Abhinav Biswas, profile picture
Uploaded byAbhinav Biswas
PPTX, PDF1,450 views

Modern Cyber Threat Protection techniques for Enterprises

The document outlines various threats to information technology, including advanced persistent threats, zero-day attacks, and ransomware. It emphasizes the importance of protective measures like malware sandboxing, behavior-based classification, and real-time threat intelligence analysis. Additionally, it highlights vulnerabilities related to social media and web-based attacks, as well as strategies for enhancing system security and user awareness.

Embed presentation

Downloaded 19 times
Information Technology Services Division , ITSD - Abhinav Biswas Alt. CISO, NKN Data Centre, Electronics Corporation of India Limited, ECIL Department of Atomic Energy.
Information Technology Services Division , ITSD   • Corporate Threat Landscape   • Signature Based  • Analytics based (Sandboxing & GTI )  • Log Correlation & Big Data Analysis   • Nessus, Acunetix  
Information Technology Services Division , ITSD  Gathers information secretly and sends to another entity without the user's consent.  Stops from using your PC until you pay a certain amount of money (the ransom). e.g. Encryption Ransomware, CryptoLocker  Psychological manipulation of people into performing actions or divulging confidential information.  Act of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.  Voice-over Phishing
Information Technology Services Division , ITSD  A weakness which allows an attacker to reduce a system's information assurance.  A possible danger that might exploit a vulnerability to breach security and thus cause possible harm.  A piece of software or a sequence of commands that takes advantage of a bug or vulnerability.  An attempt to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset. (A realized Threat using an Exploit on Vulnerability is an Attack.)  An observable change to the normal behavior of a system, environment, process, workflow or person.  An event attributable to a root cause. All incidents are events but many events are not incidents. (An Attack is a series of security incidents.)
Information Technology Services Division , ITSD  - Advanced Persistent Threats (APT) - Zero-day Attacks (ZDA) - Smart Mobile Malware (SMM) - Web-based Plug-in Exploits (WPE)  - Free availability of Root-kits, SpamBots, Phishing Tools etc. - Digital Currencies (BitCoin) & Anonymous Payment Services.  - Strategic Government institutions.  - Polymorphism, Dynamic URLs, Virtualization, Cloud, Smart Phone/ Mobiles, Social Sites, BYOD, Internet Of Things (IOT/IPv6)
Information Technology Services Division , ITSD Lure Redirect Exploit Kit Dropper File Call Home Data Theft Recon
Information Technology Services Division , ITSD 7 Social Media Email Mobile Attack Vectors Web Redirects Malware Recon XSS Dropper Files C n CExploit Kits Phishing
Information Technology Services Division , ITSD • 1a) Identify target • 1b) Determine browsing habits • 2) Select favorite website • 3) Compromise and host exploits • 3)Drop malware • 4)Determine target profile • 4)Wait for opportunity to further compromise
Information Technology Services Division , ITSD Internet Customer Attacker Vuln. ADSL Router Changes the DNS server entries in the modem to rogue DNS servers and changes the password of the DSL router Rogue DNS Server Attacker scans for the DSL router and logs onto Admin console via WAN interface by exploiting vulnerabilities in the router firmware or configuration flaws; or by infecting connected computer
Information Technology Services Division , ITSD 3 FORWARD FACING ONLY, LACK OUTBOUND PROTECTION No contextual analysis of Internal Threats. 2 LACK OF REAL-TIME INLINE CONTENT ANALYSIS No Byte-Range Data Packet Analysis for Data Loss/ Theft Detection 4 LACK OF ADVANCED ANALYTICS & ANOMALY DETECTION No Sandboxing in existing UTMs, NGFWs. No SSL packet inspection. 1 PRIMARILY BASED ON SIGNATURE & REPUTATION Signature history cannot keep up with the dynamic future of threats
Information Technology Services Division , ITSD
Information Technology Services Division , ITSD WEB  Content Analysis  Malware Sandbox  Forensic Reports  SSL Inspection  Video Controls EMAIL  Spear-Phishing  URL Sandboxing  Anti-Spam  TLS Encryption  Image Analysis DATA  Content Aware DLP  Drip Data Theft Detection  OCR of Image Text  Geo-Location MOBILE  Cloud Service  Malicious Apps  BYOD Policy  Reporting/Invent ory Monitor Discover Classify DISCOVER MONITOR CLASSIFY PROTECT WHERE WHATWHO HOW ESSENTIAL INFORMATION PROTECTION External Risks Internal Risks
Information Technology Services Division , ITSD
Information Technology Services Division , ITSD (Similar to Bomb Detonation Sandbox) - Tightly controlled access to resources - URL sandbox/File sandbox - Isolated environment/network - Multiple Detection Environment (Virtual Machines) - Customizable & Realistic Virtual environment - Behavior based classification & Risk scoring - Instrumented Forensic Data Collection - Big log Data interpretation - Post-incident data (SIEM - Security Incident Event Management) - Real-time Threat Intelligence (GTI) - Integration with other sources (local/national/international) - PCAP (Packet Capture) & Replay
Information Technology Services Division , ITSD  - Content & Context Aware logs - Device & Application logs, Authentication & IAM log, Endpoint security devices, user identity, location, VA scan data, Netwrk flows, OS events, DB transaction logs  - Remove redundancy.  - Threat Intelligence & Risk Analysis - Behavior Profiling  
Information Technology Services Division , ITSD
Information Technology Services Division , ITSD  - Concept of the network perimeter evaporates - No Physical Segregation across VMs - Web access to all Resources - VM to VM vulnerability exploitation (Colocation of VMs) - Easy Reconfiguration (Lack of Persistence)  - Still a hot research topic - Instance Isolation in Software Defined Data Centre (SDDC) - Homo-morphic encryption based virtual disks. - Randomized Memory Mapping & Distributed Scheduling.
Information Technology Services Division , ITSD
Information Technology Services Division , ITSD
Information Technology Services Division , ITSD • Use Legal software only • Keep upto-date patches and fixes of the Operating System and Application Software • Exercise caution while opening unsolicited emails and do not click on a link embedded within • Open only email attachments from trusted parties • Use latest browsers having capability to detect phishing/ malicious sites • Harden the Operating System • Whitelist the Applications • Deploy software for controlled use of USB Pen Drives.
Information Technology Services Division , ITSD “Let us not look back in anger or look forward in fear, but look around in awareness.”
Information Technology Services Division , ITSD
Information Technology Services Division , ITSD Abhinav Biswas http://abhinav-biswas.appspot.com Alt. CISO, NKN Data Centre, ITSD, IT&TG, ECIL Hyderabad, Electronics Corporation of India Limited, Dept. of Atomic Energy.

