SlideShare a Scribd company logo

Meletis Belsis -CSIRTs

Download as PPT, PDF
Meletis Belsis MPhil/MRes/BSc
Meletis Belsis MPhil/MRes/BSc

An only research on how to use the CORBA middle-ware to create a worldwide CSIRT databast

Technology
1 of 14
A Computer SecurityA Computer Security Incident Response Team’sIncident Response Team’s Support SystemSupport System Meletis A. Belsis, Anthony N. Godwin, Leon SmalovMeletis A. Belsis, Anthony N. Godwin, Leon Smalov Coventry University, 2002Coventry University, 2002
Computer Crime and CSIRTsComputer Crime and CSIRTs  Today computer crime is on the rise. Adversaries attackToday computer crime is on the rise. Adversaries attack corporate systems daily.corporate systems daily.  To provide adequate security support, Computer SecurityTo provide adequate security support, Computer Security Incident Response Teams (CSIRT) have been assembled.Incident Response Teams (CSIRT) have been assembled.  Their job is to gather and organize information coming fromTheir job is to gather and organize information coming from security incidents.security incidents.  Along with that CSIRTs provide security advice and help toAlong with that CSIRTs provide security advice and help to identify the perpetrators.identify the perpetrators.  The Security Incident information is used to statistically analyzeThe Security Incident information is used to statistically analyze computer crime, to assist enterprises in protecting themselvescomputer crime, to assist enterprises in protecting themselves against knownagainst known security holessecurity holes and for educational purposes.and for educational purposes.
CSIRTsCSIRTs  Currently there are a number of CSIRT teams. Examples of suchCurrently there are a number of CSIRT teams. Examples of such include CERT/CC, CIAC and also theinclude CERT/CC, CIAC and also the CERIAS LaboratoryCERIAS Laboratory..  Each one of these is using their own techniques, tools, policiesEach one of these is using their own techniques, tools, policies and provide a number of different functions to its registeredand provide a number of different functions to its registered users.users.  Currently large scale enterprises try to develop their own internalCurrently large scale enterprises try to develop their own internal CSIRT to handle incidents that take place within the corporateCSIRT to handle incidents that take place within the corporate IT infrastructures.IT infrastructures.  Building a CSIRT includes providing solution to a number ofBuilding a CSIRT includes providing solution to a number of managerial and technical problems. Two of the technicalmanagerial and technical problems. Two of the technical problems are:problems are:  the type and structure of data that need to storedthe type and structure of data that need to stored  the way this data is going to be gathered and accessedthe way this data is going to be gathered and accessed
Current Incident Data StructuresCurrent Incident Data Structures  Every CSIRT is using their own data structures to store details ofEvery CSIRT is using their own data structures to store details of the security breaches that have taken place.the security breaches that have taken place.  Generally these are concentrated in storing technical details thatGenerally these are concentrated in storing technical details that an incident includes. The technical details of an attack are usefulan incident includes. The technical details of an attack are useful to the technical expertise but are far from useful to corporateto the technical expertise but are far from useful to corporate managers.managers.  The last few years new trends in hacking has sought forThe last few years new trends in hacking has sought for collaboration between the CSIRTs.collaboration between the CSIRTs.  CSIRTs from around the world need to collaborate and compareCSIRTs from around the world need to collaborate and compare their information in order to trace attacks that take place in atheir information in order to trace attacks that take place in a number of system simultaneously.number of system simultaneously.
Current Incident Data StructuresCurrent Incident Data Structures  Based on the current incident data structures automaticBased on the current incident data structures automatic collaboration is impossible.collaboration is impossible.  This collaboration is currently taking place using telephones orThis collaboration is currently taking place using telephones or emails which is a slow process.emails which is a slow process.  A couple of solutions that proposed a common structure are stillA couple of solutions that proposed a common structure are still in a research stage.in a research stage.  Examples of such are theExamples of such are the European proposal, ProjectEuropean proposal, Project S2003S2003 andand thethe Incident Object Description and Exchange FormatIncident Object Description and Exchange Format (IODEF(IODEF).).  The authors of this paper have presented their own views in aThe authors of this paper have presented their own views in a paper presented at the IFIP/Sec 2002 conference in Cairo.paper presented at the IFIP/Sec 2002 conference in Cairo.
Reporting Security IncidentsReporting Security Incidents  The way that incident are reported and accessed isThe way that incident are reported and accessed is essential.essential.  Current CSIRTs use off line mediums or the WEB toCurrent CSIRTs use off line mediums or the WEB to allow for new incidents to be stored and/or to allowallow for new incidents to be stored and/or to allow individuals to access this data.individuals to access this data.  The off line mediums are quite insufficient and makeThe off line mediums are quite insufficient and make the technical experts uncomfortable.the technical experts uncomfortable.  Managing the security of the incident dataManaging the security of the incident data (Confidentiality, Integrity and Availability (CIA)) when(Confidentiality, Integrity and Availability (CIA)) when accessed with the previous method is difficultaccessed with the previous method is difficult
