The document summarizes the five stages of grief experienced by organizations when they realize their critical infrastructure systems are connected to the internet and vulnerable to cyber attacks: denial, anger, bargaining, depression, and acceptance. It provides examples to illustrate why each stage occurs, such as discoveries of thousands of exposed SCADA and ICS devices online using tools like SHODAN, high-profile attacks like Stuxnet targeting critical infrastructure systems, and challenges of keeping outdated systems patched against emerging threats. The document argues organizations must ultimately accept the interconnected nature of systems and find new ways to design and manage critical infrastructure that are more secure and resilient to cyber attacks.
Liam Randall of Critical Stack at S4x15 Operation Technology Day. Liam is a Bro guru and describes how it can be used to monitor communications, detect attacks and analyze data.
The answer is no for about 90% of the cyber assets due to the very minimal risk reduction achieved. Spend your effort elsewhere. Presentation goes over categories of security patching in ICS and recommends prioritized security patching.
Attacking and Defending Autos Via OBD-II from escar AsiaDigital Bond
This presentation from escar Asia does go into detail on the Progressive Snapshot dongle security problems, but it also addresses common issues found in ICS security and the path forward. For example the insecure by design problem, no thought on embedded product security, importance of a security perimeter as the immediate best security solution, and the medium to long term solutions.
Using Assessment Tools on ICS (English)Digital Bond
Dale Peterson of Digital Bond describes the methodology of using security assessment tools on an operational ICS. He also discusses how to best use the features and functions of these tools.
Tatsuaki Takebe of Yokogawa Electric Corporation provides the closing keynote with a focus on international standards activity and how it affects the Japanese ICS community.
Liam Randall of Critical Stack at S4x15 Operation Technology Day. Liam is a Bro guru and describes how it can be used to monitor communications, detect attacks and analyze data.
The answer is no for about 90% of the cyber assets due to the very minimal risk reduction achieved. Spend your effort elsewhere. Presentation goes over categories of security patching in ICS and recommends prioritized security patching.
Attacking and Defending Autos Via OBD-II from escar AsiaDigital Bond
This presentation from escar Asia does go into detail on the Progressive Snapshot dongle security problems, but it also addresses common issues found in ICS security and the path forward. For example the insecure by design problem, no thought on embedded product security, importance of a security perimeter as the immediate best security solution, and the medium to long term solutions.
Using Assessment Tools on ICS (English)Digital Bond
Dale Peterson of Digital Bond describes the methodology of using security assessment tools on an operational ICS. He also discusses how to best use the features and functions of these tools.
Tatsuaki Takebe of Yokogawa Electric Corporation provides the closing keynote with a focus on international standards activity and how it affects the Japanese ICS community.
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Jim Gilsinn
Presented @ Emerson Exchange
October 7, 2014
Industrial control systems (ICS) are large information technology (IT) systems. Office IT systems, failure of ICS can cause plant outages and even physical damage. Management of ICS needs to be different and smarter. IT vendors frequently recommend patches and configuration changes. Most have no impact to the ICS, which cannot implement changes in real time. ICS typically get one chance every few years to make changes - the turnaround. This paper describes optimization of ISC turnaround work, using cyber-vulnerability assessment to focus turnaround work to only what is necessary.
Hacker Halted 2016 - How to get into ICS securityChris Sistrunk
This talk is about how to get into ICS security, whether you’re a control system engineer or an IT security analyst. It will cover the basic paths you can take to get involved, including some helpful resources and standards to help get you started. The ICS Security industry needs more people to help protect Critical Infrastructure!
Vulnerability Inheritance in ICS (English)Digital Bond
Reid Wightman of Digital Bond Labs shows how software libraries integrated into ICS can bring vulnerabilities along with them.
In this case it is the CoDeSys library bringing vulnerabilities to more than 200 products including PLC's from Hitachi and Sanyo-Denki. Reid goes into the vulnerabilities and shows the tools that can exploit the vulnerabilities.
Equally important is the vendor misrepresenting the fact that the vulns were fixed, when they were not. And the vendors, Hitachi and Sanyo-Denki to name two, that did not test the security of the libraries before including them in their products and selling them to customers.
SCADA Security: The Five Stages of Cyber GriefLancope, Inc.
Every time a new information technology finds its way into production, it seems as though we end up repeating the same process – security vulnerabilities will be discovered and disclosed in that technology, and users and vendors will deny that the risks are significant. Only after major attacks occur do we really start to see efforts to address the inherent risks in a systematic way.
We’re falling into this exact same trap again with Industrial Control and SCADA systems, but in this case the problem is worse, because the inherent nature of control systems prevents us from applying many of the strategies that have been used to protect other kinds of computer networks.
Join Lancope’s Director of Security Research, Tom Cross, for a look at the five stages of grief that organizations seem to pass through as they come to terms with security risks, and how far we’ve come regarding Industrial Control Systems.