More Related Content

PPTX
Insights Into Modern Day Threat Protection
byAbhinav Biswas
 
PPTX
Smart Defense: Strategic Approach to fight contemporary Security, Privacy & A...
byAbhinav Biswas
 
PPTX
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
byAbhinav Biswas
 
PPTX
Attacking the cloud with social engineering
byPeter Wood
 
PPTX
Dark - Side of Internet of Things (IOT)
byAbhinav Biswas
 
PDF
Securing the Internet of Things
byChristopher Frenz
 
PPTX
Privacy and Security in the Internet of Things
byJeff Katz
 
PPTX
ON THE SECURITY AND PRIVACY OF INTERNET OF THINGS ARCHITECTURES
byManisha Luthra
 
Insights Into Modern Day Threat Protection
byAbhinav Biswas
 
Smart Defense: Strategic Approach to fight contemporary Security, Privacy & A...
byAbhinav Biswas
 
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
byAbhinav Biswas
 
Attacking the cloud with social engineering
byPeter Wood
 
Dark - Side of Internet of Things (IOT)
byAbhinav Biswas
 
Securing the Internet of Things
byChristopher Frenz
 
Privacy and Security in the Internet of Things
byJeff Katz
 
ON THE SECURITY AND PRIVACY OF INTERNET OF THINGS ARCHITECTURES
byManisha Luthra
 

What's hot

PPTX
Two factor authentication 2018
byWill Adams
 
PPTX
IoT Security Middleware: evaluating the threats and protecting against them
byNick Allott
 
PDF
Darktrace Proof of Value
byDarktrace
 
DOCX
Cryptography summary
byNi
 
PPTX
IOT privacy and Security
bynoornabi16
 
PPTX
IoT Security: Debunking the "We Aren't THAT Connected" Myth
bySecurity Innovation
 
PDF
Generic threats to mobile application
byVikrant Kansal
 
PPTX
GTB DLP - Content Aware Security Suite
byVCW Security Ltd
 
PPTX
Technical Challenges in Cyber Forensics
byOllie Whitehouse
 
PPTX
Cyber Security
byrahulbhardwaj312501
 
PPTX
Seminar-Two Factor Authentication
byDilip Kr. Jangir
 
PDF
IoT Hardware Teardown, Security Testing & Control Design
byPriyanka Aash
 
PPTX
Data security
bySoumen Mondal
 
PDF
IoT security fresh thinking 2017 sep 9
byArvind Tiwary
 
PPT
Implementing an improved security for collin’s database and telecommuters
byRishabh Gupta
 
PDF
Cyber security and cyber law
byDivyank Jindal
 
PPTX
Securing Your Digital Files from Legal Threats
byAbbie Hosta
 
PDF
Cisco cybersecurity essentials chapter - 2
byMukesh Chinta
 
PPTX
GTB Data Leakage Prevention Use Cases 2014
byRavindran Vasu
 
PDF
BYOD / Mobile-Device Security Guidelines for CxO's
byPatrick Angel - MBA, CISSP(c) CISM(c) CRISC(c) CISA(c)
 
Two factor authentication 2018
byWill Adams
 
IoT Security Middleware: evaluating the threats and protecting against them
byNick Allott
 
Darktrace Proof of Value
byDarktrace
 
Cryptography summary
byNi
 
IOT privacy and Security
bynoornabi16
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
bySecurity Innovation
 
Generic threats to mobile application
byVikrant Kansal
 
GTB DLP - Content Aware Security Suite
byVCW Security Ltd
 
Technical Challenges in Cyber Forensics
byOllie Whitehouse
 
Cyber Security
byrahulbhardwaj312501
 
Seminar-Two Factor Authentication
byDilip Kr. Jangir
 
IoT Hardware Teardown, Security Testing & Control Design
byPriyanka Aash
 
Data security
bySoumen Mondal
 
IoT security fresh thinking 2017 sep 9
byArvind Tiwary
 
Implementing an improved security for collin’s database and telecommuters
byRishabh Gupta
 
Cyber security and cyber law
byDivyank Jindal
 
Securing Your Digital Files from Legal Threats
byAbbie Hosta
 
Cisco cybersecurity essentials chapter - 2
byMukesh Chinta
 
GTB Data Leakage Prevention Use Cases 2014
byRavindran Vasu
 
BYOD / Mobile-Device Security Guidelines for CxO's
byPatrick Angel - MBA, CISSP(c) CISM(c) CRISC(c) CISA(c)
 

Similar to Modern Cyber Threat Protection techniques for Enterprises

PDF
Cyber Security
byNC Military Business Center
 
PPTX
Insider Threat
byAndy Thompson
 
PPTX
On Common Ground: The Overlap of PCI DSS and Data Protection
byTripwire
 
PPT
How to Access and Make Use of “Trapped” Cyber Data to Reduce Your Risk
bySurfWatch Labs
 