Limitations of the WEBLimitations of the WEB  The WEB is insecure. CSIRT can provide only a fraction of theThe WEB is insecure. CSIRT can provide only a fraction of the actual information stored for every incident.actual information stored for every incident.  The queries used to search the DB are predetermined. There isThe queries used to search the DB are predetermined. There is no spaceno space for smart queries (i.e. Show all incidents that had as targetfor smart queries (i.e. Show all incidents that had as target an Apache Server).an Apache Server).  Users depending on their role need to see different types ofUsers depending on their role need to see different types of incident data. E.g. Security experts need to know the protocolsincident data. E.g. Security experts need to know the protocols that were used to attack a system. Managers need to know thethat were used to attack a system. Managers need to know the time it took to recuperate from the attack.time it took to recuperate from the attack.  Current interfaces do not allow the development of data views.Current interfaces do not allow the development of data views.
The CORBA approachThe CORBA approach  CORBA has widelyCORBA has widely proposed and used toproposed and used to access databases.access databases.  CORBA allows accessCORBA allows access from both standalonefrom both standalone applications and webapplications and web based ones.based ones.  CORBA provides aCORBA provides a number of securitynumber of security objects that are adequateobjects that are adequate to fulfill the CIA Model.to fulfill the CIA Model. Client Object Server Object Object Request Broker (ORB) Dynamic Invocation Interface (DII) Interface Definition Language (IDL) Object Adapter (OA) IDL Skeleton Dynamic Skeleton Interface CORBA SERVICES : LifeCycle , Naming, Persistence, Security e.t.c. CORBA FACILITIES : User Interface, Health Care, Financial e.t.c. Operation + Arguments Operation Result + Arguments
Our proposalOur proposal  The new system allows access to the incident DB from both aThe new system allows access to the incident DB from both a Web based interface and a standalone application.Web based interface and a standalone application.  Using this we can connect the main security managementUsing this we can connect the main security management console that companies have, to a security incident DB anywhereconsole that companies have, to a security incident DB anywhere in the world.in the world.  The registration of incidents could be carried out usingThe registration of incidents could be carried out using automated processes by the security software that detects them.automated processes by the security software that detects them.  In addition to this security experts can use the managementIn addition to this security experts can use the management console to access their company’s private security incidentconsole to access their company’s private security incident records and perform statistical analysis.records and perform statistical analysis.
Our ProposalOur Proposal  A Natural Language InterfaceA Natural Language Interface to DB (NLIDB) is used.to DB (NLIDB) is used.  This allows to create realThis allows to create real time complex queries usingtime complex queries using plain English statements.plain English statements.  This allows inexperienceThis allows inexperience users to perform dynamicusers to perform dynamic searches to the DB.searches to the DB.  The NLIDB formats theThe NLIDB formats the results depending on the userresults depending on the user that is currently logged in. Sothat is currently logged in. So we do not overflow managerswe do not overflow managers with technical information orwith technical information or technical experts withtechnical experts with management informationmanagement information
Our ProposalOur Proposal  Using CORBA securityUsing CORBA security services we can protectservices we can protect incident data much moreincident data much more efficiently (i.e. createefficiently (i.e. create better authentication).better authentication).  CSIRT can provide newCSIRT can provide new services on demand.services on demand.
Our ProposalOur Proposal  By using CORBABy using CORBA CSIRTs can interoperateCSIRTs can interoperate more efficiently.more efficiently.  CSIRTs can exchangeCSIRTs can exchange incident informationincident information much easier.much easier.  The system can beThe system can be programmed to automateprogrammed to automate exchanges ofexchanges of information wheninformation when required.required.
ConclusionsConclusions  CSIRTs is one of the best weapons against computer crime.CSIRTs is one of the best weapons against computer crime.  Providing more efficient ways to access incident DBs will allowProviding more efficient ways to access incident DBs will allow to cut the incident response times to a minimum. This can beto cut the incident response times to a minimum. This can be translated into millions of pounds worth of savings.translated into millions of pounds worth of savings.  Interconnecting CSIRTs will create better statistical data,Interconnecting CSIRTs will create better statistical data, identifying new trends of hacking, and this information will alsoidentifying new trends of hacking, and this information will also be used by the authorities for arresting the criminals.be used by the authorities for arresting the criminals.  Future plans of this system will be to automate updates ofFuture plans of this system will be to automate updates of security breaches into security tools like intrusion detectionsecurity breaches into security tools like intrusion detection systems and firewalls that registered enterprises have.systems and firewalls that registered enterprises have.
In Correspondence:In Correspondence: Belsis A. MeletisBelsis A. Meletis DKERG, Coventry University,DKERG, Coventry University, Belsis@Coventry.ac.ukBelsis@Coventry.ac.uk www.mis.cov.ac.uk/Research/DKERG/DKERG.htmlwww.mis.cov.ac.uk/Research/DKERG/DKERG.html