Hear about:
The state of Control Systems security vulnerabilities
Attack activity that is prompting a change in perspective
The unique, long-term challenges associated with protecting SCADA networks
How anomaly detection can play a key role in protecting SCADA systems now
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...Digital Bond
This session will cover the pro's and con's of virtualization as well as lessons learned from real world virtualization of DCS environments. Chris has deployed virtualization in ICS with and without ICS vendor cooperation.
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...AVEVA
There are new threats to cybersecurity for HMI/SCADA applications every week, and it can be difficult to stay on top of current threats and concerns. InduSoft is here to help, with an analysis of recent cybersecurity threats and how to take steps to protect SCADA/HMI systems from the vulnerabilities they seek to exploit. We will also be discussing the security features available in InduSoft Web Studio and how to take advantage of them to create the most stable, secure HMI or SCADA application possible.
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...Digital Bond
The presentation covers assessment, implementation methodology, and current level of success for addressing four key objectives which are protecting the controls fieldbus (networks) from untrusted networks (domain), secure and safe remote support capability from both inside and outside of the company, control supplier access to manufacturing equipment when onsite, and protect manufacturing systems from Malware and intrusion. This system isn’t theoretical, it’s in broad use and full critical production. If the time and connectivity is available a quick remote access demonstration can be given. The presentation will wrap up with a series of thoughts and ideas that occur to me regarding security in general as I listen to other organizations and groups talking about various security needs and activities.
Cyber & Process Attack Scenarios for ICSJim Gilsinn
Presented at the OPC Foundation's "The Information Revolution 2014" in Redmond, WA August 5-6, 2014
This presentation discusses the modes and methodologies an attacker may use against an industrial control system in order to create a complex process attack. The presentation then discusses some specific examples, both real and hypothetical. The presentation finishes with a description of some common ways in which an organization could defend itself against these types of attacks.
Virtualizing Industrial Controllers (PLCs/DCS Controllers) represents a fundamental shift in the industrial automation industry. Most industries have fully embraced virtualization as a means to support reliability, scalability and resource optimization. However, the industrial control system industry has been slow to adopt virtualization into automation controllers fully. These slides are from Austin Scott's S4 2019 presentation and outlines the benefits of industrial controller virtualization and why automation vendors see this as a threat to their business model. The slides describe a virtualized PLC deployment at a large refinery in North America that allowed them to scale to support the massive size of the plant and includes:
- What is PLC virtualization?
- A brief history of PLC virtualization
- Challenges with PLC virtualization
- The benefits of PLC/Controller virtualization
- Commodity controllers
Nozomi Networks is the leader of industrial cybersecurity, delivering real-time visibility to manage cyber risk & improve resilience for industrial operations. With one solution, customers gain advanced cybersecurity, improved operational reliability & easy IT/OT integration. Innovating the use of artificial intelligence, the company helps the largest industrial sites around the world See and Secure™ their critical industrial control networks. Today Nozomi Networks supports over a quarter of a million devices in the critical infrastructure, energy, manufacturing, mining, transportation & utility sectors, making it possible to tackle the escalating cyber risks to operational networks (OT).
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...Honeywell
A joint presentation of Yokogawa and NextNine about a 60-site global cybersecurity deployment, including what went right, what went wrong, necessary changes to the processes and technology, and the new technology was developed.
Protecting the Crown Jewels from Devastating Data BreachesLancope, Inc.
Whether they realize it or not, all enterprises have valuable data to protect. Credit card information, trade secrets, and patient data, for example, are all prime targets for cyber criminals.
You can reduce risk to your sensitive data through the use of compliance/segmentation monitoring. But what happens when malicious insiders or external attackers bypass these controls?
Join Lancope’s Consulting Security Architect, Charles Herring, to learn how network behavioral anomaly detection (NBAD) and deep visibility through NetFlow can be used to quickly alert administrators to these violations. Discover how to detect anomalies such as data hoarding and data loss to more effectively safeguard your crown jewels.
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Jim Gilsinn
Presented @ Emerson Exchange
October 7, 2014
Industrial control systems (ICS) are large information technology (IT) systems. Office IT systems, failure of ICS can cause plant outages and even physical damage. Management of ICS needs to be different and smarter. IT vendors frequently recommend patches and configuration changes. Most have no impact to the ICS, which cannot implement changes in real time. ICS typically get one chance every few years to make changes - the turnaround. This paper describes optimization of ISC turnaround work, using cyber-vulnerability assessment to focus turnaround work to only what is necessary.
Hacker Halted 2016 - How to get into ICS securityChris Sistrunk
This talk is about how to get into ICS security, whether you’re a control system engineer or an IT security analyst. It will cover the basic paths you can take to get involved, including some helpful resources and standards to help get you started. The ICS Security industry needs more people to help protect Critical Infrastructure!
Vulnerability Inheritance in ICS (English)Digital Bond
Reid Wightman of Digital Bond Labs shows how software libraries integrated into ICS can bring vulnerabilities along with them.
