Planning and Integrating Deception into Computer Security Defenses
•
0 likes•793 views
Deceptive techniques played a prominent role in many human conflicts throughout history. Digital conflicts are no different as the use of deception has found its way to computing since at least the 1980s. However, many computer defenses that uses deception were ad-hoc attempts to incorporate deceptive elements in them. In this paper, we present a model that can be used to plan and integrate deception in computer security defenses. We present an overview of why deception fundamentally works and what are the essential principles in using such techniques. We investigate the unique advantages deception-based mechanisms bring to traditional computer security defenses. Furthermore, we show how our model can be used to incorporate deception to many part of computer systems and discuss how we can use such techniques effectively. A successful deception should present plausible alternative(s) to the truth and these should be de- signed to exploit specific adversaries’ biases. We investigate these biases and discuss how can they be used by presenting a number of examples.
Report
Share
Report
Share
Download to read offline
Recommended
Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses -- The...
As the convergence between our physical and digital worlds continue at a rapid pace, securing our digital information is vital to our prosperity. Most current typical computer systems are unwittingly helpful to attackers through their predictable responses. In everyday security, deception plays a prominent role in our lives and digital security is no different. The use of deception has been a cornerstone technique in many successful computer breaches. Phishing, social engineering, and drive-by- downloads are some prime examples. The work in this dissertation is structured to enhance the security of computer systems by using means of deception and deceit.
Deception-based security mechanisms focus on altering adversaries’ perception of computer systems in a way that can confuse them and waste their time and resources. These techniques exploit adversaries’ biases and present them with a plausible alter- native to the truth bringing a number of unique advantages to computer security. In addition, deception has been widely used in many areas of computing for decades and security is no different. However, deception has only been used haphazardly in computer security.
In this dissertation we present a framework where deception can be planned and integrated into computer defenses. We posit how the well-known Kerckhoffs’s principle has been misinterpreted to drive the security community away from deception-based mechanisms. We present two schemes that employ deception to protect users’ passwords during transmission and at rest when they are stored on a computer server. Moreover, we designed and built a centralized deceptive server that can be hooked to internet-facing servers giving them the ability to return deceptive responses. These three schemes are designed, implemented, and analyzed for their security and performance.
The use of deception in security, and in computing in general, shows some fruitful results. This dissertation discusses some of the unique advantages of such mechanisms and presents a framework to show how they can be integrated into computer defenses. Also, it provides three practical schemes that employ deception in their design to address some existing security challenges. We postulate that the use of deception can effectively enhance the effectiveness of current security defenses and present novel ways to address many security challenges.
Truth and Consequences
This document discusses using deception in cybersecurity defenses. It begins by arguing that obscurity does provide some security benefits in practice. It then outlines several deception techniques like denial, degradation, and attribution. Examples of current deception research projects are presented, such as using fake passwords to thwart cracking and deceptive software patches. Modeling deception strategies using hypergames is also discussed. The document argues that deception methods show promise in improving security when combined with traditional defenses.
Self-Learning Systems for Cyber Security
The document discusses using reinforcement learning to develop self-learning systems for cyber security. It proposes modeling network attack and defense as games and using reinforcement learning to learn effective security policies. The approach involves emulating computer infrastructures, creating models from the emulations, and using reinforcement learning and simulations to evaluate policies and estimate models. The goal is to automate security tasks and develop systems that can adapt to changing attack methods.
Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)
• Definition of threat analysis
• Threat analysis process
• Analysis methods
– DFD(Data Flow Diagram)
– STRIDE
– Attack Library
– Attack Tree
• Conclusions • References
Red Team Operations: Attack and Think Like a Criminal
Are you red team, blue team — or both? Get an inside look at the offensive and defensive sides of information security in our on-demand webinar series.
Senior security researcher and InfoSec Instructor Jeremy Martin digs into the mindset of an attacker during this on-demand webinar, Red Team Operations: Attack and Think Like a Criminal. The webinar will cover:
- The job duties of a Red Team professional
- Frameworks and strategies for conducting Red Team assessments
- How to get started and progress your offensive security career
- And answer any live questions you have!
Watch the full webinar: https://www2.infosecinstitute.com/l/12882/2018-11-29/b9gw5q
Don’t miss the second part of the series, Cyber Threat Hunting: Identify and Hunt Down Intruders: https://www2.infosecinstitute.com/l/12882/2018-11-29/b9gwfd
Strata San Jose 2016 - Reduce False Positives in Security
How to reduce false positives in security systems through feedback and rules.
You will learn about:
1) Implicit Feedback
2) Applying Rules above ML systems
3) Applying Rules as Features
4) Combining them using MLN
STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...
• About threat analysis
• STRIDE Variants
– STRIDE-per-Element
– STRIDE-per-Interaction
– Comparative the variants STRIDE
• Security Requirements-based Threat Analysis
• Conclusions
• References
Cyber Threat Hunting Training (CCTHP)
https://www.enoinstitute.com/training-tutorials-courses/cyber-threat-hunting-training-ccthp/ Learn how to find, assess, and remove threats from your organization in our Certified Cyber Threat Hunting Training (CCTHP) designed to prepare you for the Certified Cyber Threat Hunting Professional (CCTHP) exam.
In this Cyber Threat Hunting Training (CCTHP) course, we will deep dive into “Threat hunting” and searching for threats and mitigate before the bad guy pounce. And we will craft a series of attacks to check Enterprise security level and hunt for threats. An efficient Threat hunting approach towards Network, Web, Cloud, IoT Devices, Command & Control Channel(c2), Web shell, memory, OS, which will help you to gain a new level of knowledge and carry out all tasks with complete hands-on.
RESOURCES:
Cyber Threat Hunting Training: Cyber Threat Hunting A Complete Guide – 2020 Edition By Gerardus Blokdyk/vitalsource.com
Cyber Threat Hunting Training: Cyber Threat Hunting A Complete Guide – 2019 Edition By: Gerardus Blokdyk/vitalsource.com
Cyber Threat Hunting Training: Hunting Cyber Criminals: A Hacker’s Guide to Online Intelligence Gathering Tools and Techniques 1st Edition by Vinny Troia/Amazon.com
Cyber Threat Hunting Training: Investigating the Cyber Breach: The Digital Forensics Guide for the Network Engineer by Muniz Joseph and Lakhani Aamir/Amazon.com
CUSTOMIZE It:
We can adapt this Cyber Threat Hunting Training (CCTHP) course to your group’s background and work requirements at little to no added cost.