Recommended

Setting up CSIRT
Setting up CSIRTSetting up CSIRT
Setting up CSIRTAPNIC
 
CSIRT_16_Jun
CSIRT_16_JunCSIRT_16_Jun
CSIRT_16_JunCandan BOLUKBAS
 
Day 1 Enisa Setting Up A Csirt
Day 1 Enisa Setting Up A CsirtDay 1 Enisa Setting Up A Csirt
Day 1 Enisa Setting Up A Csirtvngundi
 
Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Hamisi Kibonde
 
Incident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksIncident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksResilient Systems
 
Cert adli wahid_iisf2011
Cert adli wahid_iisf2011Cert adli wahid_iisf2011
Cert adli wahid_iisf2011Directorate of Information Security | Ditjen Aptika
 
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItToday's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItResilient Systems
 
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]APNIC
 

Recommended

Setting up CSIRT
Setting up CSIRTSetting up CSIRT
Setting up CSIRTAPNIC
 
CSIRT_16_Jun
CSIRT_16_JunCSIRT_16_Jun
CSIRT_16_JunCandan BOLUKBAS
 
Day 1 Enisa Setting Up A Csirt
Day 1 Enisa Setting Up A CsirtDay 1 Enisa Setting Up A Csirt
Day 1 Enisa Setting Up A Csirtvngundi
 
Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Hamisi Kibonde
 
Incident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksIncident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksResilient Systems
 
Cert adli wahid_iisf2011
Cert adli wahid_iisf2011Cert adli wahid_iisf2011
Cert adli wahid_iisf2011Directorate of Information Security | Ditjen Aptika
 
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItToday's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItResilient Systems
 
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]APNIC
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...APNIC
 
Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...
Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...
Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...Government Technology and Services Coalition
 
CERT Certification
CERT CertificationCERT Certification
CERT CertificationConferencias FIST
 
Building CSIRT and its competency
Building CSIRT and its competencyBuilding CSIRT and its competency
Building CSIRT and its competencyDidik Partono Rudiarto
 
Meet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and PracticeMeet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and PracticeDragos, Inc.
 