In this case it is the CoDeSys library bringing vulnerabilities to more than 200 products including PLC's from Hitachi and Sanyo-Denki. Reid goes into the vulnerabilities and shows the tools that can exploit the vulnerabilities.
Equally important is the vendor misrepresenting the fact that the vulns were fixed, when they were not. And the vendors, Hitachi and Sanyo-Denki to name two, that did not test the security of the libraries before including them in their products and selling them to customers.
SCADA Security: The Five Stages of Cyber GriefLancope, Inc.
Every time a new information technology finds its way into production, it seems as though we end up repeating the same process – security vulnerabilities will be discovered and disclosed in that technology, and users and vendors will deny that the risks are significant. Only after major attacks occur do we really start to see efforts to address the inherent risks in a systematic way.
We’re falling into this exact same trap again with Industrial Control and SCADA systems, but in this case the problem is worse, because the inherent nature of control systems prevents us from applying many of the strategies that have been used to protect other kinds of computer networks.
Join Lancope’s Director of Security Research, Tom Cross, for a look at the five stages of grief that organizations seem to pass through as they come to terms with security risks, and how far we’ve come regarding Industrial Control Systems.
Hear about:
The state of Control Systems security vulnerabilities
Attack activity that is prompting a change in perspective
The unique, long-term challenges associated with protecting SCADA networks
How anomaly detection can play a key role in protecting SCADA systems now
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...Digital Bond
This session will cover the pro's and con's of virtualization as well as lessons learned from real world virtualization of DCS environments. Chris has deployed virtualization in ICS with and without ICS vendor cooperation.
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...AVEVA
There are new threats to cybersecurity for HMI/SCADA applications every week, and it can be difficult to stay on top of current threats and concerns. InduSoft is here to help, with an analysis of recent cybersecurity threats and how to take steps to protect SCADA/HMI systems from the vulnerabilities they seek to exploit. We will also be discussing the security features available in InduSoft Web Studio and how to take advantage of them to create the most stable, secure HMI or SCADA application possible.
ICS Security from the Plant Floor Up - A Controls Engineers Approach to Secur...Digital Bond
The presentation covers assessment, implementation methodology, and current level of success for addressing four key objectives which are protecting the controls fieldbus (networks) from untrusted networks (domain), secure and safe remote support capability from both inside and outside of the company, control supplier access to manufacturing equipment when onsite, and protect manufacturing systems from Malware and intrusion. This system isn’t theoretical, it’s in broad use and full critical production. If the time and connectivity is available a quick remote access demonstration can be given. The presentation will wrap up with a series of thoughts and ideas that occur to me regarding security in general as I listen to other organizations and groups talking about various security needs and activities.
Cyber & Process Attack Scenarios for ICSJim Gilsinn
Presented at the OPC Foundation's "The Information Revolution 2014" in Redmond, WA August 5-6, 2014
This presentation discusses the modes and methodologies an attacker may use against an industrial control system in order to create a complex process attack. The presentation then discusses some specific examples, both real and hypothetical. The presentation finishes with a description of some common ways in which an organization could defend itself against these types of attacks.
Virtualizing Industrial Controllers (PLCs/DCS Controllers) represents a fundamental shift in the industrial automation industry. Most industries have fully embraced virtualization as a means to support reliability, scalability and resource optimization. However, the industrial control system industry has been slow to adopt virtualization into automation controllers fully. These slides are from Austin Scott's S4 2019 presentation and outlines the benefits of industrial controller virtualization and why automation vendors see this as a threat to their business model. The slides describe a virtualized PLC deployment at a large refinery in North America that allowed them to scale to support the massive size of the plant and includes:
- What is PLC virtualization?
- A brief history of PLC virtualization
- Challenges with PLC virtualization
- The benefits of PLC/Controller virtualization
- Commodity controllers
Nozomi Networks is the leader of industrial cybersecurity, delivering real-time visibility to manage cyber risk & improve resilience for industrial operations. With one solution, customers gain advanced cybersecurity, improved operational reliability & easy IT/OT integration. Innovating the use of artificial intelligence, the company helps the largest industrial sites around the world See and Secure™ their critical industrial control networks. Today Nozomi Networks supports over a quarter of a million devices in the critical infrastructure, energy, manufacturing, mining, transportation & utility sectors, making it possible to tackle the escalating cyber risks to operational networks (OT).
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...Honeywell
A joint presentation of Yokogawa and NextNine about a 60-site global cybersecurity deployment, including what went right, what went wrong, necessary changes to the processes and technology, and the new technology was developed.
Protecting the Crown Jewels from Devastating Data BreachesLancope, Inc.
Whether they realize it or not, all enterprises have valuable data to protect. Credit card information, trade secrets, and patient data, for example, are all prime targets for cyber criminals.