PDF
IBM Cyber Threat Analysis
byIBM Government
 
PPTX
Operational Security Intelligence
bySplunk
 
PPTX
Cyber Security Case Studies
byMoksha Kalyan Ram Abhiramula
 
PDF
Advanced Threats and Lateral Movement Detection
byGreg Foss
 
PPTX
Information Security Fundamentals - New Horizons Bulgaria
byNew Horizons Bulgaria
 
PPT
22 need-for-security
byAl Balqa Applied University
 
PDF
Finding the needle in the haystack: how Nestle is leveraging big data to defe...
byBig Data Spain
 
PPTX
Splunk for Security Breakout Session
bySplunk
 
PPTX
EHEv1 Module 01 Information Security Fundamentals.pptx
bybeskarplayer
 
PPT
The need for security
byDhani Ahmad
 
PPTX
Security Operation Center Presentat.pptx
byImranKhan441149
 
PPT
Security Of Information Assets and why it matters.ppt
byhellasassin
 
PPT
IT-Security Awareness and Training session
bysameerroushan
 
PPT
IT Application and its security awareness
byumanggargcse
 
PDF
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
byNorth Texas Chapter of the ISSA
 
PPTX
Intrusion detection system
bySweta Sharma
 
Cyber Security
byNC Military Business Center
 
Insider Threat
byAndy Thompson
 
On Common Ground: The Overlap of PCI DSS and Data Protection
byTripwire
 
How to Access and Make Use of “Trapped” Cyber Data to Reduce Your Risk
bySurfWatch Labs
 
IBM Cyber Threat Analysis
byIBM Government
 
Operational Security Intelligence
bySplunk
 
Cyber Security Case Studies
byMoksha Kalyan Ram Abhiramula
 
Advanced Threats and Lateral Movement Detection
byGreg Foss
 
Information Security Fundamentals - New Horizons Bulgaria
byNew Horizons Bulgaria
 
22 need-for-security
byAl Balqa Applied University
 
Finding the needle in the haystack: how Nestle is leveraging big data to defe...
byBig Data Spain
 
Splunk for Security Breakout Session
bySplunk
 
EHEv1 Module 01 Information Security Fundamentals.pptx
bybeskarplayer
 
The need for security
byDhani Ahmad
 
Security Operation Center Presentat.pptx
byImranKhan441149
 
Security Of Information Assets and why it matters.ppt
byhellasassin
 
IT-Security Awareness and Training session
bysameerroushan
 
IT Application and its security awareness
byumanggargcse
 
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
byNorth Texas Chapter of the ISSA
 
Intrusion detection system
bySweta Sharma
 

Recently uploaded

PDF
Python Automation in Action: Real-World Use Cases and Practical Implementation
byDenys Smirnov
 
PDF
From DeFi POC to Production MVP - A 12-16 Week Blueprint.pdf
byniahiggins21
 
PDF
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
PDF
Title Installing Windows, Linux, MacOS.pdf
byGeraldAbadajos
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 1
byDianaGray10
 
PDF
Configure and Manage Systemd Timers- RHCSA (RH134).pdf
byLinuxCert Guru
 
PDF
AI for Risk Management & Fraud Detection ppt.pdf
byalexmartincaneda
 
PDF
Analyze and Preserve Logs - RHCSA (RH134).pdf
byLinuxCert Guru
 
PDF
Post Quantum Cryptography for Dummies.pdf
byAde Ismail Isnan
 
PDF
CI CD Observability, Metrics and DORA - Shifting Left and Cleaning Up! - Febr...
byPeter Souter
 
PDF
Getting Started with Apache Spark: Big Data Made Simple [Free Meetup]
byHaim Michael
 
PPTX
Retrieval Augmented Generation- The Synergistic Power of Prompt Engineering
bySemantic SEO BD
 
PDF
Post-Hackathon-Learnings-Maximizing-Impact-Beyond-the-Event.pdf
byishantyadav1111
 