If you are familiar with some aspects of this Cyber Threat Hunting (CCTHP) course, we can omit or shorten their discussion.
We can adjust the emphasis placed on the various topics or build the Cyber Threat Hunting Training (CCTHP) around the mix of technologies of interest to you (including technologies other than those included in this outline).
If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the Cyber Threat Hunting Training (CCTHP) course in manner understandable to lay audiences.
Recommended
Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses -- The...
As the convergence between our physical and digital worlds continue at a rapid pace, securing our digital information is vital to our prosperity. Most current typical computer systems are unwittingly helpful to attackers through their predictable responses. In everyday security, deception plays a prominent role in our lives and digital security is no different. The use of deception has been a cornerstone technique in many successful computer breaches. Phishing, social engineering, and drive-by- downloads are some prime examples. The work in this dissertation is structured to enhance the security of computer systems by using means of deception and deceit.
Deception-based security mechanisms focus on altering adversaries’ perception of computer systems in a way that can confuse them and waste their time and resources. These techniques exploit adversaries’ biases and present them with a plausible alter- native to the truth bringing a number of unique advantages to computer security. In addition, deception has been widely used in many areas of computing for decades and security is no different. However, deception has only been used haphazardly in computer security.
In this dissertation we present a framework where deception can be planned and integrated into computer defenses. We posit how the well-known Kerckhoffs’s principle has been misinterpreted to drive the security community away from deception-based mechanisms. We present two schemes that employ deception to protect users’ passwords during transmission and at rest when they are stored on a computer server. Moreover, we designed and built a centralized deceptive server that can be hooked to internet-facing servers giving them the ability to return deceptive responses. These three schemes are designed, implemented, and analyzed for their security and performance.
The use of deception in security, and in computing in general, shows some fruitful results. This dissertation discusses some of the unique advantages of such mechanisms and presents a framework to show how they can be integrated into computer defenses. Also, it provides three practical schemes that employ deception in their design to address some existing security challenges. We postulate that the use of deception can effectively enhance the effectiveness of current security defenses and present novel ways to address many security challenges.
Truth and Consequences
This document discusses using deception in cybersecurity defenses. It begins by arguing that obscurity does provide some security benefits in practice. It then outlines several deception techniques like denial, degradation, and attribution. Examples of current deception research projects are presented, such as using fake passwords to thwart cracking and deceptive software patches. Modeling deception strategies using hypergames is also discussed. The document argues that deception methods show promise in improving security when combined with traditional defenses.
Self-Learning Systems for Cyber Security
The document discusses using reinforcement learning to develop self-learning systems for cyber security. It proposes modeling network attack and defense as games and using reinforcement learning to learn effective security policies. The approach involves emulating computer infrastructures, creating models from the emulations, and using reinforcement learning and simulations to evaluate policies and estimate models. The goal is to automate security tasks and develop systems that can adapt to changing attack methods.
Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)
• Definition of threat analysis
• Threat analysis process
• Analysis methods
– DFD(Data Flow Diagram)
– STRIDE
– Attack Library
– Attack Tree
• Conclusions • References
Red Team Operations: Attack and Think Like a Criminal
Are you red team, blue team — or both? Get an inside look at the offensive and defensive sides of information security in our on-demand webinar series.
Senior security researcher and InfoSec Instructor Jeremy Martin digs into the mindset of an attacker during this on-demand webinar, Red Team Operations: Attack and Think Like a Criminal. The webinar will cover:
- The job duties of a Red Team professional
- Frameworks and strategies for conducting Red Team assessments
- How to get started and progress your offensive security career
- And answer any live questions you have!
Watch the full webinar: https://www2.infosecinstitute.com/l/12882/2018-11-29/b9gw5q
Don’t miss the second part of the series, Cyber Threat Hunting: Identify and Hunt Down Intruders: https://www2.infosecinstitute.com/l/12882/2018-11-29/b9gwfd
Strata San Jose 2016 - Reduce False Positives in Security
How to reduce false positives in security systems through feedback and rules.
You will learn about:
1) Implicit Feedback
2) Applying Rules above ML systems
3) Applying Rules as Features
4) Combining them using MLN
STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...
• About threat analysis
• STRIDE Variants
– STRIDE-per-Element
– STRIDE-per-Interaction
– Comparative the variants STRIDE
• Security Requirements-based Threat Analysis
• Conclusions
• References
Cyber Threat Hunting Training (CCTHP)
https://www.enoinstitute.com/training-tutorials-courses/cyber-threat-hunting-training-ccthp/ Learn how to find, assess, and remove threats from your organization in our Certified Cyber Threat Hunting Training (CCTHP) designed to prepare you for the Certified Cyber Threat Hunting Professional (CCTHP) exam.
In this Cyber Threat Hunting Training (CCTHP) course, we will deep dive into “Threat hunting” and searching for threats and mitigate before the bad guy pounce. And we will craft a series of attacks to check Enterprise security level and hunt for threats. An efficient Threat hunting approach towards Network, Web, Cloud, IoT Devices, Command & Control Channel(c2), Web shell, memory, OS, which will help you to gain a new level of knowledge and carry out all tasks with complete hands-on.
RESOURCES:
Cyber Threat Hunting Training: Cyber Threat Hunting A Complete Guide – 2020 Edition By Gerardus Blokdyk/vitalsource.com
Cyber Threat Hunting Training: Cyber Threat Hunting A Complete Guide – 2019 Edition By: Gerardus Blokdyk/vitalsource.com
Cyber Threat Hunting Training: Hunting Cyber Criminals: A Hacker’s Guide to Online Intelligence Gathering Tools and Techniques 1st Edition by Vinny Troia/Amazon.com
Cyber Threat Hunting Training: Investigating the Cyber Breach: The Digital Forensics Guide for the Network Engineer by Muniz Joseph and Lakhani Aamir/Amazon.com
CUSTOMIZE It:
We can adapt this Cyber Threat Hunting Training (CCTHP) course to your group’s background and work requirements at little to no added cost.
If you are familiar with some aspects of this Cyber Threat Hunting (CCTHP) course, we can omit or shorten their discussion.
We can adjust the emphasis placed on the various topics or build the Cyber Threat Hunting Training (CCTHP) around the mix of technologies of interest to you (including technologies other than those included in this outline).
If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the Cyber Threat Hunting Training (CCTHP) course in manner understandable to lay audiences.
