Dans le cadre de la 8ème edition des Cyber Security Days 2018, organisée par l'agence nationale de la sécurité informatique, notre partenaire Kaspersky North Africa a présenté son module "Kaspersky Threat intelligence".
The document provides a detailed technical analysis of the Duqu 2.0 malware. It describes how the malware initially infects systems through spear-phishing emails containing exploits. It then uses lateral movement techniques like pass-the-hash and Windows Installer packages to spread within networks. The packages contain encrypted payloads that load additional modules when decrypted to perform functions like information harvesting. Analysis found the malware targeting systems related to nuclear negotiations with Iran and the liberation of Auschwitz.
Ce talk est une introduction au Secure Coding pour Java. Il s'efforcera de présenter via différents exemples les bonnes pratiques permettant de développer de manière pragmatique une application java sécurisée. Nous aborderons aussi bien des pratiques fonctionnelles que des morceaux de codes java à erreurs et leur correctifs.
Here we report the current state of the ICS threat landscape, as presented at the IT&Automation 2018 conference in Böblingen.
To learn more about Kaspersky Lab's ICS CERT, visit https://kas.pr/e34v
We at Kaspersky Lab believe that the online world should be free from attacks and state-sponsored espionage. And we've been standing by this belief for over 20 years, catching all kinds of cyberthreats, regardless of their origin.
Learn more about our principles of fighting cyberthreats and transparency from this brochure or on our web-site: https://www.kaspersky.com/about/transparency
Артем Зиненко. Vulnerability Assessment в ICS на основе информации из публичн...Kaspersky
Vulnerability assessments are important to thoroughly analyze advisories from vendors as many have incomplete details, incorrect exploitation conditions, or require deeper research. The presentation provides examples of vulnerabilities from GE Grid Solutions, Schneider Electric, Cisco, Rockwell Automation and Bosch where the initial CVSS scores and details were updated after further analysis. It also outlines Kaspersky's vulnerability assessment process of monitoring, research, and analysis to help improve ICS security.
Want to detect threats in your organization? Stop reading every feed and curate your threat intel and content so they actually work for your security architecture. By managing meaningful threat intelligence so the external intel maps to internal threat models and curating your content sensibly, you can create a high-functioning SOC that both detects and defends against cyberattacks.
(Source: RSA Conference USA 2018)
Security is overdue for actionable forecasts. Like predicting the weather, similar models should work for vulnerabilities. With some open source data and a clever machine learning model, Kenna Securities can predict which vulnerabilities attackers are likely to write exploits for. Their model has 90 percent accuracy, one the day a vulnerability is released. The speaker will issue some forecasts live.
(Source: RSA Conference USA 2018)
Dave Hogue provided one of the first in-depth perspectives from a “Day in the Life” of NSA’s Cybersecurity Threat Operations Center (NCTOC)—the mission, threat landscape, and offer best principles for CISOs and other network defenders. Mr. Hogue equipped the audience with actionable insights that they can implement into their daily operations.
(Source: RSA Conference USA 2018)
The document provides a detailed technical analysis of the Duqu 2.0 malware. It describes how the malware initially infects systems through spear-phishing emails containing exploits. It then uses lateral movement techniques like pass-the-hash and Windows Installer packages to spread within networks. The packages contain encrypted payloads that load additional modules when decrypted to perform functions like information harvesting. Analysis found the malware targeting systems related to nuclear negotiations with Iran and the liberation of Auschwitz.
Ce talk est une introduction au Secure Coding pour Java. Il s'efforcera de présenter via différents exemples les bonnes pratiques permettant de développer de manière pragmatique une application java sécurisée. Nous aborderons aussi bien des pratiques fonctionnelles que des morceaux de codes java à erreurs et leur correctifs.
Here we report the current state of the ICS threat landscape, as presented at the IT&Automation 2018 conference in Böblingen.
To learn more about Kaspersky Lab's ICS CERT, visit https://kas.pr/e34v
We at Kaspersky Lab believe that the online world should be free from attacks and state-sponsored espionage. And we've been standing by this belief for over 20 years, catching all kinds of cyberthreats, regardless of their origin.
Learn more about our principles of fighting cyberthreats and transparency from this brochure or on our web-site: https://www.kaspersky.com/about/transparency
Артем Зиненко. Vulnerability Assessment в ICS на основе информации из публичн...Kaspersky
Vulnerability assessments are important to thoroughly analyze advisories from vendors as many have incomplete details, incorrect exploitation conditions, or require deeper research. The presentation provides examples of vulnerabilities from GE Grid Solutions, Schneider Electric, Cisco, Rockwell Automation and Bosch where the initial CVSS scores and details were updated after further analysis. It also outlines Kaspersky's vulnerability assessment process of monitoring, research, and analysis to help improve ICS security.
Want to detect threats in your organization? Stop reading every feed and curate your threat intel and content so they actually work for your security architecture. By managing meaningful threat intelligence so the external intel maps to internal threat models and curating your content sensibly, you can create a high-functioning SOC that both detects and defends against cyberattacks.
(Source: RSA Conference USA 2018)
Security is overdue for actionable forecasts. Like predicting the weather, similar models should work for vulnerabilities. With some open source data and a clever machine learning model, Kenna Securities can predict which vulnerabilities attackers are likely to write exploits for. Their model has 90 percent accuracy, one the day a vulnerability is released. The speaker will issue some forecasts live.
(Source: RSA Conference USA 2018)
Dave Hogue provided one of the first in-depth perspectives from a “Day in the Life” of NSA’s Cybersecurity Threat Operations Center (NCTOC)—the mission, threat landscape, and offer best principles for CISOs and other network defenders. Mr. Hogue equipped the audience with actionable insights that they can implement into their daily operations.
(Source: RSA Conference USA 2018)
CONFidence2015: Real World Threat Hunting - Martin NystromPROIDEA
Real World Threat Hunting
Security threats have grown from network annoyances to attacks on sensitive infrastructure; penetrating network perimeters, moving laterally within networks, breaching new device types, and cloaking movements. This presentation will share techniques utilized by Cisco to detect and investigate sophisticated, embedded threats.
