product launch campaign strategies, Jason Baudreau, NetBrain
byMassTLC
 
PDF
MassTLC product launch campaign strategies, ben austin, Carbon Black
byMassTLC
 
PDF
Forget about A.G.I. Let's Build Useable Ai Tools!
byMassTLC
 
PDF
Cloud Edge Computing: Beyond the Data Center
byMassTLC
 
PPTX
Old Company - New Technology, Elixir @ the MBTA
byMassTLC
 
PDF
Lisa seacat deluca io t robotics presentation
byMassTLC
 
PPTX
Smart cities thinking outside the box
byMassTLC
 
PPTX
Lily lim data privacy ownership and ethics
byMassTLC
 
PPTX
Abbas bagasra smart ag
byMassTLC
 
PPTX
Ben goodman cybersecurity in the iiot
byMassTLC
 
PPTX
Tom Hopcroft: State of the Tech Economy Key Findings
byMassTLC
 
PPT
Michael Goodman: The State of the State Economy
byMassTLC
 
PDF
MassTLC summit_amacleod_predictiveanalytics
byMassTLC
 
PDF
Brainshark mass tlc brand revitalizaion_final for distribution
byMassTLC
 
PDF
Mass tlc summit-mapping-content-strategy-customer-journey-final (002)
byMassTLC
 
MassIntelligence 2018: Intelligent Connected Cities
byMassTLC
 
MassIntelligence 2018: How to Rapidly Prototype an AI Solution
byMassTLC
 
MassIntelligence 2018: Connecting the Nation's Top Fishing Port
byMassTLC
 
MassIntelligence 2018: Transportation & Mobility, Alex Wyglinski
byMassTLC
 
Andres Corrada-Emmanuel - Ground Truth Problems in Business
byMassTLC
 
MassTLC product launch campaign strategies, Jason Baudreau, NetBrain
byMassTLC
 
MassTLC product launch campaign strategies, ben austin, Carbon Black
byMassTLC
 
Forget about A.G.I. Let's Build Useable Ai Tools!
byMassTLC
 
Cloud Edge Computing: Beyond the Data Center
byMassTLC
 
Old Company - New Technology, Elixir @ the MBTA
byMassTLC
 
Lisa seacat deluca io t robotics presentation
byMassTLC
 
Smart cities thinking outside the box
byMassTLC
 
Lily lim data privacy ownership and ethics
byMassTLC
 
Abbas bagasra smart ag
byMassTLC
 
Ben goodman cybersecurity in the iiot
byMassTLC
 
Tom Hopcroft: State of the Tech Economy Key Findings
byMassTLC
 
Michael Goodman: The State of the State Economy
byMassTLC
 
MassTLC summit_amacleod_predictiveanalytics
byMassTLC
 
Brainshark mass tlc brand revitalizaion_final for distribution
byMassTLC
 
Mass tlc summit-mapping-content-strategy-customer-journey-final (002)
byMassTLC
 

Recently uploaded

PPTX
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
PDF
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
PDF
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
PDF
final.pdf
byomarbishtawi04
 
PDF
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
PDF
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
PDF
Bringing AI into R&D, Taking a Human-Centric Approach / Haim Yadid
byHaim Yadid
 
PDF
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
PDF
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
PPTX
Critique Prompting: The Secret to High-Quality AI Outputs
bySemantic SEO BD
 
PDF
Constraint Collapse and Fidelity Decay in Scaled Language Models
bySemantic Fidelity Lab | A. Jacobs
 
PPTX
Celonis Optimizing your future with process
bydevjeremyappleyard
 
PDF
apidays Paris 2025 | Zero Trust By Design
byapidays
 
PDF
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
PDF
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
 
PDF
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
PDF
Founder & Tech Lead | Web Development & Digital Growth Consultant | Helping B...
byShyamal Das
 
PDF
GenerationAI_Paris_2025_Architecting_Intelligence.pdf
byapidays
 
PPTX
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
PDF
20260212 Security-JAWS activity results for 2025 and activity goals for 2026
byTyphon 666
 
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
final.pdf
byomarbishtawi04
 
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
Bringing AI into R&D, Taking a Human-Centric Approach / Haim Yadid
byHaim Yadid
 
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
Critique Prompting: The Secret to High-Quality AI Outputs
bySemantic SEO BD
 
Constraint Collapse and Fidelity Decay in Scaled Language Models
bySemantic Fidelity Lab | A. Jacobs
 
Celonis Optimizing your future with process
bydevjeremyappleyard
 
apidays Paris 2025 | Zero Trust By Design
byapidays
 
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
 
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
Founder & Tech Lead | Web Development & Digital Growth Consultant | Helping B...
byShyamal Das
 
GenerationAI_Paris_2025_Architecting_Intelligence.pdf
byapidays
 
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
20260212 Security-JAWS activity results for 2025 and activity goals for 2026
byTyphon 666
 

