SCYBER addresses an urgent need in cybersecurity training by developing the skills needed to proactively detect and combat cyber threats. The course spends 60% of time in hands-on labs where students monitor, analyze, and respond to actual cyber attacks. It teaches 4 major competencies - monitoring security events, configuring detection/alarming, analyzing traffic for threats, and appropriately responding to incidents. Key differentiators include being system agnostic, lab-heavy, teaching an inside-out approach, ease of entry for security professionals, and helping students understand why things are threats.
The Cost of Doing Nothing: A Ransomware Backup StoryQuest
This on-demand webcast shows you how you shield your organization from such attacks – as well as how to respond if ransomware does penetrate your organization. Baseline Technologies’ Mike Crowley gives you the inside track on how ransomware works and how to lower your risk of ransomware attacks.
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurSkybox Security
Presented at ISSA Cornerstones of Trust June 6, 2012.
No one wants to be the next cyber casualty. Collectively, organizations spend an enormous amount of resources deploying and managing security solutions to block malware, protect data, and keep critical business services operating.
Yet most organizations remain inadequately protected against evolving and dangerous cyber threats. In this session, we will learn to recognize common network attack scenarios and mitigate the combination of misconfigurations, vulnerabilities, access policy violations and other security gaps that can be exploited by sophisticated attackers.
High-profile breaches at Epsilon, Sony, and other enterprise and government networks have dominated the news lately, raising awareness of the need to design effective security strategies against sophisticated attacks and advanced persistent threats (APTs). Many companies struggle with where to begin to develop an effective plan of cyber defense.
During this session we will walk the audience through several attack scenarios using a visual attack explorer tool, highlighting the combination of security gaps that are often used and how to prevent them. Network modeling, vulnerability analysis, access path analysis, and attack simulation will all be introduced and we will show how these analytical tools can be used to quickly and automatically find exposed areas of a network.
The Certified Information Systems Security Professional (CISSP) is Globally Recognized, Vendor – Neutral, Information Security Credential.
The certification qualifies a candidate to effectively create, implement and evaluate the cybersecurity tools and technologies across a diverse work environment.
The Cost of Doing Nothing: A Ransomware Backup StoryQuest
This on-demand webcast shows you how you shield your organization from such attacks – as well as how to respond if ransomware does penetrate your organization. Baseline Technologies’ Mike Crowley gives you the inside track on how ransomware works and how to lower your risk of ransomware attacks.
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurSkybox Security
Presented at ISSA Cornerstones of Trust June 6, 2012.
No one wants to be the next cyber casualty. Collectively, organizations spend an enormous amount of resources deploying and managing security solutions to block malware, protect data, and keep critical business services operating.
Yet most organizations remain inadequately protected against evolving and dangerous cyber threats. In this session, we will learn to recognize common network attack scenarios and mitigate the combination of misconfigurations, vulnerabilities, access policy violations and other security gaps that can be exploited by sophisticated attackers.
High-profile breaches at Epsilon, Sony, and other enterprise and government networks have dominated the news lately, raising awareness of the need to design effective security strategies against sophisticated attacks and advanced persistent threats (APTs). Many companies struggle with where to begin to develop an effective plan of cyber defense.
During this session we will walk the audience through several attack scenarios using a visual attack explorer tool, highlighting the combination of security gaps that are often used and how to prevent them. Network modeling, vulnerability analysis, access path analysis, and attack simulation will all be introduced and we will show how these analytical tools can be used to quickly and automatically find exposed areas of a network.
The Certified Information Systems Security Professional (CISSP) is Globally Recognized, Vendor – Neutral, Information Security Credential.
The certification qualifies a candidate to effectively create, implement and evaluate the cybersecurity tools and technologies across a diverse work environment.
Welcome to the CISSP Mentor Program! What is the CISSP Mentor Program • History: 1st class was 2010; 6 students • Today’s class; 80 students. Why do we do it • Success Stories • Heck, it’s free! If you aren’t satisfied, we’ll refund everything you paid us. We need MORE good information security people!
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Core Security
Vulnerability Assessments, Penetration Tests and Red Teaming – Do you know what these tactics are all about? In this session, we will present our understanding of these practices in terms of when to apply them and what to expect. Nowadays, organizations run on top of hundreds, if not thousands, of Information Technology assets with some of them on premise and others cloud based. Having control over all of this is a challenging task. Based on our extensive experience with securing our customers, I will show what real findings and attack trends look like while hopefully, shedding some light on how to be prepared to resist current attacks.
Domain 3: Security Engineering
Virtualization and Distributed Computing
System Vulnerabilities, Threats and Countermeasures
Cornerstone Cryptographic Concepts
History of Cryptography
Types of Cryptography
Cryptographic Attacks
Implementing Cryptography
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionShah Sheikh
Mohamed Bedewi, Offense Security Division Head and Sr. Penetration Testing Consultant at DTS presented also during one of the security sessions titled - "Your Network in the Eyes of a Hacker – The 0ff3ns!v3 Version" which raised a few eyebrows to say the least. The presentation slides can be found here….
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk AdvisoryCR Group
The novel coronavirus (COVID-19) has changed the way human think and live. COVID-19 has forced people to embrace new practices such as social distancing and remote working.
How to prepare for the CISSP Exam. A presentation created by the (ISC)2 Hellenic Chapter to assist and instruct those in Greece interested in pursuing the CISSP Certification.