The speaker, who has conducted monitoring and investigations on customer networks, will review recent real attacks observed on customer networks, from discovery to remediation, and provide lessons learned. These interactive case examples will highlight how to identify these threats using security intelligence, expert staff, and the Cisco OpenSOC platform.
Examples of attacks and illustrations:
* Sophisticated phishing attacks targeted at customer environments.
* Breaches and data exfiltration resulting from the high-profile HeartBleed and Shellshock vulnerabilities.
* Sophisticated malware targeting financial institutions with the goal of data theft.
* Use of full packet capture to identify data exfiltration.
Detecting ICS Attacks Using Recurrent Neural NetworksKaspersky
Cyber attacks aiming at critical infrastructure and automated industrial production plants can be the most disastrous in terms of consequences. But, luckily for us, the digital footprint of any physical system is governed by the laws of physics, and a neural network can learn the normal behaviour of the cyberphysical system and detect the anomalies faster that safety sensors normally do - saving time and costs.
Andrey Lavrentyev, Head of Technology Research Department, Kaspersky Lab, talked at S4x18 Conference in San Francisco about successful implementation of a recurrent neural network to a Tennessee Eastman Process.
To lean more, please visit our blog: https://www.kaspersky.com/blog/ml-for-ad?utm_source=smm_ss&utm_medium=ww_ss_o_240118
Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors Dragos, Inc.
The document discusses different methodologies for detecting cybersecurity threats: indicators of compromise (IOCs), anomalies, and behaviors. IOCs focus on known malicious artifacts but lack context and are backward-looking. Anomaly detection aims to find new threats but often generates false alerts and requires extensive tuning. Behavioral analysis correlates events across multiple systems to detect adversary techniques, but requires extensive visibility that may be difficult to achieve. The document evaluates these approaches using examples of Russian threat group APT29's activity and common credential theft attacks. It concludes that organizations should pragmatically combine approaches based on their needs and capabilities rather than rely on any single methodology.
Is your SOC overwhelmed with alerts and threats? Cyber-adversaries are wielding tools and machine power, while organizations are still trying to scale their cybersecurity with OpEx and poorly planned CapEx spending. In this session, you will learn from a SOC expert about mistakes that have been made in the past, what we can do about it right now and what is in store as we move towards SOC 2030.
(Source: RSA Conference USA 2018)
This document introduces Kaspersky Endpoint Security for Business, a single security platform from Kaspersky Lab that provides anti-malware, mobile security, data encryption, endpoint control tools, and systems management. It can manage protections across physical, virtual, and mobile devices through Kaspersky Security Center. Key features include advanced anti-malware, mobile device management, encryption, application control, and patch management. The suite is available in different tiers and is powered by Kaspersky's global security network to improve performance.
Vodafone is one of the world’s largest telecommunications companies, enabling connectivity by providing mobile, fixed and IoT networks to customers around the world. Vodafone is redefining the boundary of the SOC and sees the balance between prevention, detection and response for both Vodafone’s organization and customers as vital. This session will describe the journey from reactive SOC to proactive cyber-defense.
(Source: RSA Conference USA 2018)
Tools Of The Hardware Hacking Trade FinalPriyanka Aash
This document provides an overview of various tools that can be used for hardware hacking and analysis. It discusses tools for tasks like information gathering, device teardown, interface monitoring and analysis, and firmware extraction. Specific tools covered include oscilloscopes, logic analyzers, protocol analyzers, the Bus Pirate, USB-to-serial adapters, software defined radios, soldering equipment, device programmers, debug tools, and imaging equipment like x-rays and electron microscopes. Examples are given of how several of these tools have been used in past hardware analyses and attacks. The document concludes by encouraging the reader to set up a hardware hacking lab and collaborate with others to stay up-to-date on new tools and techniques.
1) Russia poses a serious threat landscape, targeting governments, financial organizations, telecommunications, utilities, and transport sectors, as well as citizens.
2) An investigation of a cryptocurrency bank found 1000 workstations and 200 servers infected over 2 weeks, with backups also hacked using unique encryption keys on each device and PowerShell scripts.
3) Threat tactics seen include wipers, cryptors like Black Energy and HDDCryptor, as well as Shamoon 2 and WannaCry exploiting the EternalBlue vulnerability and using techniques like full disk encryption, malware-less attacks, and "tailored" encryption.
Dragos Adversary Hunter Jimmy Wylie presents "TRSIS in Perspective" at the 13th annual API conference in Houston, TX. This presentation analyzes the 2017 TRISIS event at an unspecified gas facility in Saudi Arabia--the first deliberate targeting of SIS that could have resulted in potential loss of life. This presentation also examines post-TRISIS, as Dragos has observed that XENOTIME, the adversary group responsible for TRSIS, has expanded its targeting to North America and other safety systems.
Visit www.dragos.com to learn more.
Attacks on Critical Infrastructure: Insights from the “Big Board”Priyanka Aash
Targeted attacks on critical infrastructure continue to increase in number and severity. We’ll present the latest data on these attacks: What is their goal? What are the attacker strategies? How are attacks supported by the darknet? We’ll discuss banking threats discovered at the “Big Board” at the RSA Anti-Fraud Control Center and Smart Grid threat detection in the EU SPARKS project.
(Source: RSA USA 2016-San Francisco)
Venkatesan Pillai presented on protecting cloud computing environments from DDoS attacks using Complex Event Processing (CEP). He discussed existing DDoS detection and prevention systems and their limitations. The proposed system would use CEP to analyze traffic parameters from cloud datasets to classify attacks and alert on sources to block. It would be implemented using OpenStack cloud, Esper CEP engine, and machine learning algorithms. Metrics like CPU usage, bandwidth, and response time would evaluate performance.
We’ve got more assets in the cloud than ever. Unfortunately, we also have less visibility and control in these environments, as well. Implementing detection and response controls that leverage cloud provider tools and controls, as well as automation strategies and processes, is critical for effective incident detection and response in hybrid cloud environments. This session will get you started!
(Source: RSA Conference USA 2018)
In the recent years, the traditional application monolith has broken down into a hefty chunk of micro-services thereby increasing the attack surface. We will look at how this increases the entry points into the complex modern day application ecosystem. The modern security tester needs various skills to pen-test such apps including the understanding of containers to successfully break or defend such applications.