MassTLC Opening Slides and Simulation Session

  • 1.
    MassTLC Security Conference COMPREHENSIVESECURITY – A 3600 VIEW OF YOUR SECURITY PROGRAM Tweet it out @MassTLC #MTLCsecurity
  • 2.
    The MA TechEcosystem @MassTLC #MTLCSecurity
  • 3.
    Thank You toOur Platinum Sponsor 3 Thank You to Our Gold Sponsors @MassTLC #MTLCSecurity Thank You to Our Silver Sponsors
  • 4.
    Thanks to OurGlobal Sponsors @MassTLC #MTLCSecurity
  • 5.
    Save the Date! September14: MassTLC Leadership Awards Gala October 6: Software Development Conference: Data, Development, & Drive November 18: Transform @MassTLC #MTLCSecurity
  • 6.
    Welcome Keynote: Dave Mahon,VP & Chief Security Officer, CenturyLink Simulated Breach Breakout Sessions #1 – Harnessing the 3rd Party Ecosystem – Building Your Incident Response Plan Breakout Sessions #2 – User Entity Behavior Analytics – Security Operations Analytics and Reporting – Application Security Networking and Career Fair Today’s Agenda @MassTLC #MTLCSecurity
  • 7.
  • 8.
    Data Breach SimulationPanel MASSTLC AUGUST 2016
  • 9.
  • 10.
    Simulation We will discussimportant topics such as legal disclosure, cyber insurance, incident response plans, communication and working with law enforcement this simulation is ficticous and ……
  • 11.
    Our Victim -WindResources WindResources is the global leading manufacturer for wind turbines. Everyone want this technology and some are willing to get it any way possible. WindResources products are network devices. WindResources customers include the government, states and consumers.
  • 12.
    How the incidentunfolded -WIP A Sales Director, John Doe, has called the WindResources helpdesk to report that his machine is acting sluggishly and that possibly this might be due to a malware infection. He has received an email regarding Nuclear Radiation and has tried unsuccessfully to open the Excel attachment. Triage is performed on John’s computer and it was observed that there are suspicious files in a TEMP folder as well as suspicious processes running. The WindResources SOC Forensics team was engaged to analyze the computer and conclude that it has been compromised. They examine web access (proxy) logs for this computer
  • 13.
    Process Steady State • Where youwant to be Validation • Validation – Is the event real? • What do I do? It is Real • What is the impact? • Who needs to be involved? • What are the next steps?
  • 14.
    Day – 2thru 5 While the Forensics team was doing their analysis the CERT Incident Coordinator examined email logs. The Incident Coordinator identifies other user from the list affected as well. The coordinator now engages the Forensics team to examine other computers. The forensic analysis of the other computers shows that they are infected by the same malware as was found on first computer. The web access logs obtained earlier also seem to indicate that something may have been uploaded from a machine. One of the files recovered from a computer appears to contain customer login credentials, so the coordinator obtains logs from the system. This showed many customer accounts logging in from Russia. The incident coordinator then escalated to the SOC manager as a critical incident.
  • 15.
    Day 5+ One ofthe company security providers contacted the Cybersecurity team reporting that data has been recovered from a Russian hacker web site. A customer who performed a google search on his own name has found his personal details in a hacker forum.
  • 16.
    Lessons Learned Have anincident response plan When to engage Legal Be prepared to communicate Engage in Threat-Sharing Select Points of Contact When to engage Law Enforcement Develop swift messaging Practice!

Editor's Notes

  • #2 I want to thank you for being here today. For those of you that don’t know me, I manage the Security community for MassTLC. And I’m really happy to be standing up here for our third annual conference.
  • #3 Today where are going to talk a lot about building partnerships and ecosystems within the context of IoT. MassTLC is a catalyst where these partnerships and communities can come together within IoT and the greater tech ecosystem as a whole.
  • #4 Most of our events require the support of our sponsors. And today, we’re thankful to have as our Platinum Sponsor Cisco, as well as our Gold sponsors Bitsight and Raytheon, and silver sponsors CenturyLink and Codiscope, supporting this conference and our Security community.
  • #5 And a thank to MassTLC’s Global Sponsors that provide support all of our events and initiatives throughout the year.
  • #6 While we do have a number of smaller programs happening throughout the fall, which you can see on our website and also in the back of your program book, we have some great larger events coming up including our Leadership Awards Gala happening at the World Trade Center. A fantastic software development conference also happening here at NERD. And then finally a new program called Transform, which will bring together leaders in tech, academia, and policy to explore the transformative ideas that are creating opportunities in the region – and world today.
  • #7 So enough with all of that. Let’s get on with the real reason we are all here. I am really lucky to have such a dedicated advisory board who worked to design a program that really hits home to any company with a digital footprint. Today is all about focusing on security breaches and how companies must not only be vigilant in protecting themselves but also remain vigilant so that when a breach does occur you have the processes in place to manage it.