Using IOCs to Design and Control Threat Activities During a Red Team Engagement
The term Red Team or Red Teaming has become more prevalent in the security industry. Both commercial and government organizations conduct "Red Team Exercises". What does this mean? What is a Red Team engagement? How is it different that other security tests? Isn't current penetration and vulnerability security testing enough?
Red Teaming share many of the fundamentals of other security testing types, yet focuses on specific scenarios and goals that are used to evaluate and measure an organization's overall security defense posture.
Organizations spend a great deal of time and money on the security of their systems. Red Teams have a unique goal of testing an organization's ability to detect, respond to, and recover from an attack. When properly conducted, Red Team activities can significantly contribute to the improvement an organization's security controls, help hone defensive capabilities, and measure the effectiveness of security operations.
This presentation introduces the Red Teaming concept of IOC management, how a Red Team operator can use specific IOCs to blend in to a target, and how to design specific scenarios to test a Blue Team's defensive posture.
Strata 2015 Presentation -- Detecting Lateral Movement
This document discusses challenges in detecting lateral movement attacks and proposes a solution using machine learning models. It summarizes:
1) Independent alert streams from security tools create a triage burden and do not capture complex attacks.
2) A combined model is built to detect compromised accounts/machines from Windows event logs, assessing login probability, credential elevation, and other signals.
3) The combined model ranks sessions using gradient descent learning to rank. Testing with penetration testers showed the top-ranked sessions had a 96% precision.
Threat hunting and achieving security maturity
The document discusses threat hunting techniques and achieving maturity in threat hunting programs. It introduces threat hunting and defines it as proactively searching networks to detect advanced threats. It then covers threat hunting maturity models ranging from initial to leading levels. Common threat hunting techniques like searching, clustering, grouping and stack counting are explained. The threat hunting loop process of creating hypotheses, investigating, uncovering patterns and informing analytics is also outlined. Finally, two practical threat hunting case studies on potential command and control activity and suspicious emails are described.
Cyber Threat Hunting: Identify and Hunt Down Intruders
View webinar: "Cyber Threat Hunting: Identify and Hunt Down Intruders": https://www2.infosecinstitute.com/l/12882/2018-11-29/b9gwfd
View companion webinar:
"Red Team Operations: Attack and Think Like a Criminal": https://www2.infosecinstitute.com/l/12882/2018-11-29/b9gw5q
Are you red team, blue team — or both? Get an inside look at the offensive and defensive sides of information security in our webinar series.
Senior Security Researcher and InfoSec Instructor Jeremy Martin discusses what it takes to be modern-day threat hunter during our webinar, Cyber Threat Hunting: Identify and Hunt Down Intruders.
The webinar covers:
- The job duties of a Cyber Threat Hunting professional
- Frameworks and strategies for Cyber Threat Hunting
- How to get started and progress your defensive security career
- And questions from live viewers!
Learn about InfoSec Institute's Cyber Threat Hunting couse here: https://www.infosecinstitute.com/courses/cyber-threat-hunting/
Threat hunting 101 by Sandeep Singh
Getting Started with Threat Hunting (Threat Hunting 101) by Sandeep Singh at the combined null Delhi and OWASP Delhi December meet up
Building a Successful Threat Hunting Program
Understanding the key components necessary to build a successful threat hunting program starts with visibility, the appropriate tools and automation. Skilled, experienced analysts, engineers and incident responders with analytical minds who can apply concepts and approaches to a variety of different toolsets are also instrumental to the process. In this presentation, We'll describe and discuss some of the most common challenges, recommended best practices, and focus areas for achieving an effective threat hunting capability based on lessons learned over the past 15 years.
Enabling effective hunt teaming and incident response
This document provides an overview of enabling effective hunt teaming and incident response with limited resources. It defines hunt teaming as proactively assuming compromise, finding compromised hosts, determining how they were compromised through forensics, and implementing preventative and detective controls. Incident response is defined as reactively noticing an incident, stopping any active threats, and learning from the incident to implement improved controls. The document discusses how most attacks actually occur based on data from breaches, and provides examples of low-cost tools and techniques that can be used for persistence and program execution tracking, centralized logging, and data exfiltration detection.
SEC 572 Entire Course NEW
This document provides guidance for a lab assignment on designing a secure wireless network. It outlines the required sections for the lab document, including requirements and policies for the wireless network, an overview of the proposed secure wireless solution, and an illustration of the network design. Students are instructed to select hardware and software to support the security policies and user requirements defined in an earlier lab. The goal is to gain experience designing wireless networks to meet typical requirements and industry standards.
Transforming Adversary Emulation Into a Data Analysis Question
From MITRE ATT&CKcon Power Hour October 2020
By Matan Hart, Co-Founder & CEO Cymptom @machosec
Adversary emulation is commonly used to validate security controls and is considered one of the most popular use-cases for the ATT&CK framework. However, emulating adversary TTPs on production environments is often very limited in testing scope and frequency, and such practice may cause unwanted business disruption. In this talk from the MITRE ATT&CKcon Power Hour session on October 9, 2020, Hart presents a different approach to testing controls against ATT&CK. He demonstrates how it is possible to provide data-based methods to evaluate the exploitability of ATT&CK techniques by gathering information from the network, endpoint, and services; this unique approach does not emulate any sort of malicious action, thus reducing the potential of causing business disruption to the minimum. Hart also outlines a new open-source guideline based on ATT&CK mitigations, that security teams can use to assess their security posture non-intrusively and at scale.
Security of Machine Learning
I will first introduce adversarial machine learning, emerging research direction dealing with security aspects of machine learning. Then, I will explain poisoning and evasion attacks, followed by the description of transferability phenomena. Finally, I will talk about the proposed defenses against such types of attacks and their effectiveness.
What is Threat Hunting? - Panda Security
Threat hunting is a proactive approach to security that involves actively searching networks for threats that evade traditional defenses like firewalls and antivirus. It involves forming hypotheses about potential attacks based on indicators and then validating those hypotheses by searching for related evidence. While threat hunting requires time, skills, and resources that many organizations lack, Panda Security's Threat Hunting and Investigation Service (THIS) provides threat hunting as a managed service at no extra cost with their Adaptive Defense 360 platform. THIS continuously monitors endpoints, forms hypotheses about attacks, and validates findings to detect threats that other solutions may miss.
MITRE ATT&CKcon 2018: Decision Analysis Applications in Threat Analysis Frame...