When we tie this with the fast paced devOps life cycles for applications and explore the challenges when scaling security for such applications across the organization.
Hence, this webinar discusses traditional and relatively newer methods of Pen-testing web applications. Thereby illustrating how the changing business requirements and Agile life cycles for applications affect Security testing for modern applications.
Key Takeaways:
- what do the traditional Pen testing/Security testing Techniques entail?
- How is the landscape for Applications changing and how it affects security testing?
- What are the key essentials for testing modern applications?
- what can be done to scaling Security Assessments(Testing) for Modern & Agile life cycles?
This document discusses the benefits and potential issues of implementing a multi-gigabit Ethernet network, or "multi-lane", at electrical substations. It notes that a multi-lane can reduce the cost of secondary equipment by 30% compared to traditional networks. While it increases demands on staff competency, it also simplifies work by segmenting the physical network into virtual networks. A multi-lane can also meet security needs through technologies like RSPAN and provide the real-time functionality required for digital substations while ensuring timely data delivery. The document concludes that a multi-lane is a good option to reduce costs, experiments show it can implement all necessary digital substation functions, and existing equipment can ensure the required level of information
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...MITRE - ATT&CKcon
The Vocabulary for Event Recording and Incident Sharing (VERIS) is a set of metrics designed to provide a common language for describing security incidents in a structured and repeatable manner.
VERIS has been the base analysis framework for supporting the Verizon Data Breach Investigations Report (DBIR) since its inception. However, as organizations work to interpret the richness of information present on the DBIR to a more tactical level, the Threat Action Varieties available on VERIS fail to capture the detail present on the incidents recorded.
This talk presents the Verizon Common Attack Framework (VCAF), an effort from the Security Data Science team and the DBIR team in Verizon to expand and map the ATT&CK framework in alignment with the DBIR Threat Action Varieties to provide this much-sought level of granularity in recording and analyzing recorded breaches.
Additionally, this talk describes possible outcomes when this data is available and organized as such. Examples include applying DBIR-inspired attack vector analytics upon ATT&CK layer information, effectively identifying optimal control choke points on the attack graphs according to specific industries covered by the DBIR.
CLÍNICA DE RESPUESTAS A INCIDENTES Y THREAT HUNTING - WORKSHOP DAY TÉCNICO DE...Cristian Garcia G.
The document discusses threat hunting and incident response. It describes building a threat hunting program and threat response platform with key components like visibility, proactivity, and response. It discusses investigating incidents, making judgments on observables from various data sources, and taking targeted mitigation actions. The goal is to integrate security tools and orchestrate threat research and response through a centralized threat response platform.
The document discusses Blue Coat's approach to modern advanced threat protection. It begins by outlining the evolving threat landscape and why traditional security solutions are no longer sufficient. It then describes Blue Coat's solution which uses security visibility, big data analytics, threat intelligence and integration to provide improved detection, response and prevention against advanced threats. Several use cases are presented that demonstrate how Blue Coat's solution helped organizations enhance security monitoring, reduce breach impact and streamline incident response.
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...Criminal IP
Businesses and organizations have numerous network devices, databases, servers, applications, and domains, and all of these IT assets are through IP addresses and Ports.
Attack Surface Management refers to the proactive detection and management of attack vectors such as open ports, server vulnerabilities, similar domains, phishing, and domains distributing malicious code.
Criminal IP ASM automatically monitors and generates a report on assets exposed to the attack surface.
All IT assets are thoroughly detected globally, with a streamlined introduction procedure requiring registration of only one primary domain.
Request a FREE Demo of Criminal IP ASM at:
https://www.criminalip.io/asm/attack-surface-management
CONFidence2015: Real World Threat Hunting - Martin NystromPROIDEA
Real World Threat Hunting
Security threats have grown from network annoyances to attacks on sensitive infrastructure; penetrating network perimeters, moving laterally within networks, breaching new device types, and cloaking movements. This presentation will share techniques utilized by Cisco to detect and investigate sophisticated, embedded threats.
The speaker, who has conducted monitoring and investigations on customer networks, will review recent real attacks observed on customer networks, from discovery to remediation, and provide lessons learned. These interactive case examples will highlight how to identify these threats using security intelligence, expert staff, and the Cisco OpenSOC platform.
Examples of attacks and illustrations:
* Sophisticated phishing attacks targeted at customer environments.
* Breaches and data exfiltration resulting from the high-profile HeartBleed and Shellshock vulnerabilities.
* Sophisticated malware targeting financial institutions with the goal of data theft.
* Use of full packet capture to identify data exfiltration.
Detecting ICS Attacks Using Recurrent Neural NetworksKaspersky
Cyber attacks aiming at critical infrastructure and automated industrial production plants can be the most disastrous in terms of consequences. But, luckily for us, the digital footprint of any physical system is governed by the laws of physics, and a neural network can learn the normal behaviour of the cyberphysical system and detect the anomalies faster that safety sensors normally do - saving time and costs.
Andrey Lavrentyev, Head of Technology Research Department, Kaspersky Lab, talked at S4x18 Conference in San Francisco about successful implementation of a recurrent neural network to a Tennessee Eastman Process.
To lean more, please visit our blog: https://www.kaspersky.com/blog/ml-for-ad?utm_source=smm_ss&utm_medium=ww_ss_o_240118
Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors Dragos, Inc.
The document discusses different methodologies for detecting cybersecurity threats: indicators of compromise (IOCs), anomalies, and behaviors. IOCs focus on known malicious artifacts but lack context and are backward-looking. Anomaly detection aims to find new threats but often generates false alerts and requires extensive tuning. Behavioral analysis correlates events across multiple systems to detect adversary techniques, but requires extensive visibility that may be difficult to achieve. The document evaluates these approaches using examples of Russian threat group APT29's activity and common credential theft attacks. It concludes that organizations should pragmatically combine approaches based on their needs and capabilities rather than rely on any single methodology.
Is your SOC overwhelmed with alerts and threats? Cyber-adversaries are wielding tools and machine power, while organizations are still trying to scale their cybersecurity with OpEx and poorly planned CapEx spending. In this session, you will learn from a SOC expert about mistakes that have been made in the past, what we can do about it right now and what is in store as we move towards SOC 2030.