Science of Security: Cyber Ecosystem Attack Analysis Methodology
Science of Security: Cyber Ecosystem Attack Analysis MethodologyScience of Security: Cyber Ecosystem Attack Analysis Methodology
Science of Security: Cyber Ecosystem Attack Analysis MethodologyShawn Riley
 
The State of Threat Detection 2019
The State of Threat Detection 2019The State of Threat Detection 2019
The State of Threat Detection 2019Fidelis Cybersecurity
 
A Strategy for Addressing Cyber Security Challenges
A Strategy for Addressing Cyber Security Challenges A Strategy for Addressing Cyber Security Challenges
A Strategy for Addressing Cyber Security Challenges Cybersecurity Education and Research Centre
 
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk AdvisoryHow COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk AdvisoryCR Group
 
Cyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply ChainCyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply Chainaletarw
 
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...BCM Institute
 
2021 CNCERT International Partnership Conference: Increasing cybersecurity pr...
2021 CNCERT International Partnership Conference: Increasing cybersecurity pr...2021 CNCERT International Partnership Conference: Increasing cybersecurity pr...
2021 CNCERT International Partnership Conference: Increasing cybersecurity pr...APNIC
 
Hunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsHunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsFidelis Cybersecurity
 
Applying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksApplying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksFidelis Cybersecurity
 
Slide Deck – Session 2 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 2 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 2 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 2 – FRSecure CISSP Mentor Program 2017FRSecure
 
You can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainYou can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainFidelis Cybersecurity
 
Extending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSExtending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSFidelis Cybersecurity
 
Threat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchThreat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchFidelis Cybersecurity
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsPeter Wood
 
Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015ITSM Academy, Inc.
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsFrederic Roy-Gobeil, CPA, CGA, M.Tax.
 
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0Happiest Minds Technologies
 

More Related Content

What's hot

UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...APNIC
 
Meet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and PracticeMeet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and PracticeDragos, Inc.
 
Science of Security: Cyber Ecosystem Attack Analysis Methodology
Science of Security: Cyber Ecosystem Attack Analysis MethodologyScience of Security: Cyber Ecosystem Attack Analysis Methodology
Science of Security: Cyber Ecosystem Attack Analysis MethodologyShawn Riley
 
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk AdvisoryHow COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk AdvisoryCR Group
 
Cyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply ChainCyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply Chainaletarw
 
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...BCM Institute
 
2021 CNCERT International Partnership Conference: Increasing cybersecurity pr...
2021 CNCERT International Partnership Conference: Increasing cybersecurity pr...2021 CNCERT International Partnership Conference: Increasing cybersecurity pr...
2021 CNCERT International Partnership Conference: Increasing cybersecurity pr...APNIC
 
Hunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsHunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsFidelis Cybersecurity
 
Applying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksApplying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksFidelis Cybersecurity
 
Slide Deck – Session 2 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 2 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 2 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 2 – FRSecure CISSP Mentor Program 2017FRSecure
 
You can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainYou can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainFidelis Cybersecurity
 
Extending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSExtending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSFidelis Cybersecurity
 
Threat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchThreat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchFidelis Cybersecurity
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsPeter Wood
 
Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015ITSM Academy, Inc.
 

What's hot (20)

UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
 
Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...
Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...
Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...
 
CERT Certification
CERT CertificationCERT Certification
CERT Certification
 
Building CSIRT and its competency
Building CSIRT and its competencyBuilding CSIRT and its competency
Building CSIRT and its competency
 
Meet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and PracticeMeet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and Practice
 
Science of Security: Cyber Ecosystem Attack Analysis Methodology
Science of Security: Cyber Ecosystem Attack Analysis MethodologyScience of Security: Cyber Ecosystem Attack Analysis Methodology
Science of Security: Cyber Ecosystem Attack Analysis Methodology
 
The State of Threat Detection 2019
The State of Threat Detection 2019The State of Threat Detection 2019
The State of Threat Detection 2019
 
A Strategy for Addressing Cyber Security Challenges
A Strategy for Addressing Cyber Security Challenges A Strategy for Addressing Cyber Security Challenges
A Strategy for Addressing Cyber Security Challenges
 
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk AdvisoryHow COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
 
Cyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply ChainCyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply Chain
 
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
 
2021 CNCERT International Partnership Conference: Increasing cybersecurity pr...
2021 CNCERT International Partnership Conference: Increasing cybersecurity pr...2021 CNCERT International Partnership Conference: Increasing cybersecurity pr...
2021 CNCERT International Partnership Conference: Increasing cybersecurity pr...
 
Hunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsHunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systems
 
Applying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksApplying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacks
 
Slide Deck – Session 2 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 2 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 2 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 2 – FRSecure CISSP Mentor Program 2017
 
You can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainYou can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chain
 
Extending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSExtending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWS
 
Threat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchThreat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and Research
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent Threats
 
Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015
 

Similar to Meletis Belsis -CSIRTs

Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsFrederic Roy-Gobeil, CPA, CGA, M.Tax.
 
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0Happiest Minds Technologies
 
MT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in CybersecurityMT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in CybersecurityDell EMC World
 
ONDaSCA: On-demand Network Data Set Creation Application for Intrusion Detect...
ONDaSCA: On-demand Network Data Set Creation Application for Intrusion Detect...ONDaSCA: On-demand Network Data Set Creation Application for Intrusion Detect...
ONDaSCA: On-demand Network Data Set Creation Application for Intrusion Detect...IJCSIS Research Publications
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsZivaro Inc
 
Risk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedRisk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedTiffany Graham
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attackMark Silver
 
What Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultWhat Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultSOCVault
 
An Introduction to zOS Real-time Infrastructure and Security Practices
An Introduction to zOS Real-time Infrastructure and Security PracticesAn Introduction to zOS Real-time Infrastructure and Security Practices
An Introduction to zOS Real-time Infrastructure and Security PracticesJerry Harding
 
How to Audit
How to AuditHow to Audit
How to Auditayousif
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromPROIDEA
 
El contexto de la integración masiva de datos
El contexto de la integración masiva de datosEl contexto de la integración masiva de datos
El contexto de la integración masiva de datosSoftware Guru
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionIvanti
 
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...Amazon Web Services
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with aiBurhan Ahmed
 
Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Chema Alonso
 
Shift Left Security
Shift Left SecurityShift Left Security
Shift Left SecurityBATbern
 

Similar to Meletis Belsis -CSIRTs (20)

Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of Things
 
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
 
MT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in CybersecurityMT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in Cybersecurity
 
ONDaSCA: On-demand Network Data Set Creation Application for Intrusion Detect...
ONDaSCA: On-demand Network Data Set Creation Application for Intrusion Detect...ONDaSCA: On-demand Network Data Set Creation Application for Intrusion Detect...
ONDaSCA: On-demand Network Data Set Creation Application for Intrusion Detect...
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
 
Risk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedRisk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs Provided
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
 
What Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultWhat Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVault
 
An Introduction to zOS Real-time Infrastructure and Security Practices
An Introduction to zOS Real-time Infrastructure and Security PracticesAn Introduction to zOS Real-time Infrastructure and Security Practices
An Introduction to zOS Real-time Infrastructure and Security Practices
 
How to Audit
How to AuditHow to Audit
How to Audit
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin Nystrom
 
El contexto de la integración masiva de datos
El contexto de la integración masiva de datosEl contexto de la integración masiva de datos
El contexto de la integración masiva de datos
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the Union
 
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with ai
 
Case Study.pdf
Case Study.pdfCase Study.pdf
Case Study.pdf
 
4777.team c.final
4777.team c.final4777.team c.final
4777.team c.final
 
Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64
 
Shift Left Security
Shift Left SecurityShift Left Security
Shift Left Security
 

More from Meletis Belsis MPhil/MRes/BSc

Meletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
Meletis Belsis - Wireless Security: Common Protocols and VulnerabilitiesMeletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
Meletis Belsis - Wireless Security: Common Protocols and VulnerabilitiesMeletis Belsis MPhil/MRes/BSc
 
Meletis Belsis - Workflow based Incident Management Model
Meletis Belsis - Workflow based Incident Management ModelMeletis Belsis - Workflow based Incident Management Model
Meletis Belsis - Workflow based Incident Management ModelMeletis Belsis MPhil/MRes/BSc
 