You can reduce risk to your sensitive data through the use of compliance/segmentation monitoring. But what happens when malicious insiders or external attackers bypass these controls?
Join Lancope’s Consulting Security Architect, Charles Herring, to learn how network behavioral anomaly detection (NBAD) and deep visibility through NetFlow can be used to quickly alert administrators to these violations. Discover how to detect anomalies such as data hoarding and data loss to more effectively safeguard your crown jewels.
On today's increasingly militarized Internet, companies, non-profits, activists, and individual hackers are forced to melee with nation-state class adversaries. Just as one should never bring a knife to a gunfight, a network defender should not rely on tired maxims such as “perimeter defense” and “defense in depth”. Today’s adversaries are well past that. This webinar provides:
- Key insights into what we call the Library of Sparta - the collective written expertise codified into military doctrine. Hidden in plain sight, vast free libraries contain the time-tested wisdom of combat at the tactical, operational, and strategic levels.
- Better understanding on how adversaries will target your organization, and it will help you to employ military processes and strategies in your defensive operations.
- Provide you with new approaches and examples about how to translate and employ doctrinal concepts in your current operations.
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
Whether they realize it or not, all enterprises have valuable data to protect. Credit card information, trade secrets, and patient data, for example, are all prime targets for cyber criminals.
You can reduce risk to your sensitive data through the use of compliance/segmentation monitoring. But what happens when malicious insiders or external attackers bypass these controls?
Join Lancope’s Consulting Security Architect, Charles Herring, to learn how network behavioral anomaly detection (NBAD) and deep visibility through NetFlow can be used to quickly alert administrators to these violations. Discover how to detect anomalies such as data hoarding and data loss to more effectively safeguard your crown jewels.
Presented @ Frederick Linux Users Group (KeyLUG)
May 7, 2016
A presentation on protecting Small Office/Home Office (SOHO) networks that I made at the Frederick Linux Users Group (KeyLUG). I work virtually from my home, and this presentation goes through some of my experiences setting up my home network to be better and more secure. I ditched my consumer-grade NAT router and have installed a firewall, commercial-grade wireless access points, and an intrusion detection system (IDS). I'm not finished yet, but this presentation will give you an idea of some of the things that I've done, where I'm thinking about going, and as some things to consider as you setup your own network.
Your SCADA system has a vulnerability, now what? I shortly summarize the DNP3 vulnerabilities (and other ICS protocols too). Then I focus on the different mitigations that an ICS owner can do to mitigate these types of protocol implementation vulnerabilities even if there is no patch or patches can't be installed. I also show the importance of doing Network Security Monitoring to help detect and respond to anomalies in ICS/SCADA networks.
PowerUp - Automating Windows Privilege EscalationWill Schroeder
This slidedeck was given as a firetalk at @BSidesBoston '14, and covers the genesis and implementation of PowerUp, a Powershell tool for Windows privilege escalation.
This presentation was given at BSides Austin '15, and is an expanded version of the "I hunt sys admins" Shmoocon firetalk. It covers various ways to hunt for users in Windows domains, including using PowerView.
Network Security and Visibility through NetFlowLancope, Inc.
With the rise of disruptive forces such as cloud computing and mobile technology, the enterprise network has become larger and more complex than ever before. Meanwhile, sophisticated cyber-attackers are taking advantage of the expanded attack surface to gain access to internal networks and steal sensitive data.
Perimeter security is no longer enough to keep threat actors out, and organizations need to be able to detect and mitigate threats operating inside the network. NetFlow, a context-rich and common source of network traffic metadata, can be utilized for heightened visibility to identify attackers and accelerate incident response.
Join Richard Laval to discuss the security applications of NetFlow using StealthWatch. This session will cover:
- An overview of NetFlow, what it is, how it works, and how it benefits security
- Design, deployment, and operational best practices for NetFlow security monitoring
- How to best utilize NetFlow and identity services for security telemetry
- How to investigate and identify threats using statistical analysis of NetFlow telemetry
Industrial Control Systems 101 - Why Hack The Network If You Can Shut Down Th...Resilient Systems
Industrial Control Systems (ICS) refer to various types of technology that control physical infrastructure ranging from industrial production - like valves in a manufacturing plant, to environment controls - like lighting and cooling systems in an office building. Think you don't have ICS on your network? Think again. Data centers, offices and corporate campuses rely on Industrial Control Systems to operate. In fact, virtually every modern building, and corporate campus around the world plays host to environmental controls, building entry systems, safety systems, and many other automation systems that are considered ICS.
As with any system, ICS have known vulnerabilities, which now that they are network-accessible represent a tantalizing target for attackers. Why bother trying to defeat carefully constructed network security measures if you can more easily turn on the sprinkler system and bring down the entire data center?
This webinar will review ICS basics and then detail their various security risks. It will also recommend general do's and don'ts when dealing with ICS. Our featured speakers for this timely webinar are:
- Billy Rios, Technical Director at Cylance.