In the modern age, all organizations face threats from various types of cyber attacks. Although great strides have been made to consider human factors in cybersecurity and to become more proactive in threat analysis, security is still generally a reactive, technical field. The research presented in this talk seeks to develop a framework which adapts the existing MITRE ATT&CK framework to look at attacks in a less linear, more human-centered framework that focuses on the capabilities and decisions of the threat actor.
The framework approaches threat analysis from a binary assessment of success vs. failure in order to see the entire attack and consider the potential for a number of methods and attempts made in a single attack. A detailed methodology and sample charts are included for a reference and a starting point in developing one’s own personalized charts, and recommendations are made for ways to integrate this methodology into the risk management process.
MITRE ATTACKcon Power Hour - October
Red Canary's lessons learned from remapping their detection analytics to the MITRE ATT&CK framework include figuring out where analytics are currently mapped, letting code do the work of remapping, reviewing mappings for consistency, finding and fixing legacy mapping issues, and considering conditional mapping approaches. The speaker also emphasizes giving back to the ATT&CK community and having fun with the remapping process.
Threat hunting - Every day is hunting season
Breakout Presentation by Ben Boyd during the 2018 Nebraska Cybersecurity Conference.
Introduction to Threat Hunting and helpful steps for building a Threat Hunting Program of any size, from small to massive.
ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
From MITRE ATT&CKcon Power Hour January 2021
By Valentine Mairet, Security Researcher, McAfee
The MITRE ATT&CK framework is the industry standard to dissect cyberattacks into used techniques. At McAfee, all attack information is disseminated into different categories, including ATT&CK techniques. What results from this exercise is an extensive repository of techniques used in cyberattacks that goes back many years. Much can be learned from looking at historical attack data, but how can we piece all this information together to identify new relationships between threats and attacks? In her recent efforts, Valentine has embraced analyzing ATT&CK data in graphical representations. One lesson learned is that it is not just about merely mapping out attacks and techniques used into graphs, but the strength lies in applying different algorithms to answer specific questions. In this presentation, Valentine will showcase the results and techniques obtained from her research journey using graph and graph algorithms.
Resistance Isn't Futile: A Practical Approach to Threat Modeling
There are hundreds (if not thousands) of adversary groups out there, and it’s understandable if defenders sometimes feel like resistance is futile. Good news: you don’t have to defend against all of them! Even better news: there’s a simple way you can prioritize what adversaries you focus on and how you defend against them–threat modeling. This presentation will present a simple, practical threat modeling approach that any analyst or defender can use to get started figuring out what threats matter to their organization.
The presentation will start by acknowledging the many approaches to threat modeling that others have created, and then discuss why there’s confusion around it. The presentation will then explain four simple steps and practical actions that anyone can take to get started with threat modeling: know your organization, know your adversaries, match those up, and take action. The audience will leave with an understanding of how threat modeling can help any team prioritize what threats they care about and use that to improve their organization’s defenses.
Threat Hunting Report
The Information Security Community on LinkedIn, with the support of Cybereason, conducted a comprehensive online research project to gain
more insight into the state of threat hunting in security
operation centers (SOCs). When the 330 cybersecurity and IT professionals were asked what keeps them up at night, many comments revolved around a central theme of undetected threats slipping through an organization’s defenses. Many
responses included “unknown” and “advanced” when
describing threats, indicating the respondents understand
the challenges and fear those emerging threats.
Read the full report here.
SOC2016 - The Investigation Labyrinth
The document summarizes a presentation by Chris Sanders on analyzing the investigation process in digital forensics and incident response. Some key points:
1. Sanders argues that the field of digital security is undergoing a "cognitive revolution" to develop more structured and repeatable investigation methods.
2. He proposes using a scenario-based approach and investigation simulator to study how analysts navigate cases and make decisions. This could help identify ways to increase accuracy and speed.
3. Case studies analyzing novice and expert analysts found that novices rely more on intuition while experts employ more reflection and metacognition when investigating cases.
Invincea fake british airways ticket spear-phish malware 03-21-2014
Invincea detects and blocks a Zeus malware spear-phish disguised as a British Airways fake ticket receipt. Information security and endpoint protection benefits from Invincea.
Tech ThrowDown:
Invincea FreeSpace vs EMET 5.0
In this webinar, we will take a deep dive look at the protection capabilities offered by Microsoft EMET as an effective means of stopping exploits against the most commonly attacked endpoint applications today and compare against Invincea FreeSpace.
Threat Modeling And Analysis
This presentation is part of one of talk, I gave in Microsoft .NET Bootcamp. The contents are slightly edited to share the information in public domain. In this presentation, I covered the significance and all related theory of Threat modeling and analysis.This presentation will be useful for software architects/Managers,developers and QAs. Do share your feedback in comments.
Use of the enhanced structural model for attack analysis and education
Ensuring cyber security is a dynamic, demanding, and complex task. Due to the pace of development in this area, cyber security experts are forced to engage in constant education, having access to test environments and develop both offensive and defensive cyber techniques.
The purpose of this presentation was to present both the possibilities of the attack modeling and ESM model for the analysis of past incidents. The model is suitable for presenting the knowledge in the form of analytical presentation of the attacks as well as for performing laboratory work and examination of students.
More Related Content
What's hot
Using IOCs to Design and Control Threat Activities During a Red Team Engagement
The term Red Team or Red Teaming has become more prevalent in the security industry. Both commercial and government organizations conduct "Red Team Exercises". What does this mean? What is a Red Team engagement? How is it different that other security tests? Isn't current penetration and vulnerability security testing enough?
Red Teaming share many of the fundamentals of other security testing types, yet focuses on specific scenarios and goals that are used to evaluate and measure an organization's overall security defense posture.
Organizations spend a great deal of time and money on the security of their systems. Red Teams have a unique goal of testing an organization's ability to detect, respond to, and recover from an attack. When properly conducted, Red Team activities can significantly contribute to the improvement an organization's security controls, help hone defensive capabilities, and measure the effectiveness of security operations.
This presentation introduces the Red Teaming concept of IOC management, how a Red Team operator can use specific IOCs to blend in to a target, and how to design specific scenarios to test a Blue Team's defensive posture.
Strata 2015 Presentation -- Detecting Lateral Movement
This document discusses challenges in detecting lateral movement attacks and proposes a solution using machine learning models. It summarizes:
1) Independent alert streams from security tools create a triage burden and do not capture complex attacks.