The (ISC)2 Hellenic Chapter Team
CONFidence2015: Real World Threat Hunting - Martin NystromPROIDEA
Real World Threat Hunting
Security threats have grown from network annoyances to attacks on sensitive infrastructure; penetrating network perimeters, moving laterally within networks, breaching new device types, and cloaking movements. This presentation will share techniques utilized by Cisco to detect and investigate sophisticated, embedded threats.
The speaker, who has conducted monitoring and investigations on customer networks, will review recent real attacks observed on customer networks, from discovery to remediation, and provide lessons learned. These interactive case examples will highlight how to identify these threats using security intelligence, expert staff, and the Cisco OpenSOC platform.
Examples of attacks and illustrations:
* Sophisticated phishing attacks targeted at customer environments.
* Breaches and data exfiltration resulting from the high-profile HeartBleed and Shellshock vulnerabilities.
* Sophisticated malware targeting financial institutions with the goal of data theft.
* Use of full packet capture to identify data exfiltration.
Solving ICS Cybersecurity Challenges in the Electric IndustryDragos, Inc.
Electric utilities are an integral component of critical infrastructure, and as such, are unique targets for adversaries who aim to disrupt their operations and the day-to-day lives of people who depend on them.
This presentation outlines the experiences of a medium sized US electric utility and how Dragos helped various teams overcome some of their specific OT cyber security challenges.
Vulnerability Management – Opportunities and Challenges!Outpost24
57% percent of companies that has experienced a data breach claimed it was due to an unpatched vulnerability. Vulnerability Management decreases an organizations risk profile significantly.
Trisis in Perspective: Implications for ICS DefendersDragos, Inc.
Discovery of TRISIS/TRITON was a landmark event in the Industrial Control Systems (ICS) security community. It is the fifth known ICS-specific malware (following Stuxnet, Havex, BlackEnergy2, and CRASHOVERRIDE), and the first such malware to specifically target safety instrumented systems. Since identification and public disclosure in early December 2017, much has been written on TRISIS, its operation, and mitigations; however, such mitigations are usually too specific to TRISIS and fall short in assisting defenders with safety systems other than a Schneider Electric Triconex. In May, Dragos discovered that XENOTIME, the activity group behind TRISIS, had expanded its targeting to North America and other safety systems. Given this new data, a generalized approach to safety system defense is critical knowledge for ICS security personnel. This discussion aims to provide such an approach to guarding safety systems. We will provide an overview of the TRISIS malware, including its installation, execution and modification to the controller. Next, we will break down the TRISIS event's specific tactics, techniques and procedures (TTPs) and generalize them across the ICS kill chain. Using this model, we provide present-day actionable defense strategies for asset owners, as well as guidance for forensics, restoration, and recovery should an attack be discovered. We also look to the future and recommend ways in which the state of the art can be improved by vendors and ICS owners to empower defenders with the information they need to stop future attacks.
Learn more here: https://www.dragos.com/blog/trisis/
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...SaraPia5
Do you know Flexential has an extensive, robust, highly mature Professional Security Consulting team with deep and varied bench strength? In this call, you’ll get a brief overview of their portfolio, a focused discussion on Ransomware, with a very specific Solution Flexential offers for this problem. Ransomware is going to continue to be a growing challenge, each of your Customers are struggling with it, and Flexential’s offers a short engagement to help Customers be properly prepared and not pay the Ransom! These engagements can lead to not only greater Security Opportunities, but also to Disaster Recovery, backup solution and strategy discussion, and ultimately great MRR for each of our Partners!
Securing Electric Utility InfrastructureDragos, Inc.
A Case Study on Asset Baselining, Threat Detection, and Response - presented by Tim Watkins, Schweitzer Engineering Laboratories, and Matt Cowell, Dragos.
The webinar – now available on-demand at https://selinc.com/events/on-demand-webinar/126340/ – provides insights on baselining your operation, building cyber defense, and streamlining ongoing management. SEL and Dragos also shared a case study based on a recent joint effort to address key cybersecurity challenges at a mid-sized US electric utility.
Learn more about Dragos at https://dragos.com or follow us at https://twitter.com/dragosinc
Learn more about SEL cybersecurity at https://selinc.com/solutions/security-for-critical-infrastructure/ or follow us at https://twitter.com/SEL_news
Ransomware Has Evolved And So Should Your CompanyVeriato
Ransomware is typically initiated via phishing or social engineering tactics, these attacks often take advantage of human error for the successful delivery of the malware. These criminal organizations are impartial to the size of your organization. They target any company with data, and if you don't pay the ransom, your information could be posted to a public forum or sold on the Dark Web for profit. Most companies unfortunately are forced to pay due to system failure and file corruption.
The scariest about these methods is that the Ransomware doesn't need to be developed by the attackers. Ransomware services can now be purchased on the DarkWeb and used at the Cybercriminal's will (RAAS). As these Ransomware attacks and services evolve, how can companies arm themselves with the right solutions to defend themselves from these evergrowing attacks?
Join us in our latest webinar with Dr. Christine Izuakor (cybersecurity expert) and Jay Godse (head of product dev at Veriato).
Welcome to the CISSP Mentor Program! What is the CISSP Mentor Program • History: 1st class was 2010; 6 students • Today’s class; 80 students. Why do we do it • Success Stories • Heck, it’s free! If you aren’t satisfied, we’ll refund everything you paid us. We need MORE good information security people!