Meletis Belsis - THE MULTIMEDIA APPROACH: AN EXTRA LAYER OF DEFENCE IN THE EN...
Meletis Belsis - THE MULTIMEDIA APPROACH: AN EXTRA LAYER OF DEFENCE IN THE EN...Meletis Belsis - THE MULTIMEDIA APPROACH: AN EXTRA LAYER OF DEFENCE IN THE EN...
Meletis Belsis - THE MULTIMEDIA APPROACH: AN EXTRA LAYER OF DEFENCE IN THE EN...Meletis Belsis MPhil/MRes/BSc
 
Meletis Belsis - Introduction to information security
Meletis Belsis - Introduction to information securityMeletis Belsis - Introduction to information security
Meletis Belsis - Introduction to information securityMeletis Belsis MPhil/MRes/BSc
 
Meletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information securityMeletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information securityMeletis Belsis MPhil/MRes/BSc
 

More from Meletis Belsis MPhil/MRes/BSc (7)

Meletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
Meletis Belsis - Wireless Security: Common Protocols and VulnerabilitiesMeletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
Meletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
 
Meletis Belsis - Workflow based Incident Management Model
Meletis Belsis - Workflow based Incident Management ModelMeletis Belsis - Workflow based Incident Management Model
Meletis Belsis - Workflow based Incident Management Model
 
Meletis Belsis - THE MULTIMEDIA APPROACH: AN EXTRA LAYER OF DEFENCE IN THE EN...
Meletis Belsis - THE MULTIMEDIA APPROACH: AN EXTRA LAYER OF DEFENCE IN THE EN...Meletis Belsis - THE MULTIMEDIA APPROACH: AN EXTRA LAYER OF DEFENCE IN THE EN...
Meletis Belsis - THE MULTIMEDIA APPROACH: AN EXTRA LAYER OF DEFENCE IN THE EN...
 
Meletis Belsis - Introduction to information security
Meletis Belsis - Introduction to information securityMeletis Belsis - Introduction to information security
Meletis Belsis - Introduction to information security
 
Meletis Belsis - Voip security
Meletis Belsis - Voip securityMeletis Belsis - Voip security
Meletis Belsis - Voip security
 
Meletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information securityMeletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information security
 
Meletis Belsis - IMS Security
Meletis Belsis - IMS SecurityMeletis Belsis - IMS Security
Meletis Belsis - IMS Security
 

Recently uploaded

Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 

Recently uploaded (20)

Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 

Meletis Belsis -CSIRTs

  • 1. A Computer SecurityA Computer Security Incident Response Team’sIncident Response Team’s Support SystemSupport System Meletis A. Belsis, Anthony N. Godwin, Leon SmalovMeletis A. Belsis, Anthony N. Godwin, Leon Smalov Coventry University, 2002Coventry University, 2002
  • 2. Computer Crime and CSIRTsComputer Crime and CSIRTs  Today computer crime is on the rise. Adversaries attackToday computer crime is on the rise. Adversaries attack corporate systems daily.corporate systems daily.  To provide adequate security support, Computer SecurityTo provide adequate security support, Computer Security Incident Response Teams (CSIRT) have been assembled.Incident Response Teams (CSIRT) have been assembled.  Their job is to gather and organize information coming fromTheir job is to gather and organize information coming from security incidents.security incidents.  Along with that CSIRTs provide security advice and help toAlong with that CSIRTs provide security advice and help to identify the perpetrators.identify the perpetrators.  The Security Incident information is used to statistically analyzeThe Security Incident information is used to statistically analyze computer crime, to assist enterprises in protecting themselvescomputer crime, to assist enterprises in protecting themselves against knownagainst known security holessecurity holes and for educational purposes.and for educational purposes.
  • 3. CSIRTsCSIRTs  Currently there are a number of CSIRT teams. Examples of suchCurrently there are a number of CSIRT teams. Examples of such include CERT/CC, CIAC and also theinclude CERT/CC, CIAC and also the CERIAS LaboratoryCERIAS Laboratory..  Each one of these is using their own techniques, tools, policiesEach one of these is using their own techniques, tools, policies and provide a number of different functions to its registeredand provide a number of different functions to its registered users.users.  Currently large scale enterprises try to develop their own internalCurrently large scale enterprises try to develop their own internal CSIRT to handle incidents that take place within the corporateCSIRT to handle incidents that take place within the corporate IT infrastructures.IT infrastructures.  Building a CSIRT includes providing solution to a number ofBuilding a CSIRT includes providing solution to a number of managerial and technical problems. Two of the technicalmanagerial and technical problems. Two of the technical problems are:problems are:  the type and structure of data that need to storedthe type and structure of data that need to stored  the way this data is going to be gathered and accessedthe way this data is going to be gathered and accessed
  • 4. Current Incident Data StructuresCurrent Incident Data Structures  Every CSIRT is using their own data structures to store details ofEvery CSIRT is using their own data structures to store details of the security breaches that have taken place.the security breaches that have taken place.  Generally these are concentrated in storing technical details thatGenerally these are concentrated in storing technical details that an incident includes. The technical details of an attack are usefulan incident includes. The technical details of an attack are useful to the technical expertise but are far from useful to corporateto the technical expertise but are far from useful to corporate managers.managers.  The last few years new trends in hacking has sought forThe last few years new trends in hacking has sought for collaboration between the CSIRTs.collaboration between the CSIRTs.  CSIRTs from around the world need to collaborate and compareCSIRTs from around the world need to collaborate and compare their information in order to trace attacks that take place in atheir information in order to trace attacks that take place in a number of system simultaneously.number of system simultaneously.
  • 5. Current Incident Data StructuresCurrent Incident Data Structures  Based on the current incident data structures automaticBased on the current incident data structures automatic collaboration is impossible.collaboration is impossible.  This collaboration is currently taking place using telephones orThis collaboration is currently taking place using telephones or emails which is a slow process.emails which is a slow process.  A couple of solutions that proposed a common structure are stillA couple of solutions that proposed a common structure are still in a research stage.in a research stage.  Examples of such are theExamples of such are the European proposal, ProjectEuropean proposal, Project S2003S2003 andand thethe Incident Object Description and Exchange FormatIncident Object Description and Exchange Format (IODEF(IODEF).).  The authors of this paper have presented their own views in aThe authors of this paper have presented their own views in a paper presented at the IFIP/Sec 2002 conference in Cairo.paper presented at the IFIP/Sec 2002 conference in Cairo.
  • 6. Reporting Security IncidentsReporting Security Incidents  The way that incident are reported and accessed isThe way that incident are reported and accessed is essential.essential.  Current CSIRTs use off line mediums or the WEB toCurrent CSIRTs use off line mediums or the WEB to allow for new incidents to be stored and/or to allowallow for new incidents to be stored and/or to allow individuals to access this data.individuals to access this data.  The off line mediums are quite insufficient and makeThe off line mediums are quite insufficient and make the technical experts uncomfortable.the technical experts uncomfortable.  Managing the security of the incident dataManaging the security of the incident data (Confidentiality, Integrity and Availability (CIA)) when(Confidentiality, Integrity and Availability (CIA)) when accessed with the previous method is difficultaccessed with the previous method is difficult