2) A combined model is built to detect compromised accounts/machines from Windows event logs, assessing login probability, credential elevation, and other signals.
3) The combined model ranks sessions using gradient descent learning to rank. Testing with penetration testers showed the top-ranked sessions had a 96% precision.
Threat hunting and achieving security maturity
The document discusses threat hunting techniques and achieving maturity in threat hunting programs. It introduces threat hunting and defines it as proactively searching networks to detect advanced threats. It then covers threat hunting maturity models ranging from initial to leading levels. Common threat hunting techniques like searching, clustering, grouping and stack counting are explained. The threat hunting loop process of creating hypotheses, investigating, uncovering patterns and informing analytics is also outlined. Finally, two practical threat hunting case studies on potential command and control activity and suspicious emails are described.
Cyber Threat Hunting: Identify and Hunt Down Intruders
View webinar: "Cyber Threat Hunting: Identify and Hunt Down Intruders": https://www2.infosecinstitute.com/l/12882/2018-11-29/b9gwfd
View companion webinar:
"Red Team Operations: Attack and Think Like a Criminal": https://www2.infosecinstitute.com/l/12882/2018-11-29/b9gw5q
Are you red team, blue team — or both? Get an inside look at the offensive and defensive sides of information security in our webinar series.
Senior Security Researcher and InfoSec Instructor Jeremy Martin discusses what it takes to be modern-day threat hunter during our webinar, Cyber Threat Hunting: Identify and Hunt Down Intruders.
The webinar covers:
- The job duties of a Cyber Threat Hunting professional
- Frameworks and strategies for Cyber Threat Hunting
- How to get started and progress your defensive security career
- And questions from live viewers!
Learn about InfoSec Institute's Cyber Threat Hunting couse here: https://www.infosecinstitute.com/courses/cyber-threat-hunting/
Threat hunting 101 by Sandeep Singh
Getting Started with Threat Hunting (Threat Hunting 101) by Sandeep Singh at the combined null Delhi and OWASP Delhi December meet up
Building a Successful Threat Hunting Program
Understanding the key components necessary to build a successful threat hunting program starts with visibility, the appropriate tools and automation. Skilled, experienced analysts, engineers and incident responders with analytical minds who can apply concepts and approaches to a variety of different toolsets are also instrumental to the process. In this presentation, We'll describe and discuss some of the most common challenges, recommended best practices, and focus areas for achieving an effective threat hunting capability based on lessons learned over the past 15 years.
Enabling effective hunt teaming and incident response
This document provides an overview of enabling effective hunt teaming and incident response with limited resources. It defines hunt teaming as proactively assuming compromise, finding compromised hosts, determining how they were compromised through forensics, and implementing preventative and detective controls. Incident response is defined as reactively noticing an incident, stopping any active threats, and learning from the incident to implement improved controls. The document discusses how most attacks actually occur based on data from breaches, and provides examples of low-cost tools and techniques that can be used for persistence and program execution tracking, centralized logging, and data exfiltration detection.
SEC 572 Entire Course NEW
This document provides guidance for a lab assignment on designing a secure wireless network. It outlines the required sections for the lab document, including requirements and policies for the wireless network, an overview of the proposed secure wireless solution, and an illustration of the network design. Students are instructed to select hardware and software to support the security policies and user requirements defined in an earlier lab. The goal is to gain experience designing wireless networks to meet typical requirements and industry standards.
Transforming Adversary Emulation Into a Data Analysis Question
From MITRE ATT&CKcon Power Hour October 2020
By Matan Hart, Co-Founder & CEO Cymptom @machosec
Adversary emulation is commonly used to validate security controls and is considered one of the most popular use-cases for the ATT&CK framework. However, emulating adversary TTPs on production environments is often very limited in testing scope and frequency, and such practice may cause unwanted business disruption. In this talk from the MITRE ATT&CKcon Power Hour session on October 9, 2020, Hart presents a different approach to testing controls against ATT&CK. He demonstrates how it is possible to provide data-based methods to evaluate the exploitability of ATT&CK techniques by gathering information from the network, endpoint, and services; this unique approach does not emulate any sort of malicious action, thus reducing the potential of causing business disruption to the minimum. Hart also outlines a new open-source guideline based on ATT&CK mitigations, that security teams can use to assess their security posture non-intrusively and at scale.
Security of Machine Learning
I will first introduce adversarial machine learning, emerging research direction dealing with security aspects of machine learning. Then, I will explain poisoning and evasion attacks, followed by the description of transferability phenomena. Finally, I will talk about the proposed defenses against such types of attacks and their effectiveness.
What is Threat Hunting? - Panda Security
Threat hunting is a proactive approach to security that involves actively searching networks for threats that evade traditional defenses like firewalls and antivirus. It involves forming hypotheses about potential attacks based on indicators and then validating those hypotheses by searching for related evidence. While threat hunting requires time, skills, and resources that many organizations lack, Panda Security's Threat Hunting and Investigation Service (THIS) provides threat hunting as a managed service at no extra cost with their Adaptive Defense 360 platform. THIS continuously monitors endpoints, forms hypotheses about attacks, and validates findings to detect threats that other solutions may miss.
MITRE ATT&CKcon 2018: Decision Analysis Applications in Threat Analysis Frame...
In the modern age, all organizations face threats from various types of cyber attacks. Although great strides have been made to consider human factors in cybersecurity and to become more proactive in threat analysis, security is still generally a reactive, technical field. The research presented in this talk seeks to develop a framework which adapts the existing MITRE ATT&CK framework to look at attacks in a less linear, more human-centered framework that focuses on the capabilities and decisions of the threat actor.
The framework approaches threat analysis from a binary assessment of success vs. failure in order to see the entire attack and consider the potential for a number of methods and attempts made in a single attack. A detailed methodology and sample charts are included for a reference and a starting point in developing one’s own personalized charts, and recommendations are made for ways to integrate this methodology into the risk management process.
MITRE ATTACKcon Power Hour - October
Red Canary's lessons learned from remapping their detection analytics to the MITRE ATT&CK framework include figuring out where analytics are currently mapped, letting code do the work of remapping, reviewing mappings for consistency, finding and fixing legacy mapping issues, and considering conditional mapping approaches. The speaker also emphasizes giving back to the ATT&CK community and having fun with the remapping process.
Threat hunting - Every day is hunting season
Breakout Presentation by Ben Boyd during the 2018 Nebraska Cybersecurity Conference.