(Source: RSA Conference USA 2018)
This document introduces Kaspersky Endpoint Security for Business, a single security platform from Kaspersky Lab that provides anti-malware, mobile security, data encryption, endpoint control tools, and systems management. It can manage protections across physical, virtual, and mobile devices through Kaspersky Security Center. Key features include advanced anti-malware, mobile device management, encryption, application control, and patch management. The suite is available in different tiers and is powered by Kaspersky's global security network to improve performance.
Vodafone is one of the world’s largest telecommunications companies, enabling connectivity by providing mobile, fixed and IoT networks to customers around the world. Vodafone is redefining the boundary of the SOC and sees the balance between prevention, detection and response for both Vodafone’s organization and customers as vital. This session will describe the journey from reactive SOC to proactive cyber-defense.
(Source: RSA Conference USA 2018)
Tools Of The Hardware Hacking Trade FinalPriyanka Aash
This document provides an overview of various tools that can be used for hardware hacking and analysis. It discusses tools for tasks like information gathering, device teardown, interface monitoring and analysis, and firmware extraction. Specific tools covered include oscilloscopes, logic analyzers, protocol analyzers, the Bus Pirate, USB-to-serial adapters, software defined radios, soldering equipment, device programmers, debug tools, and imaging equipment like x-rays and electron microscopes. Examples are given of how several of these tools have been used in past hardware analyses and attacks. The document concludes by encouraging the reader to set up a hardware hacking lab and collaborate with others to stay up-to-date on new tools and techniques.
1) Russia poses a serious threat landscape, targeting governments, financial organizations, telecommunications, utilities, and transport sectors, as well as citizens.
2) An investigation of a cryptocurrency bank found 1000 workstations and 200 servers infected over 2 weeks, with backups also hacked using unique encryption keys on each device and PowerShell scripts.
3) Threat tactics seen include wipers, cryptors like Black Energy and HDDCryptor, as well as Shamoon 2 and WannaCry exploiting the EternalBlue vulnerability and using techniques like full disk encryption, malware-less attacks, and "tailored" encryption.
Dragos Adversary Hunter Jimmy Wylie presents "TRSIS in Perspective" at the 13th annual API conference in Houston, TX. This presentation analyzes the 2017 TRISIS event at an unspecified gas facility in Saudi Arabia--the first deliberate targeting of SIS that could have resulted in potential loss of life. This presentation also examines post-TRISIS, as Dragos has observed that XENOTIME, the adversary group responsible for TRSIS, has expanded its targeting to North America and other safety systems.
Visit www.dragos.com to learn more.
Attacks on Critical Infrastructure: Insights from the “Big Board”Priyanka Aash
Targeted attacks on critical infrastructure continue to increase in number and severity. We’ll present the latest data on these attacks: What is their goal? What are the attacker strategies? How are attacks supported by the darknet? We’ll discuss banking threats discovered at the “Big Board” at the RSA Anti-Fraud Control Center and Smart Grid threat detection in the EU SPARKS project.
(Source: RSA USA 2016-San Francisco)
Venkatesan Pillai presented on protecting cloud computing environments from DDoS attacks using Complex Event Processing (CEP). He discussed existing DDoS detection and prevention systems and their limitations. The proposed system would use CEP to analyze traffic parameters from cloud datasets to classify attacks and alert on sources to block. It would be implemented using OpenStack cloud, Esper CEP engine, and machine learning algorithms. Metrics like CPU usage, bandwidth, and response time would evaluate performance.
We’ve got more assets in the cloud than ever. Unfortunately, we also have less visibility and control in these environments, as well. Implementing detection and response controls that leverage cloud provider tools and controls, as well as automation strategies and processes, is critical for effective incident detection and response in hybrid cloud environments. This session will get you started!
(Source: RSA Conference USA 2018)
In the recent years, the traditional application monolith has broken down into a hefty chunk of micro-services thereby increasing the attack surface. We will look at how this increases the entry points into the complex modern day application ecosystem. The modern security tester needs various skills to pen-test such apps including the understanding of containers to successfully break or defend such applications.
When we tie this with the fast paced devOps life cycles for applications and explore the challenges when scaling security for such applications across the organization.
Hence, this webinar discusses traditional and relatively newer methods of Pen-testing web applications. Thereby illustrating how the changing business requirements and Agile life cycles for applications affect Security testing for modern applications.
Key Takeaways:
- what do the traditional Pen testing/Security testing Techniques entail?
- How is the landscape for Applications changing and how it affects security testing?
- What are the key essentials for testing modern applications?
- what can be done to scaling Security Assessments(Testing) for Modern & Agile life cycles?
This document discusses the benefits and potential issues of implementing a multi-gigabit Ethernet network, or "multi-lane", at electrical substations. It notes that a multi-lane can reduce the cost of secondary equipment by 30% compared to traditional networks. While it increases demands on staff competency, it also simplifies work by segmenting the physical network into virtual networks. A multi-lane can also meet security needs through technologies like RSPAN and provide the real-time functionality required for digital substations while ensuring timely data delivery. The document concludes that a multi-lane is a good option to reduce costs, experiments show it can implement all necessary digital substation functions, and existing equipment can ensure the required level of information
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...MITRE - ATT&CKcon
The Vocabulary for Event Recording and Incident Sharing (VERIS) is a set of metrics designed to provide a common language for describing security incidents in a structured and repeatable manner.
VERIS has been the base analysis framework for supporting the Verizon Data Breach Investigations Report (DBIR) since its inception. However, as organizations work to interpret the richness of information present on the DBIR to a more tactical level, the Threat Action Varieties available on VERIS fail to capture the detail present on the incidents recorded.
This talk presents the Verizon Common Attack Framework (VCAF), an effort from the Security Data Science team and the DBIR team in Verizon to expand and map the ATT&CK framework in alignment with the DBIR Threat Action Varieties to provide this much-sought level of granularity in recording and analyzing recorded breaches.
Additionally, this talk describes possible outcomes when this data is available and organized as such. Examples include applying DBIR-inspired attack vector analytics upon ATT&CK layer information, effectively identifying optimal control choke points on the attack graphs according to specific industries covered by the DBIR.