PDF
Safer’s Picks: The 5 FME Transformers You Didn’t Know You Needed
bySafe Software
 
PDF
Advanced SELinux Management - RHCSA (RH134).pdf
byLinuxCert Guru
 
PPTX
Beyond the Algorithm: Designing Human-Centric Public Service with AI
byAlan Dix
 
PDF
AI and Zero Trust: What it takes to do it right
byMark Simos
 
PPTX
Introduction-------- to-------ARM Cortex
byPujaSengupta6
 
PDF
How to build hackthon projects from ZERO!
byishantyadav1111
 
PPTX
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
Python Automation in Action: Real-World Use Cases and Practical Implementation
byDenys Smirnov
 
From DeFi POC to Production MVP - A 12-16 Week Blueprint.pdf
byniahiggins21
 
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
Title Installing Windows, Linux, MacOS.pdf
byGeraldAbadajos
 
UiPath Automation Developer Associate Training Series 2026 - Session 1
byDianaGray10
 
Configure and Manage Systemd Timers- RHCSA (RH134).pdf
byLinuxCert Guru
 
AI for Risk Management & Fraud Detection ppt.pdf
byalexmartincaneda
 
Analyze and Preserve Logs - RHCSA (RH134).pdf
byLinuxCert Guru
 
Post Quantum Cryptography for Dummies.pdf
byAde Ismail Isnan
 
CI CD Observability, Metrics and DORA - Shifting Left and Cleaning Up! - Febr...
byPeter Souter
 
Getting Started with Apache Spark: Big Data Made Simple [Free Meetup]
byHaim Michael
 
Retrieval Augmented Generation- The Synergistic Power of Prompt Engineering
bySemantic SEO BD
 
Post-Hackathon-Learnings-Maximizing-Impact-Beyond-the-Event.pdf
byishantyadav1111
 