Introduction to Threat Hunting and helpful steps for building a Threat Hunting Program of any size, from small to massive.
ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
From MITRE ATT&CKcon Power Hour January 2021
By Valentine Mairet, Security Researcher, McAfee
The MITRE ATT&CK framework is the industry standard to dissect cyberattacks into used techniques. At McAfee, all attack information is disseminated into different categories, including ATT&CK techniques. What results from this exercise is an extensive repository of techniques used in cyberattacks that goes back many years. Much can be learned from looking at historical attack data, but how can we piece all this information together to identify new relationships between threats and attacks? In her recent efforts, Valentine has embraced analyzing ATT&CK data in graphical representations. One lesson learned is that it is not just about merely mapping out attacks and techniques used into graphs, but the strength lies in applying different algorithms to answer specific questions. In this presentation, Valentine will showcase the results and techniques obtained from her research journey using graph and graph algorithms.
Resistance Isn't Futile: A Practical Approach to Threat Modeling
There are hundreds (if not thousands) of adversary groups out there, and it’s understandable if defenders sometimes feel like resistance is futile. Good news: you don’t have to defend against all of them! Even better news: there’s a simple way you can prioritize what adversaries you focus on and how you defend against them–threat modeling. This presentation will present a simple, practical threat modeling approach that any analyst or defender can use to get started figuring out what threats matter to their organization.
The presentation will start by acknowledging the many approaches to threat modeling that others have created, and then discuss why there’s confusion around it. The presentation will then explain four simple steps and practical actions that anyone can take to get started with threat modeling: know your organization, know your adversaries, match those up, and take action. The audience will leave with an understanding of how threat modeling can help any team prioritize what threats they care about and use that to improve their organization’s defenses.
Threat Hunting Report
The Information Security Community on LinkedIn, with the support of Cybereason, conducted a comprehensive online research project to gain
more insight into the state of threat hunting in security
operation centers (SOCs). When the 330 cybersecurity and IT professionals were asked what keeps them up at night, many comments revolved around a central theme of undetected threats slipping through an organization’s defenses. Many
responses included “unknown” and “advanced” when
describing threats, indicating the respondents understand
the challenges and fear those emerging threats.
Read the full report here.
SOC2016 - The Investigation Labyrinth
The document summarizes a presentation by Chris Sanders on analyzing the investigation process in digital forensics and incident response. Some key points:
1. Sanders argues that the field of digital security is undergoing a "cognitive revolution" to develop more structured and repeatable investigation methods.
2. He proposes using a scenario-based approach and investigation simulator to study how analysts navigate cases and make decisions. This could help identify ways to increase accuracy and speed.
3. Case studies analyzing novice and expert analysts found that novices rely more on intuition while experts employ more reflection and metacognition when investigating cases.
Invincea fake british airways ticket spear-phish malware 03-21-2014
Invincea detects and blocks a Zeus malware spear-phish disguised as a British Airways fake ticket receipt. Information security and endpoint protection benefits from Invincea.
Tech ThrowDown:
Invincea FreeSpace vs EMET 5.0
In this webinar, we will take a deep dive look at the protection capabilities offered by Microsoft EMET as an effective means of stopping exploits against the most commonly attacked endpoint applications today and compare against Invincea FreeSpace.
What's hot (20)
Using IOCs to Design and Control Threat Activities During a Red Team Engagement
Using IOCs to Design and Control Threat Activities During a Red Team Engagement
Strata 2015 Presentation -- Detecting Lateral Movement
Strata 2015 Presentation -- Detecting Lateral Movement
Cyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down Intruders
Enabling effective hunt teaming and incident response
Enabling effective hunt teaming and incident response
Transforming Adversary Emulation Into a Data Analysis Question
Transforming Adversary Emulation Into a Data Analysis Question
MITRE ATT&CKcon 2018: Decision Analysis Applications in Threat Analysis Frame...
MITRE ATT&CKcon 2018: Decision Analysis Applications in Threat Analysis Frame...
ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
Resistance Isn't Futile: A Practical Approach to Threat Modeling
Resistance Isn't Futile: A Practical Approach to Threat Modeling
Invincea fake british airways ticket spear-phish malware 03-21-2014
Invincea fake british airways ticket spear-phish malware 03-21-2014
Similar to Planning and Integrating Deception into Computer Security Defenses
Threat Modeling And Analysis
This presentation is part of one of talk, I gave in Microsoft .NET Bootcamp. The contents are slightly edited to share the information in public domain. In this presentation, I covered the significance and all related theory of Threat modeling and analysis.This presentation will be useful for software architects/Managers,developers and QAs. Do share your feedback in comments.
Use of the enhanced structural model for attack analysis and education
Ensuring cyber security is a dynamic, demanding, and complex task. Due to the pace of development in this area, cyber security experts are forced to engage in constant education, having access to test environments and develop both offensive and defensive cyber techniques.
The purpose of this presentation was to present both the possibilities of the attack modeling and ESM model for the analysis of past incidents. The model is suitable for presenting the knowledge in the form of analytical presentation of the attacks as well as for performing laboratory work and examination of students.
Threat Modeling in the Cloud
Threat modeling is a key part of securing your cloud computing environment and is unique to each organization's people, practices and processes. Without a threat model you could end up going on wild goose chases and miss the forest for the trees. This talk will introduce the concept of threat modeling including how to get started, guiding questions and recap findings from the Argo Project Threat Model from 2021. Learn how and why to start threat modeling today!
csce201 - software - sec Basic Security.ppt
This document discusses best practices for secure software development. It outlines three pillars of software security: risk management, software security touchpoints throughout the development lifecycle, and building knowledge. It describes how to incorporate security through activities like risk analysis, code reviews, testing, and addressing abuse cases. The goal is to develop software that can withstand malicious attacks by anticipating vulnerabilities and non-normative behavior.
[DSC Europe 23] Aleksandar Tomcic - Adversarial Attacks
Adversarial attacks are techniques used in the filed of Machine Learning in intentions to cheat the models through bad entries. These attacks are used form various reasons, and one of the most common is an attack or causing a "breakdown" in standard models of Deep Neural Networks. Solution for these attacks have not yet been found and there are more and more works that are being done on this topic in the hope that a solution will be found, because DNN are relatively easy to fool.
6 Most Popular Threat Modeling Methodologies
Threat modeling is one of the most effective preventive security measures, empowering cybersec professionals to put a robust cybersecurity strategy in place. So, let’s learn more about threat modeling in this SlideShare.