Billy is seasoned security professional whose background spans both the military and the private sector. He is a noted expert in ICS security.
-Ted Julian, Chief Marketing Officer at Co3 Systems.
Ted is a serial entrepreneur who has launched four companies during his ~20 years in the security / compliance industry.
Protecting Financial Networks from Cyber CrimeLancope, Inc.
Financial services organizations are prime targets for cyber criminals. They must take extreme care to protect customer data, while also ensuring high levels of network availability to allow for 24/7 access to critical financial information. Additionally, industry consolidation has created large, heterogeneous network environments within large financial institutions, making it difficult to ensure that networks have the necessary visibility and protection to prevent a devastating security breach. By leveraging NetFlow from existing network infrastructure, financial services organizations can achieve comprehensive visibility across even the largest, most complex networks. The ability to quickly detect a wide range of potentially malicious activity helps prevent damaging data breaches and network disruptions. Attend this informational webinar, conducted by Lancope’s Director of Security Research, Tom Cross, to learn: How NetFlow can help quickly uncover both internal and external threats How pervasive network insight can accelerate incident response and forensic investigations How to substantially decrease enterprise risks
Controlling Access to IBM i Systems and DataPrecisely
Security best practice and regulations such as SOX, HIPAA, GDPR and others require you to restrict access to your critical IBM i systems and their data, but this is easier said than done. Legacy, proprietary access protocols now co-exist with new, open-source protocols to create access control headaches.
View this webcast on-demand for an in-depth discussion of IBM i access points that must be secured and how exit points can be leveraged to accomplish the task. We’ll cover:
• Securing network access and communication ports
• How database access via open-source protocols can be secured
• Taking control of command execution
Expand Your Control of Access to IBM i Systems and DataPrecisely
Controlling all the ways your company’s data is being accessed, especially given the proliferation of open source software and other non-traditional data-access methods, is critical to ensuring security and regulatory compliance. This webinar reviews the different ways your data can be accessed, discusses how exit points work and how they can be managed, and why a global data access control strategy is especially important to efficiently protect sensitive data against unwanted access.
Topics include:
• IBM i access methods and risks
• Using exit programs to block traditional and modern access methods
• Real life examples and perspectives
Behind the Curtain: Exposing Advanced ThreatsCisco Canada
Today's advanced threats hide in plain sight, patiently waiting to strike, challenging security teams to track their progress across their network and endpoints. Meanwhile, executive and board-level reporting requirements are increasing as leadership demands in-depth answers that are unavailable from today’s block/allow security tools. With 55% of organizations unable to identify the origin of their last security breach, it’s time to stop relying on tools that define security based on what they see ‘out there’ and instead hunt for threats by tracking files, file relationships, and both endpoint and network behavior ‘in here’—inside your environment. In the first part of this interactive session, learn how Cisco’s Advanced Malware Protection (AMP) solutions use big data analytics to compare a real-time, dynamic history of your environment to the global threat landscape, automatically uncovering and blocking advanced threats before they strike. Then watch workflow examples demonstrating how your security team can use this advanced visibility and control to dramatically improve their efficiency and finally deliver the business 100% confidence answers.
Compliance made easy. Pass your audits stress-free.AlgoSec
Don’t fail an audit ever again. Yes, it’s possible.
It doesn’t matter what regulation you are talking about, whether your own internal compliance standard or a common global framework such as PCI DSS, SOX, HIPPA, SWIFT, or even HKMA.
This 2-part presentation, "Mission Critical Security in a Post-Stuxnet World," contains slides from the Hirschmann 2011 Mission Critical Network Design Seminar. It summarizes a lot of information about the Stuxnet malware and discusses what it means for the future of SCADA and ICS security.
The presentation is ideal for anyone needing a crash course on Stuxnet, or as a tool for informing management about the implications of it.
The Bot Stops Here: Removing the BotNet Threat - Public and Higher Ed Securit...Eric Vanderburg
Eric Vanderburg, Director of Information Systems and Security at JurInnov, presents "The Bot Stops Here: Removing the BotNet Threat" at the Public and Higher Ed Security Summit.
Solving the Visibility Gap for Effective SecurityLancope, Inc.
Network visibility is a vital component of an effective security strategy, but many organizations lack the ability to identify threat activity in their environment. At Cisco, we have assessed the networks of thousands of organizations, and in nearly every instance, we discovered undocumented hosts, risky user behavior, or malicious activity.
Whether it is rogue servers, unauthorized connections, or ongoing data breaches, we’ve harnessed the power of network visibility to identify a variety of suspicious and malicious activity. Now let us share our knowledge with you.