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Core Security
Vulnerability Assessments, Penetration Tests and Red Teaming – Do you know what these tactics are all about? In this session, we will present our understanding of these practices in terms of when to apply them and what to expect. Nowadays, organizations run on top of hundreds, if not thousands, of Information Technology assets with some of them on premise and others cloud based. Having control over all of this is a challenging task. Based on our extensive experience with securing our customers, I will show what real findings and attack trends look like while hopefully, shedding some light on how to be prepared to resist current attacks.
Domain 3: Security Engineering
Virtualization and Distributed Computing
System Vulnerabilities, Threats and Countermeasures
Cornerstone Cryptographic Concepts
History of Cryptography
Types of Cryptography
Cryptographic Attacks
Implementing Cryptography
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionShah Sheikh
Mohamed Bedewi, Offense Security Division Head and Sr. Penetration Testing Consultant at DTS presented also during one of the security sessions titled - "Your Network in the Eyes of a Hacker – The 0ff3ns!v3 Version" which raised a few eyebrows to say the least. The presentation slides can be found here….
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk AdvisoryCR Group
The novel coronavirus (COVID-19) has changed the way human think and live. COVID-19 has forced people to embrace new practices such as social distancing and remote working.
How to prepare for the CISSP Exam. A presentation created by the (ISC)2 Hellenic Chapter to assist and instruct those in Greece interested in pursuing the CISSP Certification.
The (ISC)2 Hellenic Chapter Team
CONFidence2015: Real World Threat Hunting - Martin NystromPROIDEA
Real World Threat Hunting
Security threats have grown from network annoyances to attacks on sensitive infrastructure; penetrating network perimeters, moving laterally within networks, breaching new device types, and cloaking movements. This presentation will share techniques utilized by Cisco to detect and investigate sophisticated, embedded threats.
The speaker, who has conducted monitoring and investigations on customer networks, will review recent real attacks observed on customer networks, from discovery to remediation, and provide lessons learned. These interactive case examples will highlight how to identify these threats using security intelligence, expert staff, and the Cisco OpenSOC platform.
Examples of attacks and illustrations:
* Sophisticated phishing attacks targeted at customer environments.
* Breaches and data exfiltration resulting from the high-profile HeartBleed and Shellshock vulnerabilities.
* Sophisticated malware targeting financial institutions with the goal of data theft.
* Use of full packet capture to identify data exfiltration.
Solving ICS Cybersecurity Challenges in the Electric IndustryDragos, Inc.
Electric utilities are an integral component of critical infrastructure, and as such, are unique targets for adversaries who aim to disrupt their operations and the day-to-day lives of people who depend on them.
This presentation outlines the experiences of a medium sized US electric utility and how Dragos helped various teams overcome some of their specific OT cyber security challenges.
Vulnerability Management – Opportunities and Challenges!Outpost24
57% percent of companies that has experienced a data breach claimed it was due to an unpatched vulnerability. Vulnerability Management decreases an organizations risk profile significantly.
Trisis in Perspective: Implications for ICS DefendersDragos, Inc.
Discovery of TRISIS/TRITON was a landmark event in the Industrial Control Systems (ICS) security community. It is the fifth known ICS-specific malware (following Stuxnet, Havex, BlackEnergy2, and CRASHOVERRIDE), and the first such malware to specifically target safety instrumented systems. Since identification and public disclosure in early December 2017, much has been written on TRISIS, its operation, and mitigations; however, such mitigations are usually too specific to TRISIS and fall short in assisting defenders with safety systems other than a Schneider Electric Triconex. In May, Dragos discovered that XENOTIME, the activity group behind TRISIS, had expanded its targeting to North America and other safety systems. Given this new data, a generalized approach to safety system defense is critical knowledge for ICS security personnel. This discussion aims to provide such an approach to guarding safety systems. We will provide an overview of the TRISIS malware, including its installation, execution and modification to the controller. Next, we will break down the TRISIS event's specific tactics, techniques and procedures (TTPs) and generalize them across the ICS kill chain. Using this model, we provide present-day actionable defense strategies for asset owners, as well as guidance for forensics, restoration, and recovery should an attack be discovered. We also look to the future and recommend ways in which the state of the art can be improved by vendors and ICS owners to empower defenders with the information they need to stop future attacks.
Learn more here: https://www.dragos.com/blog/trisis/
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...SaraPia5
Do you know Flexential has an extensive, robust, highly mature Professional Security Consulting team with deep and varied bench strength? In this call, you’ll get a brief overview of their portfolio, a focused discussion on Ransomware, with a very specific Solution Flexential offers for this problem. Ransomware is going to continue to be a growing challenge, each of your Customers are struggling with it, and Flexential’s offers a short engagement to help Customers be properly prepared and not pay the Ransom! These engagements can lead to not only greater Security Opportunities, but also to Disaster Recovery, backup solution and strategy discussion, and ultimately great MRR for each of our Partners!
Securing Electric Utility InfrastructureDragos, Inc.
A Case Study on Asset Baselining, Threat Detection, and Response - presented by Tim Watkins, Schweitzer Engineering Laboratories, and Matt Cowell, Dragos.
The webinar – now available on-demand at https://selinc.com/events/on-demand-webinar/126340/ – provides insights on baselining your operation, building cyber defense, and streamlining ongoing management. SEL and Dragos also shared a case study based on a recent joint effort to address key cybersecurity challenges at a mid-sized US electric utility.