Safer’s Picks: The 5 FME Transformers You Didn’t Know You Needed
bySafe Software
 
Advanced SELinux Management - RHCSA (RH134).pdf
byLinuxCert Guru
 
Beyond the Algorithm: Designing Human-Centric Public Service with AI
byAlan Dix
 
AI and Zero Trust: What it takes to do it right
byMark Simos
 
Introduction-------- to-------ARM Cortex
byPujaSengupta6
 
How to build hackthon projects from ZERO!
byishantyadav1111
 
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 

Modern Cyber Threat Protection techniques for Enterprises

  • 1.
    Information Technology ServicesDivision , ITSD - Abhinav Biswas Alt. CISO, NKN Data Centre, Electronics Corporation of India Limited, ECIL Department of Atomic Energy.
  • 2.
    Information Technology ServicesDivision , ITSD   • Corporate Threat Landscape   • Signature Based  • Analytics based (Sandboxing & GTI )  • Log Correlation & Big Data Analysis   • Nessus, Acunetix  
  • 3.
    Information Technology ServicesDivision , ITSD  Gathers information secretly and sends to another entity without the user's consent.  Stops from using your PC until you pay a certain amount of money (the ransom). e.g. Encryption Ransomware, CryptoLocker  Psychological manipulation of people into performing actions or divulging confidential information.  Act of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.  Voice-over Phishing
  • 4.
    Information Technology ServicesDivision , ITSD  A weakness which allows an attacker to reduce a system's information assurance.  A possible danger that might exploit a vulnerability to breach security and thus cause possible harm.  A piece of software or a sequence of commands that takes advantage of a bug or vulnerability.  An attempt to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset. (A realized Threat using an Exploit on Vulnerability is an Attack.)  An observable change to the normal behavior of a system, environment, process, workflow or person.  An event attributable to a root cause. All incidents are events but many events are not incidents. (An Attack is a series of security incidents.)
  • 5.
    Information Technology ServicesDivision , ITSD  - Advanced Persistent Threats (APT) - Zero-day Attacks (ZDA) - Smart Mobile Malware (SMM) - Web-based Plug-in Exploits (WPE)  - Free availability of Root-kits, SpamBots, Phishing Tools etc. - Digital Currencies (BitCoin) & Anonymous Payment Services.  - Strategic Government institutions.  - Polymorphism, Dynamic URLs, Virtualization, Cloud, Smart Phone/ Mobiles, Social Sites, BYOD, Internet Of Things (IOT/IPv6)
  • 6.
    Information Technology ServicesDivision , ITSD Lure Redirect Exploit Kit Dropper File Call Home Data Theft Recon
  • 7.
    Information Technology ServicesDivision , ITSD 7 Social Media Email Mobile Attack Vectors Web Redirects Malware Recon XSS Dropper Files C n CExploit Kits Phishing
  • 8.
    Information Technology ServicesDivision , ITSD • 1a) Identify target • 1b) Determine browsing habits • 2) Select favorite website • 3) Compromise and host exploits • 3)Drop malware • 4)Determine target profile • 4)Wait for opportunity to further compromise
  • 9.
    Information Technology ServicesDivision , ITSD Internet Customer Attacker Vuln. ADSL Router Changes the DNS server entries in the modem to rogue DNS servers and changes the password of the DSL router Rogue DNS Server Attacker scans for the DSL router and logs onto Admin console via WAN interface by exploiting vulnerabilities in the router firmware or configuration flaws; or by infecting connected computer