CLÍNICA DE RESPUESTAS A INCIDENTES Y THREAT HUNTING - WORKSHOP DAY TÉCNICO DE...Cristian Garcia G.
The document discusses threat hunting and incident response. It describes building a threat hunting program and threat response platform with key components like visibility, proactivity, and response. It discusses investigating incidents, making judgments on observables from various data sources, and taking targeted mitigation actions. The goal is to integrate security tools and orchestrate threat research and response through a centralized threat response platform.
The document discusses Blue Coat's approach to modern advanced threat protection. It begins by outlining the evolving threat landscape and why traditional security solutions are no longer sufficient. It then describes Blue Coat's solution which uses security visibility, big data analytics, threat intelligence and integration to provide improved detection, response and prevention against advanced threats. Several use cases are presented that demonstrate how Blue Coat's solution helped organizations enhance security monitoring, reduce breach impact and streamline incident response.
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...Criminal IP
Businesses and organizations have numerous network devices, databases, servers, applications, and domains, and all of these IT assets are through IP addresses and Ports.
Attack Surface Management refers to the proactive detection and management of attack vectors such as open ports, server vulnerabilities, similar domains, phishing, and domains distributing malicious code.
Criminal IP ASM automatically monitors and generates a report on assets exposed to the attack surface.
All IT assets are thoroughly detected globally, with a streamlined introduction procedure requiring registration of only one primary domain.
Request a FREE Demo of Criminal IP ASM at:
https://www.criminalip.io/asm/attack-surface-management
Keeping Up with the Adversary: Creating a Threat-Based Cyber TeamPriyanka Aash
With advanced cyber-actors evolving quickly and becoming more stealthy, it has become imperative to question the status quo of our existing cyber-operations. This session will outline how a case study and incident response led to changes in focus and philosophy and how that changed the structure of Defensive Cyber Operations.
(Source: RSA Conference USA 2017)
Get Your Head in the Cloud: A Practical Model for Enterprise Cloud SecuritySymantec
Nico Popp, Vice President, Information Protection, Symantec explains. As users, infrastructure and applications move to the cloud at a record-breaking pace, the cloud has become a paradox: both a dream and a nightmare. Accessibility, scale, price and elasticity drive high adoption while security is a source of constant concern. This session will focus on a practical four pillar model for enterprise cloud security, all supported by real-world implementation.
SplunkSummit 2015 - Splunk User Behavioral AnalyticsSplunk
The document discusses Splunk User Behavior Analytics (UBA) and its capabilities for detecting advanced cyber attacks and insider threats through behavioral threat detection using machine learning. It notes that traditional threat detection focuses only on known threats, while UBA aims to detect unknown threats through automated security analytics and anomaly detection based on establishing user and entity baselines and identifying deviations from normal behavior. The document provides examples of UBA use cases and the types of data sources it can integrate to perform threat detection and security analytics.
This document discusses Edwin Hubble and his discoveries at the Mt. Wilson Observatory in the early 20th century. It then summarizes some of the major scientific discoveries of the Hubble Space Telescope since its launch in 1990, including determining the age of the universe and existence of dark energy and exoplanets. The document also outlines Sophos' strategy around next-generation cybersecurity technologies like machine learning and deep learning to more quickly identify unknown threats.
The document discusses the evolution of cyber threats and detection capabilities. It argues that current security approaches are failing and that a new approach with complete visibility is needed. It promotes the RSA security analytics platform as a unified solution for advanced threat detection, investigation and response across network, endpoint, cloud and log data.
Recon for the Defender: You Know Nothing (about Your Assets), Jon SnowPriyanka Aash
Understanding what you own is step one in securing your assets. A simple concept that still escapes the grasp of most, and it’s getting harder in a cloud-enabled world. Despite this struggle there’s a plethora of APIs and publicly available data to give you a jumpstart on identifying high-risk assets. This session will share techniques and tools to gather data and identify unknown risks.
Learning Objectives:
1: Learn about sources and methods to identify public, unknown assets.
2: Gain access to OSS tooling allowing defenders to operationalize asset inventory process.
3: Learn to apply risk methods using public data attributes to understand quantitative risk.
(Source: RSA Conference USA 2018)
RSA 2018: Recon For the Defender - You know nothing (about your assets)Jonathan Cran
Ed Bellis and Jonathan Cran of Kenna Security discuss a number of fast-moving, emerging threats to the enterprise and provide insight into ways that organizations can get ahead by adding a recon capability - adding more visibility of their exposure & allowing enough time for patch windows.
Security in the age of open source - Myths and misperceptionsTim Mackey
As delivered at Interop ITX 2017.
The security of open source software is a function of the security of its components. For most applications, open source technologies are at their core, but security related issues may not be disclosed directly against the application because its use of the open-source component is hidden. In this talk, I explored how information flow benefits attackers, but how awareness can help defenders. I presented key attributes any vulnerability solution should have - including deep understanding of how open source development works and being DevOps aware.
Content Analysis System and Advanced Threat ProtectionBlue Coat
The document discusses Blue Coat's Content Analysis System (CAS) and advanced threat protection solutions. It describes a 3-stage lifecycle defense approach to blocking known threats, analyzing unknown threats, and reducing the time to resolve latent threats. The CAS uses a multi-layered approach including application whitelisting, signature databases, and sandboxing to inspect both encrypted and unencrypted traffic. It also leverages the global intelligence of 75 million users. The complete solution integrates the CAS, Malware Analysis Appliance for sandboxing, and Solera security analytics platform to provide comprehensive advanced threat protection.
SplunkLive Auckland 2015 - Splunk for SecuritySplunk
This document discusses how Splunk User Behavior Analytics (UBA) uses machine learning and behavioral analytics to detect threats. It provides an overview of how UBA analyzes logs from various systems to detect anomalies and threats across the kill chain. The document explains that UBA reduces events for SOC analysts to investigate by 99.99% and provides key workflows for threat detection and security analytics/hunting of threats. It provides an example of how UBA could detect a potential insider threat involving a user elevating privileges and potentially exfiltrating sensitive documents.