Join Jeff Moncrief, Systems Engineering Manager at Cisco, to learn:
- The reality of how vulnerable enterprise networks are from endpoint to edge
- The security benefits of end-to-end network visibility
- Common problems solved with network visibility
- Stories of real-life threats hidden on networks we’ve assessed
- How to turn your network into a security sensor to gain critical visibility and threat detection capabilities
The idea of a more connected world is an exciting prospect. The proliferation of Internet-enabled cars, appliances, medical devices, thermostats, and so on has already changed the way we live and will only continue grow. Unfortunately, these devices are expanding an already large attack surface, and cybercriminals are eager to exploit them.
If we do not prepare for this influx of new, specialized devices on our networks, the Internet of Things (IoT) will leave gaping holes in our cybersecurity practices. But securing these many devices is a daunting task for even the bravest security professional.
Join Keith Wilson of Cisco Security for a webinar to discuss the security challenges related to IoT. Topics covered include:
-Why IoT devices can be difficult to secure
-Industries already affected by this trend such as health care, manufacturing, financial services and retail
-The various approaches to securing these devices
-How you can best keep IoT devices from becoming a security liability
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
When Edward Snowden leaked classified information to the mainstream media, it brought the dangers posed by insider threats to the forefront of public consciousness, and not without reason. Today’s agencies are drowning in fears surrounding sophisticated cyber-attacks but perhaps the most concerning type of attack out there – the insider threat. According to Forrester, abuse by malicious insiders makes up 25% of data breaches. Learn about the best practices and technologies you should be implementing now to avoid becoming the next victim of a high-profile attack.
- Become aware of the different types of insider threats, including their motives and methods of attack
- Understand why conventional security tools like firewalls, antivirus and IDS/IPS are powerless in the face of the insider threat
- Gain clarity on the various technologies, policies and best practices that should be put in place to help detect and thwart insider threats
- Discover how network logs, particularly NetFlow, can be used to cost-effectively monitor for suspicious insider behaviors that could indicate an attack
- Know about emerging attack methods such as muleware that could further escalate insider threats in the coming years
While the current threat landscape is full of sophisticated and well-resourced adversaries, one of the most dangerous is the insider because they already have access to the sensitive data on your network.
According to a report from Forrester Research, nearly half of technology decision makers who experienced a data breach in the year studied reported that an internal incident was the source of their compromise.
Since firewalls and perimeter defenses are largely incapable of addressing insider threats, organizations must turn to internal network monitoring and analytics to identify threats based on their behavior.
Join us for a free webinar on the Five Signs You Have an Insider Threat to learn what to look for to protect your organization from this challenging attack type. The webinar will cover topics including:
- Insider threat prevalence
- Major signs of insider threat activity
- How to detect these signs
- How to identify an insider threat before they impact your organization
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Lancope, Inc.
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ISE and TrustSec
Recent breaches have demonstrated that insider threats and determined attackers are effectively able to operate on the network interior where they can wreak havoc on an organization. As a result, it has become necessary to implement security policies inside the network. This webinar describes a data intelligence-driven approach to dynamically segmenting the network to control threats and protect the enterprise through the use of NetFlow and Lancope’s StealthWatch® System in combination with Cisco ISE and TrustSec.
This webinar will cover:
• design and deployment scenarios
• use cases
• best practices
• configuration examples
• forward-leaning vision
The primary takeaway of this webinar is a methodology for leveraging StealthWatch to drive segmentation policies and control threats on the network interior.
Detecting Threats: A Look at the Verizon DBIR and StealthWatchLancope, Inc.
A common theme in data breach investigations is the deficit between the time it takes an attacker to compromise a system and the time it takes for the defender to detect the attack. In many cases, victim organizations do not know they have been breached for weeks or months after the initial compromise, while attackers can gain access in a matter of minutes or hours.
The StealthWatch® System can drastically reduce the time to identify threats, giving security personnel a window of opportunity to mitigate an attack before valuable data is lost. This webinar will cover how StealthWatch quickly detects a variety of malicious activity, using threat information from the Verizon 2015 Data Breach Investigations Report as a backdrop.
Participants will learn how StealthWatch can quickly detect:
- Crimeware
- Insider threats
- Point-of-sale (POS) intrusions
- Cyber-espionage
So You Want a Threat Intelligence Function (But Were Afraid to Ask)Lancope, Inc.
Today’s advanced threats and targeted attacks necessitate the collection, analysis and use of threat intelligence for effective cyber security. What was once the realm of government organizations is now something that all organizations should be focusing on, but few know where to start.
Join Gavin Reid, Lancope’s Vice President of Threat Intelligence, for a complimentary webinar to learn the ins and outs of threat intelligence and best practices for incorporating it into your security strategy. Topics covered will include:
What threat intelligence is
Best practices for developing a threat intelligence function
Common pitfalls to avoid when setting up a threat intelligence practice
How threat intelligence fits into the other components of an enterprise security strategy
Extending Network Visibility: Down to the EndpointLancope, Inc.
In today’s world of constantly evolving security threats and attack vectors, organizations need to be vigilant about monitoring their network infrastructure. The network perimeter and security infrastructure is often challenged with the adoption of mobile devices, cloud, and BYOD policies. The need for visibility into endpoint activity has become more important than ever.