Learn more about Dragos at https://dragos.com or follow us at https://twitter.com/dragosinc
Learn more about SEL cybersecurity at https://selinc.com/solutions/security-for-critical-infrastructure/ or follow us at https://twitter.com/SEL_news
Ransomware Has Evolved And So Should Your CompanyVeriato
Ransomware is typically initiated via phishing or social engineering tactics, these attacks often take advantage of human error for the successful delivery of the malware. These criminal organizations are impartial to the size of your organization. They target any company with data, and if you don't pay the ransom, your information could be posted to a public forum or sold on the Dark Web for profit. Most companies unfortunately are forced to pay due to system failure and file corruption.
The scariest about these methods is that the Ransomware doesn't need to be developed by the attackers. Ransomware services can now be purchased on the DarkWeb and used at the Cybercriminal's will (RAAS). As these Ransomware attacks and services evolve, how can companies arm themselves with the right solutions to defend themselves from these evergrowing attacks?
Join us in our latest webinar with Dr. Christine Izuakor (cybersecurity expert) and Jay Godse (head of product dev at Veriato).
Improve Cybersecurity posture by using ISO/IEC 27032PECB
Cybersecurity is a universal concern across today’s enterprise and the need for strategic approach is required for appropriate mitigation.
Adopting ISO 27032 will help to:
• Understanding the nature of Cyberspace and Cybersecurity
• Explore Cybersecurity Ecosystem – Roles & Responsibilities
• Achieve Cyber Resilience through implementing defensive and detective cybersecurity controls
Presenter:
Obadare Peter Adewale is a first generation and visionary cyberpreneur. He is a PECB certified Trainer, Fellow Chartered Information Technology Professional, the First Licensed Penetration Tester in Nigeria, second COBIT 5 Assessor in Africa and PCI DSS QSA. He is also an alumnus of Harvard Business School and MIT Sloan School of Management Executive Education.
Link of the recorded session published on YouTube: https://youtu.be/NX5RMGOcyBM
Organizations are increasingly looking to their Internal Auditors to provide independent assurance about cyber risks and the organization's ability to defend against cyber attacks. With information technology becoming an inherent critical success factor for every business and the emerging cyber threat landscape, every internal auditor needs to equip themselves on IT audit essentials and cyber issues.
In part 12 of our Cyber Security Series you will learn about the current cyber risks and attack methods from Richard Cascarino, including:
Where are we now and Where are we going?
Current Cyberrisks
• Data Breach and Cloud Misconfigurations
• Insecure Application User Interface (API)
• The growing impact of AI and ML
• Malware Attack
• Single factor passwords
• Insider Threat
• Shadow IT Systems
• Crime, espionage and sabotage by rogue nation-states
• IoT
• CCPA and GDPR
• Cyber attacks on utilities and public infrastructure
• Shift in attack vectors
Cyber Security presentation for the GS-GMIS in Columbia, SC on 7-19-2018, 125 people present, discussion at an Executive level to help Project Managers better understand Cyber Security and recent updates and guidance to help you plan for your company
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksAngeloluca Barba
A presentation given in April 2019 in London during ICS Cyber Security Conference. I discuss an anonymized investigation conducted by our team to identify a real malware infection on a production network, the tools and techniques used to contain this threat and how to use threat intelligence and visibility to stay ahead of cyber adversaries.
Asset visibility and network baselining
Continuous network monitoring
Threat intelligence ingestion
Thorough incident response plans
Securing Systems - Still Crazy After All These YearsAdrian Sanabria
It's 2019 and we still don't know if we have a complete inventory of our assets. It is impossible to guarantee that they are all safe. The last penetration test resulted in a bloodbath. Every day we worry about whether today is the day they hack us. This cycle of stress and worry MAY break, but each stage of securing system has its complexities and challenges. We will analyze these challenges, these difficulties, and provide strategies to address them.
From asset discovery to system tightening to vulnerability management - this presentation will show you how to build lasting trust in the security we provide to our organizations.
Evolving technologies and business models have led to advanced network security threats that never existed a few years back. Moreover, enterprises are also relying on outdated security solutions to shut out such threats and this is leading to bigger and frequent data breaches. So if your company recognizes the need for a reliable IT security solution, then you should join our webinar to learn the following:
- An overview of the prevalent enterprise security threats
- The evolving security landscape and the obsolete security mechanisms
- What Seqrite does to ensure enterprise security and network compliance
Expand Your Control of Access to IBM i Systems and DataPrecisely
Controlling all the ways your company’s data is being accessed, especially given the proliferation of open source software and other non-traditional data-access methods, is critical to ensuring security and regulatory compliance. This webinar reviews the different ways your data can be accessed, discusses how exit points work and how they can be managed, and why a global data access control strategy is especially important to efficiently protect sensitive data against unwanted access.
Topics include:
• IBM i access methods and risks
• Using exit programs to block traditional and modern access methods
• Real life examples and perspectives
Security information and event management (SIEMS) tools provide a robust collection of data sources that can help companies take a more proactive approach to preventing threats and breaches.
However, implementing a SIEM often brings the challenges of a lengthy implementation, costly investment and the need for skilled security analysts to maintain it. Also, many SIEMs have been used in on-premise data centers, so what steps will you need to take if you want your SIEM to move with your data into the cloud?