  • 10.
    Information Technology ServicesDivision , ITSD 3 FORWARD FACING ONLY, LACK OUTBOUND PROTECTION No contextual analysis of Internal Threats. 2 LACK OF REAL-TIME INLINE CONTENT ANALYSIS No Byte-Range Data Packet Analysis for Data Loss/ Theft Detection 4 LACK OF ADVANCED ANALYTICS & ANOMALY DETECTION No Sandboxing in existing UTMs, NGFWs. No SSL packet inspection. 1 PRIMARILY BASED ON SIGNATURE & REPUTATION Signature history cannot keep up with the dynamic future of threats
  • 11.
  • 12.
    Information Technology ServicesDivision , ITSD WEB  Content Analysis  Malware Sandbox  Forensic Reports  SSL Inspection  Video Controls EMAIL  Spear-Phishing  URL Sandboxing  Anti-Spam  TLS Encryption  Image Analysis DATA  Content Aware DLP  Drip Data Theft Detection  OCR of Image Text  Geo-Location MOBILE  Cloud Service  Malicious Apps  BYOD Policy  Reporting/Invent ory Monitor Discover Classify DISCOVER MONITOR CLASSIFY PROTECT WHERE WHATWHO HOW ESSENTIAL INFORMATION PROTECTION External Risks Internal Risks
  • 13.
  • 14.
    Information Technology ServicesDivision , ITSD (Similar to Bomb Detonation Sandbox) - Tightly controlled access to resources - URL sandbox/File sandbox - Isolated environment/network - Multiple Detection Environment (Virtual Machines) - Customizable & Realistic Virtual environment - Behavior based classification & Risk scoring - Instrumented Forensic Data Collection - Big log Data interpretation - Post-incident data (SIEM - Security Incident Event Management) - Real-time Threat Intelligence (GTI) - Integration with other sources (local/national/international) - PCAP (Packet Capture) & Replay
  • 15.
    Information Technology ServicesDivision , ITSD  - Content & Context Aware logs - Device & Application logs, Authentication & IAM log, Endpoint security devices, user identity, location, VA scan data, Netwrk flows, OS events, DB transaction logs  - Remove redundancy.  - Threat Intelligence & Risk Analysis - Behavior Profiling  
  • 16.
  • 17.
    Information Technology ServicesDivision , ITSD  - Concept of the network perimeter evaporates - No Physical Segregation across VMs - Web access to all Resources - VM to VM vulnerability exploitation (Colocation of VMs) - Easy Reconfiguration (Lack of Persistence)  - Still a hot research topic - Instance Isolation in Software Defined Data Centre (SDDC) - Homo-morphic encryption based virtual disks. - Randomized Memory Mapping & Distributed Scheduling.
  • 18.
  • 19.
  • 20.
    Information Technology ServicesDivision , ITSD • Use Legal software only • Keep upto-date patches and fixes of the Operating System and Application Software • Exercise caution while opening unsolicited emails and do not click on a link embedded within • Open only email attachments from trusted parties • Use latest browsers having capability to detect phishing/ malicious sites • Harden the Operating System • Whitelist the Applications • Deploy software for controlled use of USB Pen Drives.
  • 21.
    Information Technology ServicesDivision , ITSD “Let us not look back in anger or look forward in fear, but look around in awareness.”
  • 22.
  • 23.
    Information Technology ServicesDivision , ITSD Abhinav Biswas http://abhinav-biswas.appspot.com Alt. CISO, NKN Data Centre, ITSD, IT&TG, ECIL Hyderabad, Electronics Corporation of India Limited, Dept. of Atomic Energy.