Join Josh Applebaum (Ziften), Matthew Frederickson, (Council Rock School District) and Peter Johnson (Lancope) for a complimentary webinar to learn how you can achieve real-time network visibility and intelligence for improved incident response.
Discover how you can:
- Achieve additional visibility and context to network activity
- Enhance your existing security investments (NetFlow, Firewall, SIEM, threat intelligence)
- Improve incident response by obtaining real-time and historical endpoint data
Save Your Network – Protecting Manufacturing Data from Deadly BreachesLancope, Inc.
As recent events have proven, manufacturing organizations are especially vulnerable to cyber-attacks due to the amount of valuable data they maintain. With advanced attacks becoming so ubiquitous, how can manufacturing organizations protect their data and avoid becoming the next high-profile victim in the headlines?
The answer lies in network visibility. Manufacturing providers and others are invited to join this complimentary webinar to learn how to:
- Cost-effectively transform their network into a sensor grid for detecting sophisticated attacks
- Quickly uncover suspicious behaviors associated with zero-day attacks, APTs, insider threats and other risks that frequently evade conventional defenses
- Protect their reputation by thwarting attacks before they lead to devastating data loss
The Seven Deadly Sins of Incident ResponseLancope, Inc.
According to a recent study from Cisco, organizations show high levels of confidence in their security policies; but when it comes to their ability to scope and contain compromises, their confidence drops significantly.
Such statistics demonstrate that organizations continue to struggle with incident response.
Join Lancope’s security researcher, Brandon Tansey, and 451 Research’s senior analyst, Javvad Malik, to learn how to avoid The Seven Deadly Sins of Incident Response, and what you can do to improve your organization’s security posture.
Sins include:
- Lack of visibility/not understanding your environment
- Inability to separate the signal from the noise
- Modeling use cases on defenses, not attackers
Save Your Network – Protecting Healthcare Data from Deadly BreachesLancope, Inc.
As recent events have proven, healthcare organizations are especially vulnerable to cyber-attacks due to the amount of valuable data they maintain. With advanced attacks becoming so ubiquitous, how can healthcare organizations protect patient data and avoid becoming the next high-profile victim in the headlines?
The answer lies in network visibility. Healthcare providers and others are invited to join this complimentary webinar to learn how to:
-Cost-effectively transform their network into a sensor grid for detecting sophisticated attacks
-Quickly uncover suspicious behaviors associated with zero-day attacks, APTs, insider threats and other risks that frequently evade conventional defenses
-Protect their reputation by thwarting attacks before they lead to devastating data loss
Using Your Network as a Sensor for Enhanced Visibility and Security Lancope, Inc.
Driven by the mobility, cloud computing, and Internet of Everything megatrends and fueled by increasingly sophisticated cybercriminals, today’s information landscape is more dynamic and more vulnerable than ever before.
Join Cisco and Lancope for a complimentary webinar to learn how you can implement a comprehensive, network-enabled approach to cybersecurity.
During the webinar we will discuss:
Using the Network as a Security Sensor with Lancope’s StealthWatch System and Flexible NetFlow and to obtain visibility at scale, monitor network activity efficiently, discover security incidents quickly, and help achieve compliance.
Using the Network as a Security Enforcer with Cisco TrustSec to ensure policy-based access control and network segmentation for containment of the network attacks, assist compliance and reduce risks of data-breaches.
Signature detection of attacks requires an understanding of what is “bad” traffic. Unfortunately, advanced attackers are crafting innovative and persistent attacks that create a new brand of “bad” that has no signature. Today’s organizations must instead embrace more forward-thinking security measures such as behavioral analysis in order to identify threats that bypass conventional defenses.
Join this complimentary webinar to learn how real-world breaches over the last couple of years were detected by looking at traffic deviating from normal patterns via metadata/NetFlow analysis.
Discover how:
- Sophisticated attackers are bypassing conventional, signature-based security solutions
- NetFlow analysis can detect both known and unknown threats by identifying anomalous behaviors that could signify an attack
- Leveraging flow data can significantly improve threat detection, incident response and network forensics
Cisco CSIRT Case Study: Forensic Investigations with NetFlowLancope, Inc.
Cisco CSIRT uses NetFlow to collect 16 billion flows from Cisco’s 175TB of traffic observed daily. The data is used to monitor, investigate, and contain incidents using 3 key playbook “plays” each day.
Two leaders from Cisco's Computer Security Incident Response Team (CSIRT) will review a real cyber incident and the resulting investigation leveraging NetFlow collected via the StealthWatch System.
Participants will learn how to use NetFlow and the StealthWatch System to:
Investigate top use cases: C&C discovery, data loss and DOS attacks
Gain contextual awareness of network activity
Accelerate incident response
Minimize costly outages and downtime from threats
Protect the evolving network infrastructure
Provide forensic evidence to prosecute adversaries
Reverse Engineering Malware: A look inside Operation TovarLancope, Inc.