This document discusses how Splunk User Behavior Analytics (UBA) uses machine learning and behavioral analytics to detect threats. It provides an overview of how UBA analyzes logs from various systems to detect anomalies and threats across the kill chain. The document explains that UBA reduces events for SOC analysts to investigate by 99.99% and provides key workflows for threat detection and security analytics/hunting of threats. It provides an example of how UBA could detect a potential insider threat involving a user elevating privileges and potentially exfiltrating sensitive documents.
SplunkLive Wellington 2015 - Splunk for SecuritySplunk
This document discusses how Splunk User Behavior Analytics (UBA) uses machine learning and behavioral analytics to detect threats. It provides an overview of how UBA analyzes logs from various systems to detect anomalies and threats across the kill chain. The document explains that UBA reduces events for SOC analysts to investigate by 99.99% and provides key workflows for threat detection and security analytics/hunting of threats. It provides an example of how UBA could detect a potential insider threat involving a user elevating privileges and potentially exfiltrating sensitive documents.
SplunkLive! Stockholm 2015 breakout - Analytics based securitySplunk
This document discusses how Splunk can be used for security analytics and threat detection. It describes how Splunk allows organizations to centrally gather and correlate security-related data from various sources like networks, endpoints, applications and threat intelligence feeds. This enables use cases like monitoring for known threats, detecting unknown threats, incident investigation and user behavior analytics. Advanced techniques like machine learning and user/entity behavior analytics are also discussed to help identify anomalous activity that could indicate security incidents or threats.
SplunkLive! Amsterdam 2015 - Analytics based security breakoutSplunk
Splunk products provide a flexible and fast security intelligence platform that makes security personnel and processes more efficient by providing quick and flexible access to all of the data and information needed to detect, investigate and remediate threats. This presentation will discuss best practices for building out or enhancing an analytics based security strategy and how Splunk products can make people, process, and technology work better together.
Who should attend? Anyone that works in security and wants to leverage their machine data to detect internal and advanced threats, monitor activities in real time, and improve their organization's security posture.
Description: Your adversaries continue to attack and get into companies. You can no longer rely on alerts from point solutions alone to secure your network. To identify and mitigate these advanced threats, analysts must become proactive in identifying not just indicators, but attack patterns and behavior. In this workshop we will walk through a hands-on exercise with a real world attack scenario. The workshop will illustrate how advanced correlations from multiple data sources and machine learning can enhance security analysts capability to detect and quickly mitigate advanced attacks.
DevSecCon Talk: An experiment in agile Threat ModellingzeroXten
ThreatSpec aims to close the gap between development and security by bringing the threat modelling process further into the development process. This is achieved by having developers and security engineers write threat specifications alongside code, then dynamically generating reports and data-flow diagrams from the code.
The document discusses code-driven threat modeling using ThreatSpec. It describes how ThreatSpec can be used to specify threats and mitigations directly in code comments. Developers write ThreatSpec as they develop code and tests. Security reviews then analyze generated reports and data flow diagrams to ensure threats are properly mitigated. Code-driven threat modeling allows development and security teams to work together and keep the threat model and code in sync. While improvements are still needed, this approach has potential benefits over traditional threat modeling methods.
How to protect your corporate from advanced attacksMicrosoft
Cybersecurity is a top priority for CSO/CISO and the budget allocated, especially in a large organization, is growing. The complexity and sophistication
of cyber threats are increasing. What are these current threats and how can Microsoft help your organization in their efforts to eliminate cyber threats?
Similar to Présentation kaspersky threat intelligence services (20)
L'Agence Nationale de la Sécurité Informatique est fière de vous annoncer la parution de la 11e édition de SAHER Magazine. Rédigée par l'équipe ISAC de l'ANSI, cette nouvelle édition vous propose des articles pertinents qui traitent les #nouveautés relatives à la sécurité informatique aussi bien à l'échelle nationale qu'internationale.
Dans cette édition du mois de Juin_2020, au fil des rubriques, vous pouvez découvrir les #actualités concernant les Cyber menaces ainsi que les nouveaux outils pour s'en protéger.En effet, cette nouvelle édition vous propose un dossier complet qui présente la plateforme_nationale de détection précoce des cyberattaques.
Dans cette édition du mois de Mars 2020, au fil des rubriques, vous pouvez découvrir les actualités concernant les Cyber menaces ainsi que les nouveaux outils pour s'en protéger. Cette nouvelle édition est axée sur les circonstances qui entourent la propagation du virus Corona et vous offre des guides pour sécuriser votre environnement de télétravail ainsi que la sécurité des mots de passe.
De plus, vous pouvez découvrir des rubriques dédiées au Trojan "Houdini" et le ransomware "RYUK" ainsi que les mécanismes nécessaires pour s'en protéger.
Enfin, cette nouvelle édition vous offre des guides pour sécuriser la navigation Web pour vos enfants ainsi que les achats en ligne.
Dans le cadre du "Safer Internet Day 2020" L'Agence Nationale de la Sécurité Informatique met à votre disposition un guide pour mieux protéger vos enfants contre les dangers d'internet.
Dans cette édition du mois d'Octobre 2019, au fil des rubriques, vous pouvez découvrir les actualités concernant les Cyber_menaces ainsi que les nouveaux #outils pour s'en protéger. De plus, SAHER Magazine vous offre la possibilité de découvrir le nouveau Malware "NoderSok" qui cible les machines tournant sous Windows et les transforme en des #proxys_zombies.Enfin, cette nouvelle édition vous propose, aussi, un retour en images sur les différents #événements relatifs à la cybersécurité ainsi qu'un dossier dédié à la #communauté de la sécurité informatique en Tunisie.
SAHER Magazine vous offre la possibilité de découvrir toutes les nouvelles tendances relatives au monde de la sécurité informatique. En effet, plusieurs rubriques seront proposés pour traiter et analyser des thèmes tels que les Malwares ou le Pentesting.
SAHER Magazine vous offre la possibilité de découvrir toutes les nouvelles tendances relatives au monde de la sécurité informatique. En effet, plusieurs rubriques seront proposés pour traiter et analyser des thèmes tels que les Malwares ou le Pentesting.
SAHER Magazine vous offre la possibilité de découvrir toutes les nouvelles tendances relatives au monde de la sécurité informatique. En effet, plusieurs rubriques seront proposés pour traiter et analyser des thèmes tels que les Malwares ou le Pentesting.