Editor's Notes

  • #3 Security Challenges faced by todays security administrators. APT – New model of targetted attacks. Tradition Defense – Why they fail in present scenario? Focus on new technology – SIEM Virtual – New threats emerging from adoption of VMs VA/PT – Why they are necessary?
  • #4 I assume, - Aware of basic terminologies like, malware, virus, trojans, rootkits etc. Spyware - New form of malware. – Very stealthy in nature with No symptoms Social Engg – People are much more social online than offline becoz of platforms lik FB, watsapp. - friendly conversation, digging out sensitive info. Spear-Phishing mail – Online SBI Vishing – Abrupt way of psychological manipulation – Call from MD & send mail
  • #6 APT – Targetted attacks which specific goals 0-day - vulnerabilities which are not yet detected or no patch available. Bad guys. Mobile – App Permissions : Chat App - access to mail, browsing history etc. - Not save Payment credentials. Plugins- Wordpress – developed by third party – not tested Free – Tools like Metasploit Stuxnet – Designed by america in collaboration with Israel for Iraninan nuclear reactors- 0-day flaws of Siemens PLC software - Increased the spinning speed of centrifuges and got burnt, whole plant came down
  • #7 APT – Sophisticated attack targetted to a specific organisation for steal confidential info like IP Not 1 or 3 people – Organisation of people working together It’s not just spread malware and say spread it to 10 million people if there’s a 1% hit that’s fine no. Specific to a particular system or person. Drip data – bit by bit – different locations Strength of a chain depends on weakest link. Weakest link is human, lets see how. Stealthy Can span across a duration of days to years. Common cold vs Cancer
  • #8 Stuxnet- PLC technician went inside with laptops which were infected. They were not aware. Other ways, - Throw Pendrives.
  • #9 Browser fingerprinting. Ads based on browsing history. Discounts on product.
  • #10 www.ipeindia.org How DNS works?
  • #11 How Antivirus works? Only Packet Headers Inspection. Insider threats. Bad guy with malicious intention. Mail Administrators can check mail if not encrypted.
  • #12 3 aspects of Data – CIA App – Unnecessary services & ports Network – NAC, NMS, ECIL SNAS No access to datacentre, DC & DR security
  • #13 Some advanced techniques. Content – Not just headers. Full packet inspection Video - Websense SSH, Remote shell login Drip Data
  • #14 Apart from them, New Advanced Technologies
  • #17 Market leaders – HP & IBM
  • #19 Both Good and Bad guys use it. Ethical hacking.
  • #20 System integrity – Tripwire VPN UTM How much is it worth investing> Criticality of data. Famous Quote – “If someone steals your password, you can change it. But if someone steals your thumbprint, you can’t get a new thumb.”
  • #21 Last part of the presentation.