You have spent a ton of money on your security infrastructure. But how do you string all those things together so you can achieve your goals of reducing time to response, detecting, preventing threats. And most importantly, having your security team serve your business and mission. Learn how to organize your security resources to get the best benefit. See a live demonstration of operationalizing those resources so your security teams can do more for your organization.
For any organization managed security services play an important role in enhancing the security posture, alerting against top vulnerabilities along with rapid and anywhere deployment.
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
Biological screening of herbal drugs: Introduction and Need for
Phyto-Pharmacological Screening, New Strategies for evaluating
Natural Products, In vitro evaluation techniques for Antioxidants, Antimicrobial and Anticancer drugs. In vivo evaluation techniques
for Anti-inflammatory, Antiulcer, Anticancer, Wound healing, Antidiabetic, Hepatoprotective, Cardio protective, Diuretics and
Antifertility, Toxicity studies as per OECD guidelines
This slide is special for master students (MIBS & MIFB) in UUM. Also useful for readers who are interested in the topic of contemporary Islamic banking.
A review of the growth of the Israel Genealogy Research Association Database Collection for the last 12 months. Our collection is now passed the 3 million mark and still growing. See which archives have contributed the most. See the different types of records we have, and which years have had records added. You can also see what we have for the future.
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Dr. Vinod Kumar Kanvaria
Exploiting Artificial Intelligence for Empowering Researchers and Faculty,
International FDP on Fundamentals of Research in Social Sciences
at Integral University, Lucknow, 06.06.2024
By Dr. Vinod Kumar Kanvaria
Francesca Gottschalk - How can education support child empowerment.pptxEduSkills OECD
Francesca Gottschalk from the OECD’s Centre for Educational Research and Innovation presents at the Ask an Expert Webinar: How can education support child empowerment?
Executive Directors Chat Leveraging AI for Diversity, Equity, and InclusionTechSoup
Let’s explore the intersection of technology and equity in the final session of our DEI series. Discover how AI tools, like ChatGPT, can be used to support and enhance your nonprofit's DEI initiatives. Participants will gain insights into practical AI applications and get tips for leveraging technology to advance their DEI goals.
Acetabularia Information For Class 9 .docxvaibhavrinwa19
Acetabularia acetabulum is a single-celled green alga that in its vegetative state is morphologically differentiated into a basal rhizoid and an axially elongated stalk, which bears whorls of branching hairs. The single diploid nucleus resides in the rhizoid.
5. The global economy loses up to $1 trillion per year
due to malicious cyber activity.
COMPLEX PROBLEMS, REAL COSTS
In 2013 alone, 552 million records were
exposed due to data breaches.
The annual cost to an individual business due to cyber
crime can range from $1M to $52M, on average.
6. • Malicious traffic was visible on 100% of networks sampled
• Nearly 70% of respondents have been
identified as issuing DNS queries for DDNS
• There is a need for visibility-driven,
threat-focused, and platform-based
security solutions
• Before
• During
• After
2014 Cisco Midyear Security Report:
Threat Intelligence & Industry Trends
7. THREAT INTELLIGENCE
Method Threat Description Findings
DDNS
DDNS is used by adversaries since it allows
botnets and other attack infrastructure to be
resilient against detection.
Nearly 70% of
respondents issue DNS
queries for DDNS.
MiTB
Palevo, SpyEye, and Zeus are malware families
that incorporate MiTB functionality. DNS
lookups for hosts compromised by them are
considered a high threat.
More than 90% of
customer networks
observed have traffic
going to websites that
host malware.
Java
Java’s extensive attack surface and high ROI
make it a primary target for exploitation.
Java exploits represented
93% of IOCs as of May
2014.
Source(s): Cisco 2014 Midyear Security Report
9. • The business community is
increasingly reliant on the use of
data.
• The need to secure critical data
is paramount to day-to-day
operations.
• Regulations and penalties for
security violations are increasing.
THE CURRENT THREAT LANDSCAPE
IS LIMITING BUSINESS GROWTH
10. • Security is becoming a bigger concern in the boardroom
• Identifying the personal and professional liability in failing to
secure networks
• As cyber threats become part of the business landscape, more will
put an emphasis on sound security practices
• Organizations must align cyber security and business
performance
• Shift IT from facilitator to driver of business outcomes
THE VIEW FROM THE TOP
Source(s): EY, Beating Cybercrime (2013)
11. What measures
are in place?
SOLUTIONS TO THE PROBLEM
Hardware
Software
People
Process
Hardware
Software
People
Process
Hardware
Software
People
Process
BEFORE DURING AFTER
How are security
events detected?
What is the
cleanup process?
12. • Nearly 1M unfilled jobs in the field
• Critical in the SOC
• Analyze network alerts and detect APTs
• Characterize and analyze network traffic to identify
anomalies and potential network resource threats
• Perform event correlation analysis to determine the
effectiveness of observed attacks
• Key areas of competency
• Ability to identify security incident as it happens
• Experience in implementing appropriate plan of action
quickly to minimize cost/damage
HELP WANTED:
SECURITY ANALYSTS
13. HOW TRAINING IS FALLING SHORT
• Focused on building static defenses
• No detection or response plan in place
• Few paths to train IT personnel to recognize security risks and
respond
• Not enough hands-on practice to implement
the theory being taught
• No ability to practice responding to
actual, real-life attacks on real-life
equipment
16. 4 Major Competencies
1. Monitor security events
2. Configure and tune security event
detection and alarming
3. Analyze traffic for security threats
4. Respond appropriately to security
incidents
17. 5 Key Differentiators
1. System Agnostic
2. Lab-Heavy
3. Inside-Out vs. Outside-In
4. Ease of Entry
5. Understand the “Why?”
18. SYSTEM AGNOSTIC
• Though training is provided by Cisco, course does not focus
solely on Cisco products
• Prepares students to operate
a variety of systems
• Can train security professionals to
“guard the castle,” with no additional
infrastructure investment
19. 60%
Of course time
spent in a lab
environment
Monitor,
analyze,
and respond
to actual
cyber attacks
20.