If you are keen to learn effective threat modeling after going through the SlideShare, click here: https://www.eccouncil.org/programs/threat-intelligence-training/
Toward Effective Evaluation of Cyber Defense Threat Based Adversary Emulation...
Toward Effective Evaluation of Cyber Defense Threat Based Adversary Emulation Approach.
Shakas Technologies ( Galaxy of Knowledge)
#11/A 2nd East Main Road,
Gandhi Nagar,
Vellore - 632006.
Mobile : +91-9500218218 / 8220150373| land line- 0416- 3552723
Shakas Training & Development | Shakas Sales & Services | Shakas Educational Trust|IEEE projects | Research & Development | Journal Publication |
Email : info@shakastech.com | shakastech@gmail.com |
website: www.shakastech.com
Facebook: https://www.facebook.com/pages/Shakas-Technologies
Practical Threat Modeling - WorldParty 2k23 HackMadrid.pdf
Threat Modeling es el proceso sistemático de identificación, análisis y documentación de riesgos y amenazas sobre un sistema. En esta charla explicaremos cuáles son sus beneficios y cómo aplicarlo tanto en el desarrollo de aplicaciones como en el diseño de sistemas. La sesión es introductoria y abierta a diferentes perfiles.
Introduction to Computer Security
The document provides an introduction to computer security including:
- The basic components of security such as confidentiality, integrity, and availability.
- Common security threats like snooping, modification, and denial of service attacks.
- Issues with security including operational challenges and human factors.
- An overview of security policies, access control models, and security models like Bell-LaPadula and Biba.
Using an Open Source Threat Model for Prioritized Defense
The document discusses using an open source threat model for prioritized defense. It proposes creating a common taxonomy of threats to information systems that defines categories, a hierarchy, and specific threats. This would provide organizations a common language and understanding of threats to help them determine appropriate defenses. The taxonomy would be based on research from industry reports and categorize high-level threats as physical, resource, personnel, or technical, with subcategories defined. The goal is a practical taxonomy maintained by a committee that organizations can reference to identify relevant threats and prioritize controls without having to define threats themselves.
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Practice makes perfect. And unfortunately for security professionals, attackers have realized that persistence is a powerful approach to breaching an organization's defenses.
Focusing on prevention alone is no longer a sufficient strategy for securing your organization against the business risks of a breach. Our current security environment demands an approach less centered on ideal prevention and more focused on reality. During this webcast, we discussed key strategies that limit your risk and exposure to unrelenting threats.
Some highlighted topics include:
- How the shift in attacker motivations has impacted today's threat landscape
- Why preventative techniques alone can no longer ensure a secure environment
- Which strategies need to be considered for a holistic approach to security
- What next steps you can take towards identifying your best strategy against attacks
6 Most Common Threat Modeling Misconceptions
There are some very common misconceptions that can cause firms to lose their grip around the threat modeling process. This presentation shines a bright light onto the essentials and helps to get your bearings straight with all things related to threat modeling.
Big Game Theory Hunting: The Peculiarities of Human Behavior in the InfoSec Game
HD: swagitda.com/speaking/us-17-Shortridge-Big-Game-Theory-Hunting.pdf
We all groan when we hear it's "time for some game theory," but traditional game theory – modelling conflict and cooperation between rational decision-makers – still pervades how we think of defensive strategy as an industry. This primitive analysis is a disservice to defenders, who are facing humans (and who are, in fact, humans themselves), but are modelling their own actions and opponent's actions based on the assumption of machine-like behavior.
In this session, I will examine traditional game theory and propose why behavioral game theory should take its place in the philosophy of defense. Next, I'll review the first principles of game theory, through the lens of behavioral game theory, which empirically measures how humans actually behave in games, rather than assumes they will behave coldly rational.
I'll explain the "rules" of the information security game and how traditional game theory is poorly suited to those conditions, along with the various behavioral models and why they are a superior fit. I'll then explore the two primarily methods that play into how humans make decisions in games – "thinking" and "learning" and what empirical data from behavioral game theory studies suggests on how to improve thinking and learning, extrapolating to applications for infosec defenders.
Finally, I'll present new insights from my own research, examining how defenders and attackers play the infosec game specifically, and bridging from theory to practice, to see how the lessons from behavioral game theory can be tangibly incorporated into defenders' strategic decision making processes. I'll conclude the session by outlining the practical steps for improving threat modelling, countering offensive moves, and deciding which products to use, so that defenders can start gaining the high ground in the infosec game.
Appsec2013 assurance tagging-robert martin
The document discusses engineering software systems to be more secure against attacks. It notes that reducing a system's attack surface alone is not enough, as software and networks are too complex and it is impossible to know all vulnerabilities. It then discusses characteristics of advanced persistent threats, including that the initial attack may go unnoticed and adversaries cannot be fully kept out. Finally, it argues that taking a threat-driven perspective beyond just operational defense can help balance mitigation with detection and response.
Assess risks to IT security.pptx
Cyber security involves implementing layers of security and protection against digital attacks across computers, devices, systems, and networks. Organizations use frameworks to detect and identify threats, protect assets, and recover from attacks. There are various types of cyber security threats including cybercrime, cyberterrorism, and cyberattacks. Performing risk assessments is important to understand potential security risks and impacts. Assessments involve identifying risks, analyzing likelihood and impacts, developing controls, documenting processes, and ongoing monitoring. Common security risks include viruses/malware, phishing, ransomware, and denial of service attacks. Organizations should use various security testing methods like audits, penetration testing, and vulnerability scanning to regularly evaluate security weaknesses.
Blackbox Testing in AI Cybersecurity
Black-box security testing refers to testing an application's security from the outside without knowledge of its internal workings, similar to how an attacker would approach it. Testers use various tools to detect potential vulnerabilities and attack surfaces so they can carefully plan and execute attacks to identify security issues. Some benefits of black-box testing include simulating actual attacks to find unexpected results, extensively checking for common vulnerabilities, and providing detailed remediation to quickly fix flaws.
Threat Modeling to Reduce Software Security Risk
Learn about threat modeling from our CTO and co-creator of the DREAD threat modeling classification, Jason Taylor. Understand more about what threat modeling is, dive into real life examples, and use techniques you can leverage at every phase of the SDLC.