  • 7. Limitations of the WEBLimitations of the WEB  The WEB is insecure. CSIRT can provide only a fraction of theThe WEB is insecure. CSIRT can provide only a fraction of the actual information stored for every incident.actual information stored for every incident.  The queries used to search the DB are predetermined. There isThe queries used to search the DB are predetermined. There is no spaceno space for smart queries (i.e. Show all incidents that had as targetfor smart queries (i.e. Show all incidents that had as target an Apache Server).an Apache Server).  Users depending on their role need to see different types ofUsers depending on their role need to see different types of incident data. E.g. Security experts need to know the protocolsincident data. E.g. Security experts need to know the protocols that were used to attack a system. Managers need to know thethat were used to attack a system. Managers need to know the time it took to recuperate from the attack.time it took to recuperate from the attack.  Current interfaces do not allow the development of data views.Current interfaces do not allow the development of data views.
  • 8. The CORBA approachThe CORBA approach  CORBA has widelyCORBA has widely proposed and used toproposed and used to access databases.access databases.  CORBA allows accessCORBA allows access from both standalonefrom both standalone applications and webapplications and web based ones.based ones.  CORBA provides aCORBA provides a number of securitynumber of security objects that are adequateobjects that are adequate to fulfill the CIA Model.to fulfill the CIA Model. Client Object Server Object Object Request Broker (ORB) Dynamic Invocation Interface (DII) Interface Definition Language (IDL) Object Adapter (OA) IDL Skeleton Dynamic Skeleton Interface CORBA SERVICES : LifeCycle , Naming, Persistence, Security e.t.c. CORBA FACILITIES : User Interface, Health Care, Financial e.t.c. Operation + Arguments Operation Result + Arguments
  • 9. Our proposalOur proposal  The new system allows access to the incident DB from both aThe new system allows access to the incident DB from both a Web based interface and a standalone application.Web based interface and a standalone application.  Using this we can connect the main security managementUsing this we can connect the main security management console that companies have, to a security incident DB anywhereconsole that companies have, to a security incident DB anywhere in the world.in the world.  The registration of incidents could be carried out usingThe registration of incidents could be carried out using automated processes by the security software that detects them.automated processes by the security software that detects them.  In addition to this security experts can use the managementIn addition to this security experts can use the management console to access their company’s private security incidentconsole to access their company’s private security incident records and perform statistical analysis.records and perform statistical analysis.
  • 10. Our ProposalOur Proposal  A Natural Language InterfaceA Natural Language Interface to DB (NLIDB) is used.to DB (NLIDB) is used.  This allows to create realThis allows to create real time complex queries usingtime complex queries using plain English statements.plain English statements.  This allows inexperienceThis allows inexperience users to perform dynamicusers to perform dynamic searches to the DB.searches to the DB.  The NLIDB formats theThe NLIDB formats the results depending on the userresults depending on the user that is currently logged in. Sothat is currently logged in. So we do not overflow managerswe do not overflow managers with technical information orwith technical information or technical experts withtechnical experts with management informationmanagement information
  • 11. Our ProposalOur Proposal  Using CORBA securityUsing CORBA security services we can protectservices we can protect incident data much moreincident data much more efficiently (i.e. createefficiently (i.e. create better authentication).better authentication).  CSIRT can provide newCSIRT can provide new services on demand.services on demand.
  • 12. Our ProposalOur Proposal  By using CORBABy using CORBA CSIRTs can interoperateCSIRTs can interoperate more efficiently.more efficiently.  CSIRTs can exchangeCSIRTs can exchange incident informationincident information much easier.much easier.  The system can beThe system can be programmed to automateprogrammed to automate exchanges ofexchanges of information wheninformation when required.required.
  • 13. ConclusionsConclusions  CSIRTs is one of the best weapons against computer crime.CSIRTs is one of the best weapons against computer crime.  Providing more efficient ways to access incident DBs will allowProviding more efficient ways to access incident DBs will allow to cut the incident response times to a minimum. This can beto cut the incident response times to a minimum. This can be translated into millions of pounds worth of savings.translated into millions of pounds worth of savings.  Interconnecting CSIRTs will create better statistical data,Interconnecting CSIRTs will create better statistical data, identifying new trends of hacking, and this information will alsoidentifying new trends of hacking, and this information will also be used by the authorities for arresting the criminals.be used by the authorities for arresting the criminals.  Future plans of this system will be to automate updates ofFuture plans of this system will be to automate updates of security breaches into security tools like intrusion detectionsecurity breaches into security tools like intrusion detection systems and firewalls that registered enterprises have.systems and firewalls that registered enterprises have.
  • 14. In Correspondence:In Correspondence: Belsis A. MeletisBelsis A. Meletis DKERG, Coventry University,DKERG, Coventry University, Belsis@Coventry.ac.ukBelsis@Coventry.ac.uk www.mis.cov.ac.uk/Research/DKERG/DKERG.htmlwww.mis.cov.ac.uk/Research/DKERG/DKERG.html