21. • Train your SOC staff
• Cross-train your IT staff on how to recognize security
incidents and how to work with the SOC team
• Great starting point for IT staff looking to migrate to
security
Ease of Entry for
Security Professionals
22. • Develops the skills necessary to effectively operate
within an SOC
• Process
• Hardware
• Software
• Identify threats, but also understand why something
is a threat
Moving Beyond the “How”
23. SCYBER CCNA Sec. CCNP Sec. CCIE Sec. Security + CEH
Pre-Req. N/A IINS/CCENT
CCNA Sec./
CCIE
N/A N/A N/A
Experience 0-2 Years 0-2 Years 4-6 Years 7+ Years 2-3 Years 2+ Years
Sample Job
Security
Analyst
System Admin.
Network
Security Eng.
Network
Security Eng.
System Admin. Ethical Hacker
Focus
Event
Detection
System
Administration
Building
Infrastructure
Management
System
Administration
Penetration
Testing
Instruction 1 Week 2 Weeks 4 Weeks Varied 1 Week 1 Week
Exam (s) 1 Exam 2 Exams 4 Exams 2 Exams 1 Exam 1 Exam
DoD 8570 Pending Yes No No Yes Yes
CERTIFICATION COMPARISON
24. SCYBER No Prerequisites
Understanding of TCP/IP
and a working knowledge of
CCNA is highly recommendedTECHNICAL DETAILS
Prepares students to take the
Cyber Security Specialist Certification Exam
600-199 SCYBER
ILT course covers 12 modules over 5 days
25. Day 1 Day 2 Day 3 Day 4 Day 5
Course Introduction
Module 1:
Attacker
Methodology
Module 3:
Defender Tools
Module 5:
Network Log
Analysis
Module 7:
Incidence Response
& Preparation
Module 8:
Security Incident
Detection
Module 10:
Mitigations & Best
Practices
Module 2:
Defender
Methodology
Module 4:
Packet Analysis
Module 6:
Baseline Network
Operations
Module 7:
Incidence Response
Preparation
Module 8:
Security Incident
Detection
Module 9:
Investigations
Module 11:
Communication
Module 12:
Post-Event Activity
Course Schedule
AM
PM
26. Cyber Attack Model
OSI Model TCP/IP Model
7
6
5
4
3
2
1
Application
Presentation
Session
Transport
Network
Data Link
Physical
Network Interface
Application
Transport
Internet
MITM (Intercept, Modify),
DoS, RF (Jam, Replay)
Session Hijacking and Spoofing
(Intercept, Modify, Bypass Network
Security), DoS
Malware, OS, and Application level;
Remote and Privilege Escalation
exploits, Bots, Phishing
RF, Fiber, Copper
27. IP Transport Cyber Attack Vectors
Network and System Architecture
- Centralized, Distributed, Redundant
- Physical and Logical
Transport Network
- RF, Fiber, Copper
Network Protocols
- Routing, Switching, Redundancy
- Apps, Client/Server
Client/Server Architecture
HW, SW, Apps, RDBMS
- Open Source
- Commercial
Trust Relationships
- Network Management and Network Devices
- Billing, Middleware, Provisioning
Common HW/SW configuration settings
Transport Network
Infrastructure Cyber Attack Tree
Network Infrastructure
Attack Vectors
SNMP Community
String Dictionary Attack
with Spoofing to
Download Router
Switch Configuration
Build New Router
Configuration File to
enable further privilege
escation
Upload New
Configuration File
Using Comprimised
SNMP RW String
UNIX NetMgt Server
Running NIS v1
Ypcat -d <domain>
<server IP> passwd
Grab shadow file hashes
Crack Passwords
Access Server
Directly
Exploit ACL Trust
Relationship
Attack SNMPTelnetSSH
Find NetMgt
passwords and
SNMP config files
Discover Backup
HW Configs
Crack Passwords
HP OpenView Server
Enumerate Oracle
TNS Listener to
Identify Default SID’s
Further Enumerate
Oracle SID’s to
Identify Default
DBA System Level
AcctsPasswords
Login to Oracle DB
with Discovered DBA
Privilege Account
Run Oracle SQL
CMDs
Execute OS CMDs
Add New
Privileged OS
Account
Crack Passwords
Further Enumerate
Oracle SID’s to
Identify User Accts.