SAHER Magazine vous offre la possibilité de découvrir toutes les nouvelles tendances relatives au monde de la sécurité informatique. En effet, plusieurs rubriques seront proposés pour traiter et analyser des thèmes tels que les Malwares ou le Pentesting.
SAHER Magazine vous offre la possibilité de découvrir toutes les nouvelles tendances relatives au monde de la sécurité informatique. En effet, plusieurs rubriques seront proposés pour traiter et analyser des thèmes tels que les Malwares ou le Pentesting.
SAHER Magazine vous offre la possibilité de découvrir toutes les nouvelles tendances relatives au monde de la sécurité informatique. En effet, plusieurs rubriques seront proposés pour traiter et analyser des thèmes tels que les Malwares ou le Pentesting.
Lors des Cyber Security Days 2018, organisés par l'agence nationale de la sécurité informatique , MME Raoudha Khelif (Ministère des technologies de la communication et de l'économie numérique) a présenté le « Cloud National Tunisien : Constats et perspectives » dans le cadre de la stratégie Tunisie Digitale 2020 en coopération avec Devoteam.
Enginov - Alpha Engineering : Modèles et plateforme de coordination avec le C...ANSItunCERT
Dans le cadre de la 8ème edition des Cyber Security Days 2018, organisée par l'agence nationale de la sécurité informatique, Enginov a présenté le module "Modèles et plateforme de coordination avec le Cert National TunCERT".
Ansi - Tuncert : Référentiel d'audit de la sécurité des SIANSItunCERT
Dans le cadre de la 8ème edition des Cyber Security Days 2018, organisée par l'agence nationale de la sécurité informatique, les collaborateurs de l'ansi ont présenté le module "Référentiel d'audit de la sécurité des Systèmes d'information".
UI5con 2024 - Bring Your Own Design SystemPeter Muessig
How do you combine the OpenUI5/SAPUI5 programming model with a design system that makes its controls available as Web Components? Since OpenUI5/SAPUI5 1.120, the framework supports the integration of any Web Components. This makes it possible, for example, to natively embed own Web Components of your design system which are created with Stencil. The integration embeds the Web Components in a way that they can be used naturally in XMLViews, like with standard UI5 controls, and can be bound with data binding. Learn how you can also make use of the Web Components base class in OpenUI5/SAPUI5 to also integrate your Web Components and get inspired by the solution to generate a custom UI5 library providing the Web Components control wrappers for the native ones.
Microservice Teams - How the cloud changes the way we workSven Peters
A lot of technical challenges and complexity come with building a cloud-native and distributed architecture. The way we develop backend software has fundamentally changed in the last ten years. Managing a microservices architecture demands a lot of us to ensure observability and operational resiliency. But did you also change the way you run your development teams?
Sven will talk about Atlassian’s journey from a monolith to a multi-tenanted architecture and how it affected the way the engineering teams work. You will learn how we shifted to service ownership, moved to more autonomous teams (and its challenges), and established platform and enablement teams.
Malibou Pitch Deck For Its €3M Seed Roundsjcobrien
French start-up Malibou raised a €3 million Seed Round to develop its payroll and human resources
management platform for VSEs and SMEs. The financing round was led by investors Breega, Y Combinator, and FCVC.
Project Management: The Role of Project Dashboards.pdfKarya Keeper
Project management is a crucial aspect of any organization, ensuring that projects are completed efficiently and effectively. One of the key tools used in project management is the project dashboard, which provides a comprehensive view of project progress and performance. In this article, we will explore the role of project dashboards in project management, highlighting their key features and benefits.
14 th Edition of International conference on computer visionShulagnaSarkar2
About the event
14th Edition of International conference on computer vision
Computer conferences organized by ScienceFather group. ScienceFather takes the privilege to invite speakers participants students delegates and exhibitors from across the globe to its International Conference on computer conferences to be held in the Various Beautiful cites of the world. computer conferences are a discussion of common Inventions-related issues and additionally trade information share proof thoughts and insight into advanced developments in the science inventions service system. New technology may create many materials and devices with a vast range of applications such as in Science medicine electronics biomaterials energy production and consumer products.
Nomination are Open!! Don't Miss it
Visit: computer.scifat.com
Award Nomination: https://x-i.me/ishnom
Conference Submission: https://x-i.me/anicon
For Enquiry: Computer@scifat.com
Liberarsi dai framework con i Web Component.pptxMassimo Artizzu
In Italian
Presentazione sulle feature e l'utilizzo dei Web Component nell sviluppo di pagine e applicazioni web. Racconto delle ragioni storiche dell'avvento dei Web Component. Evidenziazione dei vantaggi e delle sfide poste, indicazione delle best practices, con particolare accento sulla possibilità di usare web component per facilitare la migrazione delle proprie applicazioni verso nuovi stack tecnologici.
The Key to Digital Success_ A Comprehensive Guide to Continuous Testing Integ...kalichargn70th171
In today's business landscape, digital integration is ubiquitous, demanding swift innovation as a necessity rather than a luxury. In a fiercely competitive market with heightened customer expectations, the timely launch of flawless digital products is crucial for both acquisition and retention—any delay risks ceding market share to competitors.
Using Query Store in Azure PostgreSQL to Understand Query PerformanceGrant Fritchey
Microsoft has added an excellent new extension in PostgreSQL on their Azure Platform. This session, presented at Posette 2024, covers what Query Store is and the types of information you can get out of it.
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdfVALiNTRY360
Salesforce Healthcare CRM, implemented by VALiNTRY360, revolutionizes patient management by enhancing patient engagement, streamlining administrative processes, and improving care coordination. Its advanced analytics, robust security, and seamless integration with telehealth services ensure that healthcare providers can deliver personalized, efficient, and secure patient care. By automating routine tasks and providing actionable insights, Salesforce Healthcare CRM enables healthcare providers to focus on delivering high-quality care, leading to better patient outcomes and higher satisfaction. VALiNTRY360's expertise ensures a tailored solution that meets the unique needs of any healthcare practice, from small clinics to large hospital systems.
For more info visit us https://valintry360.com/solutions/health-life-sciences
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian CompaniesQuickdice ERP
Explore the seamless transition to e-invoicing with this comprehensive guide tailored for Saudi Arabian businesses. Navigate the process effortlessly with step-by-step instructions designed to streamline implementation and enhance efficiency.