Adversarial ML - Part 1.pdf
This document discusses adversarial machine learning and data poisoning attacks. It notes that machine learning systems can be compromised through evasion and poisoning attacks. Poisoning attacks aim to degrade the performance of a machine learning system by compromising the training data. Optimal poisoning attacks can be modeled as bi-level optimization problems and efficiently computed using back-gradient optimization, allowing poisoning points to be generated at scale. Poisoning attacks may be transferable across different machine learning algorithms. The document explores different types of poisoning attacks and defenses like anomaly detection and label sanitization, noting that defenses must account for detectability constraints to defend against more sophisticated attacks.
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
As you've likely heard, Meltdown and Spectre are vulnerabilities that exist in Intel CPUs built since 1995. Hackers can exploit Meltdown and Spectre to get hold of information stored in the memory of other running programs. This might include passwords stored in a password manager or browser, photos, emails, instant messages and even business-critical documents.
Join us for a technical webcast to learn more about these threats, and how the security controls in AlienVault Unified Security Management (USM) can help you mitigate these threats.
You'll learn:
What the AlienVault Labs security research team has learned about these threats
How to scan your environment (cloud and on-premises) for the vulnerability with AlienVault USM Anywhere
How built-in intrusion detection capabilities of USM Anywhere can detect exploits of these vulnerabilities
How the incident response capabilities in USM Anywhere can help you mitigate attacks
Watch the On-Demand Webcast here: https://www.alienvault.com/resource-center/webcasts/meltdown-and-spectre-how-to-detect-the-vulnerabilities-and-exploits?utm_medium=Social&utm_source=SlideShare&utm_content=meltdown-spectre-webcast
Hosted By
Sacha Dawes
Principal Product Marketing Manager
Sacha joined AlienVault in Feb 2017, where he is responsible for the technical marketing of the AlienVault Unified Security Management (USM) family of solutions. He brings multiple years of experience from product management, product marketing and business management roles at Microsoft, NetIQ, Gemalto and Schlumberger where he has delivered both SaaS-delivered and boxed-product solutions that address the IT security, identity and management space. Originally from the UK, Sacha is based in Austin, TX.
The security mindset securing social media integrations and social learning...
This document discusses security mindset and practices around social learning and the Blackboard Cloud. It defines security mindset as evaluating systems from an attacker's perspective to identify vulnerabilities and implement appropriate countermeasures. The document outlines security assessments including threat modeling, which identifies assets, actors, and threats. It provides examples of threat modeling APIs, social media, and cloud integration. It also explains enabling the Blackboard Cloud in stages and the data usage transparency of social media integrations.
Similar to Planning and Integrating Deception into Computer Security Defenses (20)
Use of the enhanced structural model for attack analysis and education
Use of the enhanced structural model for attack analysis and education
[DSC Europe 23] Aleksandar Tomcic - Adversarial Attacks
[DSC Europe 23] Aleksandar Tomcic - Adversarial Attacks
Toward Effective Evaluation of Cyber Defense Threat Based Adversary Emulation...
Toward Effective Evaluation of Cyber Defense Threat Based Adversary Emulation...
Practical Threat Modeling - WorldParty 2k23 HackMadrid.pdf
Practical Threat Modeling - WorldParty 2k23 HackMadrid.pdf
Using an Open Source Threat Model for Prioritized Defense
Using an Open Source Threat Model for Prioritized Defense
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Big Game Theory Hunting: The Peculiarities of Human Behavior in the InfoSec Game
Big Game Theory Hunting: The Peculiarities of Human Behavior in the InfoSec Game
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
The security mindset securing social media integrations and social learning...
The security mindset securing social media integrations and social learning...
Recently uploaded
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
A tale of scale & speed: How the US Navy is enabling software delivery from l...
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Essentials of Automations: The Art of Triggers and Actions in FME
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Microsoft - Power Platform_G.Aspiotis.pdf
Revolutionizing Application Development
with AI-powered low-code, presentation by George Aspiotis, Sr. Partner Development Manager, Microsoft
Video Streaming: Then, Now, and in the Future
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentationsGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
National Security Agency - NSA mobile device best practices
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...Edge AI and Vision Alliance
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
TrustArc Webinar - 2024 Global Privacy Survey
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
20 Comprehensive Checklist of Designing and Developing a Website
Dive into the world of Website Designing and Developing with Pixlogix! Looking to create a stunning online presence? Look no further! Our comprehensive checklist covers everything you need to know to craft a website that stands out. From user-friendly design to seamless functionality, we've got you covered. Don't miss out on this invaluable resource! Check out our checklist now at Pixlogix and start your journey towards a captivating online presence today.
Presentation of the OECD Artificial Intelligence Review of Germany
Consult the full report at https://www.oecd.org/digital/oecd-artificial-intelligence-review-of-germany-609808d6-en.htm
How to Get CNIC Information System with Paksim Ga.pptx
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Recently uploaded (20)
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
Planning and Integrating Deception into Computer Security Defenses
- 1. Planning and Integrating Deception into Computer Security Defenses ! NSPW’14 Mohammed Almeshekah malmeshe@purdue.edu Eugene Spafford spaf@purdue.edu
- 2. Deception to Improve Security • Used as ad-hoc attempt: • Deception has been mainly used as “trapping” or “deterrence” tools. • Traditional security (-) and deception (+) work in tandem. • Three unique advantages: 1.Increase entropy of leakage. 2.Gain information about adversaries. 3.Gives defenders an edge in OODA.
- 3. Why are you using this deceptive method? Deception Model (1) Strategic Goal
- 4. What effect(s) do you want to see on the attacker? Deception Model (2) Desired Reaction(s)
- 5. What are the plausible responses to the attack and which ones should you use? Deception Model (3) Exploit Attacker’s Biases
- 6. Make your system lie Deception Model (4) Apply Deception
- 7. Deception Model (4) Apply Deception
- 8. Define Success and Failure Deception Model (5) Deception Feedback Channels
- 9. Assess the new risks introduced by deception Deception Model (6) Risk Assessment
- 10. Deceptive components should be part of the real system Deception Model (7) Implementation and Integration
- 11. Continuous monitoring and dynamic adjustment based on the attacker’s response Deception Model (8) Monitoring and Dynamic Adjusting
- 12. Continuous monitoring and dynamic adjustment based on the attacker’s response Deception Model (8) Monitoring and Dynamic Adjusting
- 13. Continuous monitoring and dynamic adjustment based on the attacker’s response Deception Model (8) Monitoring and Dynamic Adjusting