Perform Dictionary
Attack
Execute OS CMDs from
Oracle PL/SQL
Attack Network from DB
Run Oracle SQL CMDs
Execute OS CMDs
Find NetMgt Passwords,
SNMP info, OS password
files
Network Mgt Application
Attempt to Login Using
Default LoginPassword
Reconfigure
Router or Switch
MITM
ARP Poisoning
Sniffing
Capture SNMP Community
Strings and Unencrypted
LoginPasswords, Protocol
Passwords
Configure
Device for
Further
Privilege
Escalation
TelnetSSH
Dictionary Attack
RouterSwitches
NetMgt Server
Inject New Routes
Or Bogus Protocol
Packets
Use New Privileged
OS account to
Escalate Privileged
Access to Network
Own Network
Infrastructure
Own Network
Infrastructure
Own Network
Infrastructure
Own Network
Infrastructure
Own Network
Infrastructure
Own Network
Infrastructure
Build New Router
Configuration File to
enable further privilege
escation
Attack Vectors - Deny, Disrupt, Delay, Intercept, Exploit
Man in the Middle Attacks (MITM)
Network Protocols
IP Spoofing
Apps/RDBMS/NetMgt
Traffic Analysis
28. In-Band Network Management
Network Management Protocols
• SNMP
• Telnet
• HTTP/s - XML
• TFTP
• TL1
• SSH
Users
NOC
Business and Network Management Traffic
Uses Common Infrastructure
Network Management Security
• Access List
• Firewalls
• VPN
• IDS/IPS
• AAA
• Trust levels
Data Center
Resources
User VLANs
VLAN Trunks
Trust Model – Defines Security Posture
- Network management features are
vulnerabilities (provides configuration and
access information)
- Security policies define trust model
- Users access
- Customer access
- Vendor/Mfg local/remote tech support
access
- NOC/Tech support staff
- Secure visualization and instrumentation
- Internal, Customer, Management operations
in separate IP subnets/VLANs/PVCs, etc.,
over shared network infrastructure.
- Log everything
- 2-Factor authentication
Management VLAN M
M
M M
M M
M M
M
Utilize MPLS VPNs and VRFs for
Management Network
Though this problem has been present, in one form or another, since the early 1900s, modern hacking methods have exploited holes in our IT infrastructure over the last 20 years or so
Since the dawn of the computer age, cyber criminals have sought disrupt business
Early on this was a singular problem
Connectivity between systems was limited, and data was not shared between systems the way we see today
With the introduction of the WWW, a shift in the strategies utilized by cyber criminals began to take hold
Singular issues had the potential to become systematic, and governments programs, businesses and individuals were increasingly exposed to the threat of cyber crime
This issue has only gotten worse since the dawn of mobile technology and cloud computing
Today, no matter who you are or where you reside, there is a high chance of being effected by cyber crime
These activities have a real cost to the institutions we really on on a daily basis, and pose one of the most serious threats to national security and the economy we see today
HSBC: On 11/1/2013 an employee with authorization to access account information stole an undisclosed number of records with the intent of misusing the data
Facebook: Facebook has been the victim of numerous attacks. Most recently 2 million usernames and passwords from a number of sites (the most effected being FB) were stolen as a result of malware.
Japan Airlines: Up to 750,000 records were stolen as a result of a computer security breach.
European Central Bank: The ECB fell victim to a blackmail scheme in which around 20,000 email addresses were stolen. The ECB refused to comply with the hacker’s demands.
Verizon: Verizon has been the victim of a number of security breaches, both from individual actors and government entities. The most shocking of these was the revelation that the use of a femtocell ($250). This device allows third-parties to track voicemails and text messages of users within 40 feet of a unit. Verizon has since patched the vulnerability.
Adobe: 150 million records were accessed as a result of a breach of Adobe’s customer database. The data included usernames, passwords, emails and financial info (of both active and inactive accounts).
Sony: Sony has fell victim to a number of breaches. The largest, the 2011 PlayStation Network breach, exposed over 100 million user accounts. There have been a number since then. Sony has been seen as a target by hacking groups since they pressed charges against George Hotz, a 20-year old hacker who reversed engineered Sony’s PS3 so it could run third party apps.
Fuji: The arrest of an alleged hacker led to the discovery that a breach had occurred at Fuji-Xerox Singapore. The incident exposed the bank statements of 647 of Standard Chartered’s richest clients.
DLR: A foreign intelligence service was able to access the computers of scientists and system administrators at the German Aerospace Center via a APT (advanced persistent threat) attack.
These crimes have serious consequences to both businesses and individuals
In 2013 alone, 552 million individual records were exposed due to data breaches
That nearly a quarter of all internet users
The global economy is adversely effected by malicious cyber activity to the tune of $1 Trillion per year
The median cyber security incident costs individual businesses anywhere from $1 Million to $52 Million dollars
Imagine what a business could do with those resources
There is projected to be approximately 1,000,000 unfilled cyber security jobs worldwide
This skills gap poses a serious risk to businesses
Something the business community recognizes, as nearly 70% of US business execs fear cyber crime will hamper the growth of their business
Cyber crime has a real affect on businesses
The average cyber attack costs an organization over $17,000 per day
On average, an attack persists for 42 days before it is identified
Cyber crime is a severe problem in EMEA
Advanced Persistent Threats (APTs) are one the more prevalent methods used by hackers to access information
Allows access to a network over a long period of time
Intention to steal data (vs. cause damage)
Often target “high value” industries (government, banking, etc.)
The UK, Germany and Saudi Arabia tend to be the most heavily effected by these costly breaches
Security has traditionally not been a focus of corporate executives
Much more concerned with driving sales and revenues, and creating efficiencies within the IT system
This is shifting, though security still lags behind emerging technologies in terms of the investment consideration at the CIO level
These separate initiatives need to go hand-in-hand
Emerging technologies (IoT, cloud computing, etc.) should reinforce the need for further investment in cyber security spending
The business community is becoming increasingly reliant on the use of data analytics
IT shifting to a driver of business outcomes
The need to secure critical data is paramount to day-to-day operations
Potential vulnerabilities increasing as a result of new technology (i.e. IoT)
BYOD device increases complexity of securing networks
Regulations and penalties for security violations are increasing
Rapidly evolving privacy regulations, banking/finance regulations, etc.