3. ADVANCED THREAT TAXONOMY: MULTISTAGE AND HIDDEN
Attack
preparation
Delivery C&C ExecutionLateral
movement
Damage &
silent leave
• gather data
• prepare strategy
• non-malware
• hidden
• encrypted
• new domain
• «gray domain»
• payload/command delivery
• hide inside normal activities
• steal credentials
• non violation of anything
• rapid
• silent
• no immediate damage
• hide the traces
• erase from logs
• leave a backdoor
4. Security
Solution Threat Hunting Investigation
External Threat Intelligence Additional Data to Analyze
Risk level?Incident Reaction Actionable
Intelligence
HIGH
LOW
Security Policies
Improvement
Fast Recovery
Full Incident
Response
RemediationForensics
THE MEANING BEHIND «DETECTION» IS YOUR ABILITY TO REACT
5. 7
Threat Intelligence Portal
HIGH LEVEL
INFORMATION ON
THE RISK
ATTACKER
METHODOLOGIES,
TOOLS AND
TACTICS
MACHINE-
READABLE
THREAT
INDICATORS
DETAILS OF THE
SPECIFIC
INCOMING ATTACK
LONG-TERMSHORT-TERM
HIGHER LEVEL LOWER LEVEL
• APT INTELLIGENCE REPORTS
• FINANCIAL THREAT INTELLIGENCE
REPORTS
TACTICAL
• THREAT DATA FEEDS
TECHNICAL
• TAILORED THREAT INTELLIGENCE
STRATEGIC
• THREAT LOOKUP
• CLOUD SANDBOX
OPERATIONAL
8. Kaspersky Lab | The Power of Protection10
Description of fields
RANSOMWARE URL FEED
Record Sample
{
"id": 17775479,
"mask": "disk-space.ru",
"type": 1,
"first_seen": "24.09.2017 14:48",
"last_seen": "03.11.2017 15:54",
"popularity": 5,
"geo": "ru, ua, kz, by, de, dz, us, in, am, md",
"IP": "104.25.107.35, 104.25.106.35, 185.182.81.34,
139.59.131.232, 184.164.147.24, 184.164.147.3, 5.254.65.25,
184.164.146.10, 107.155.66.37",
"files": [
{
"MD5": "",
"SHA1": "",
"SHA256": ""
},
"whois": {
"domain": "disk-space.ru",
"created": "26.10.2014",
"expires": "26.10.2018",
"registrar_name": "REGRU-RU",
"NS": "jamie.ns.cloudflare.com, micah.ns.cloudflare.com",
"NS_ips": "173.245.58.168, 173.245.59.206",
"MX": "mx1.beget.com, mx2.beget.com",
"MX_ips": "185.78.30.48, 185.78.30.71, 5.101.158.67, 5.101.158.68"
}
JSON format id – unique record identifier
mask – record covering links that host ransomware objects or that are
accessed by them.
type – record type. 1, 2 and 4 types of masks are only used to simplify
integration with
security controls or TIPlatforms.
first_seen – date when the record was created/detected (UTC)
last_seen – date when the record was last encountered by Kaspersky Lab’s
users (UTC)
popularity – index number defining the record popularity (how many users were
affected
by this record). 5 is the most popular, 1 the least popular
geo – Top 10 countries where KL users were most affected by this record
IP – Top 10 IPs of the URL/mask within the last 4 months
files - top 10 related ransomware files (hosted on or accessed to the URL/mask)
whois - domain whois and DNS data
9. Kaspersky Lab | The Power of Protection11
Description of fields
APT IOC FEEDS
Record Sample
APT Hash Data Feed
{
"MD5": "CFFFC5A0E5BDC87AB11B75EC8A6715A4",
"detection_date": "21.09.2017 00:00",
"publication_name": "The Silence - new trojan attacking
financial organizations"
}
APT URL Data Feed
{
"id": 17868336,
"mask": "oospoosp.com",
"type": 1,
"detection_date": "23.10.2017 00:00",
"publication_name": "GreenBug waterholes a Kurdish
Government website"
}
APT IP Data Feed
{
"IP": "191.101.251.200",
"detection_date": "12.10.2017 00:00",
"publication_name": "Adobe Flash Zero Day (CVE-2017-11292)
Deploying FinSpy Malware – early warning"
}
APT YARA Data Feed contains YARA rules as is
JSON format
detection date – date when the record was created/detected (UTC).
Records are sorted in descending order.
security controls or TIPlatforms.
publication name – a short description of the APT campaign
11. 13
Threat Data Feeds Consumption
Log Sources
Security Officer
Dashboards Alerts
Corporate Network
Kaspersky
Infrastructure
SIEM aggregates logs from different network devices
and IT systems and send the events with URLs,
hashes, and IPs to correlation service for analysis
SIEM
Raw logs
Forwarded
events
Matching engine
Detection events
Data feeds
1
2
3
Correlation service matches incoming events
with feeds and send detection events to SIEM
5
Free downloader regularly
downloads up-to-date threat
intelligence feeds and loads
them into correlation service
Feed
Downloader
— Views events with
security context and
receives alerts
— Investigates security
incidents based on
context
4
13. 15
Incident Investigation Workflow
Cloud Sandbox
Advanced analysis of files in various
formats
CLOUD SANDBOX
Default settings and advanced settings
for optimized performance
Advanced anti-evasion
and human simulating techniques
Visualization and intuitive
reporting
Advanced detection of APT,
targeted and complex threats
A workflow allowing to run
highly effective and complex
incident investigations
Scalability without the need to
purchase costly appliances
Seamless integration and
automation of your security
operations
Web Interface
RESTful API
KEY CAPABILITIES
15. Kaspersky Lab | The Power of Protection17
Financial Threat Intelligence Reporting
TARGETED ATTACKS
METHODS USED TO BYPASS SECUIRTY MECHANISMS
MONETIZATION METHODS
ATTACKS ON ATMs
ATTACKS ON POS SYSTEMS DEVICES
SPECIFIC TOOLS DEVELOPED OR SOLD
BY CYBERCRIMINALS