Cost of stolen services and intellectual property
Cost of sabotage
APT attacks increased 50% in EMEA for the first half of 2014
Primary industries targeted:
Governemnt
Finance
Telecom
Energy
Firms in the UK tend to lag behind the rest of EMEA, and the world, in their ability to identify cyber attacks quickly
There are no “easy fixes” to secure your network
It’s a combination of HW/SW, people and process
Organizations must have a strong plan in place
What measures are in place?
How are security events detected?
What is the cleanup process after an attack?
Training can play an important role in securing networks
Target attack, where human error led to significant data/financial loss
No matter how much you invest in HW/SW, no matter how good your process is, under skilled security teams are a liability
There is projected to be approximately 1,000,000 unfilled cyber security jobs worldwide
This problem is multifaceted, but has been accelerated by the movement of IT jobs overseas throughout the 1990s and early 2000s
Many countries do not have the knowledge base to deal with this issue
Cyber security analysts are critical to the operation of the SOC
“Guarding the Castle” to protect against outside threats
Analyze network traffic to identify anomalies
There is a disconnect between the way we approach training IT professionals and they way they’ll be required to effectively function in the field
Traditional cyber security courseware has focused on the theory of how systems function and communicate, and focuses on how hackers infiltrate systems
Brand name training programs have typically been tied to specific systems and IT platforms
The need for specialize, brand name training across a variety of systems
As was mentioned earlier, cyber security professionals are generally equipped with a skill set bent towards preventing attacks
One of the most critical components of an effective cyber security strategy is detection, so this is a general blind spot in the industry
The Target breach, for example, could have been prevented had analysts recognized the threats alerts generated by the malware detection system put in place
IT security SYSTEMS tend to work well, it’s individual analysts that often drop the ball
Speak to the reasoning behind SCYBER’s development
Tie back to “current state” slides from earlier
Speak to the competencies SCYBER looks to validate
Tie into the job role of a cyber security analyst
One of the key differentiators of the SCYBER program is that it is system agnostic
SCYBER delivers the benefits of a system agnostic course paired with the Cisco brand name
Easily recognizable by CIOs and end users
Students are exposed to a variety of threats across platforms and focus on general practices as opposed to those only pertaining to Cisco systems
Allows students more flexibility in their career path, something that will drive demand for training versus other products
Whether Juniper, HP, IBM or any number of any Cisco competitors, this course will equip students with the skills necessary to effectively manage cyber attacks in real time
Where many courses are primarily based in theory, SCYBER immerses students in the world of a Cyber Security Analyst
The course itself is 60% lab based, with instructors launching actual cyber attacks, in real time
Students who complete the training will have developed the skills necessary to monitor, analyze, and respond to actual cyber attacks in the private and public sectors
In particular, labs focus on event monitoring, security event and alarm tuning, traffic analysis, and incidence response
When an IT system is infiltrated, time is of the essence
Looking from the “Outside-In” doesn’t prepare professionals to act quickly to identify attacks
Rather focus on preventing them in the first place
We’ve discussed that it is no longer a question of if, but when malicious cyber activity will occur
This increases the emphasis on the timely identification of a system breach
Under such a scenario, each day that goes by could cost a business millions in losses, not to mention the corruption of valuable data, and lost customers
SCYER puts the focus on “Guarding the Castle” to ensure that when a system is breached, the damage, both to the business itself and consumers, is minimized
Many cyber security training courses require years of experience in order to sit for an exam
SCYBER has recommended that students possess a minimum of two years IT experience in order to take the course
This breaks a barrier for entry often seen in the cyber security filed, where qualified individuals are left out due to barriers to entry in the marketplace
This goes back to the job shortage we discussed earlier, and provides a solution both businesses seeking qualified cyber security professionals
Many cyber security training courses require years of experience in order to sit for an exam
SCYBER has recommended that students possess a minimum of two years IT experience in order to take the course
This breaks a barrier for entry often seen in the cyber security filed, where qualified individuals are left out due to barriers to entry in the marketplace
This goes back to the job shortage we discussed earlier, and provides a solution both businesses seeking qualified cyber security professionals
Now on to some technical details regarding SCYBER
As was mentioned, there are no set prerequisite for the course, though it is recommended that potential students have at minimum two years experience in the field
Students need to possess a basic understanding of Transmission Control and Internet Protocol
Additionally, it’s recommended students have a working knowledge of CCNA Security
SCYBER is a classroom based course, with 11 modules covered in the span of 5 days
Module 1: Course Introduction: Overview of Network Security and Operations
Module 2: Network and Security Operations Data Analysis
Module 3: Packet Analysis
Module 4: Network Log Analysis
Module 5: Baseline Network Operations
Module 6: Preparing for Security Incidents
Module 7: Detecting Security Incidents
Module 8: Investigating Security Incidents
Module 9: Reacting to an Incident
Module 10: Communicating Incidents Effectively
Module 11: Postevent Activity
This course prepares students to take the Cyber Security Specialist Certification Exam
There are semi-annual recertification requirements, the details of which can be made available