Join us as we step through the reverse engineering of CryptoLocker, identifying important functionality and weaknesses. We'll demonstrate how we were able to use this information to help protect our customers months ago, the weaknesses that the Department of Justice took advantage of, and how you can do the same for other types of malware down the line.
Lancope’s latest release includes an intuitive Web interface and sophisticated alarming capabilities for enhanced usability, security analytics and early threat detection. The new version further improves incident response and network forensics for fending off today’s advanced attacks. Specific new features include:
• The Operational Network & Security Intelligence (ONSI) dashboard, which keeps track of the attacker’s “kill chain,” providing administrators with awareness of how far attacks are progressing within their networks.
• New “data hoarding” alarms that detect attackers who are moving stolen data around within internal networks or preparing it for exfiltration.
• StealthWatch Labs Security Updates that provide constantly updated, automated security capabilities in the StealthWatch System to detect the latest threats.
• User-defined Threat Criteria, which enable administrators to monitor their networks for targeted attack activity based on specific threat intelligence.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
2. Vulnerabilities I’m credited on…
• MFSA2008-‐37
Mozilla
Stack
Buffer
Overflow
• cisco-‐sa-‐20070808-‐IOS-‐IPv6-‐leak
InformaDon
Leakage
Using
IPv6
RouDng
Header
in
Cisco
IOS
and
Cisco
IOS-‐
XR
• MS07-‐033
Internet
Explorer
COM
object
instanDaDon
• CVE-‐2007-‐2388
Apple
QuickDme
for
Java
remote
code
execuDon
• MS06-‐036
Windows
SMB
Denial
of
Service
• X-‐Force
Alert
228
Asterisk
PBX
Denial
of
Service
• X-‐Force
Alert
229
Asterisk
PBX
Traffic
AmplificaDon
7. "In
our
experience
in
conduc.ng
hundreds
of
vulnerability
assessments
in
the
private
sector,
in
no
case
have
we
ever
found
the
opera.ons
network,
the
SCADA
system
or
energy
management
system
separated
from
the
enterprise
network.
On
average,
we
see
11
direct
connec.ons
between
those
networks.”
Source:
Sean
McGurk,
Verizon
The
Subcommi_ee
on
NaDonal
Security,
Homeland
Defense,
and
Foreign
OperaDons
May
25,
2011
hearing.
Its connected to the Internet.
8.
9.
10. SHODAN
• Project
STRIDE:
“To
date,
we
have
discovered
over
500,000
control
system
related
nodes
world-‐
wide
on
the
internet.
About
30%
are
from
the
US,
and
most
are
on
ISP
addresses.”
11. ICS Cert
• In
February
2011,
independent
security
researcher
Ruben
Santamarta
used
SHODAN
to
idenDfy
online
remote
access
links
to
mul0ple
u0lity
companies’
Supervisory
Control
and
Data
Acquisi0on
(SCADA)
systems.
• In
April
2011,
ICS-‐CERT
received
reports
of
75
Internet
facing
control
system
devices,
mostly
in
the
water
sector.
Many
of
those
control
systems
had
their
remote
access
configured
with
default
logon
creden0als.
• In
September
2011,
independent
researcher
Eireann
Levere_
contacted
ICS-‐CERT
to
report
several
thousand
Internet
facing
devices
that
he
discovered
using
SHODAN.
14. Stage 3: Bargaining
• Stuxnet
• First
widely
reported
use
of
malware
to
destroy
a
physical
plant
• Extremely
sophisDcated
• Jumped
the
air-‐gap
via
USB
keys
• Widespread
infecDons
throughout
the
Internet
• Shamoon
• Targeted
the
energy
sector
• DestrucDve
• Over
writes
files
• Destroys
the
Master
Boot
Record
Stuxnet
infecDons,
source
Symantec:
17. DDOS
AFacks
More
Automated
&
Powerful
• Prolexic
Q2
2012
to
Q2
2013
– 33%
increase
in
a_acks
– 925%
increase
in
bandwidth
• 4.47
Gbps
to
49.24
Gbps
– 1655%
increase
in
packets
per
second
• 2.7
Mpps
to
47.4
Mpps
20. Stage 4: Depression
The
Patching
Treadmill
• Control
systems
are
not
designed
to
be
shut
down
regularly
• EnDre
systems
may
need
to
be
shut
down
for
a
single
patch
install
• Patching
may
mean
upgrading
• Upgrades
can
cascade
through
a
system
• Even
assessments
may
require
downDme!
• Patching
leads
to
InterconnecDvity
• InterconnecDvity
leads
to
compromise
• SoluDons?
– Third-‐Party
Run-‐Time
In-‐Memory
Patching?
– Intrusion
PrevenDon
Systems?
21. Stage 5: Acceptance
What
would
acceptance
mean?
• Genng
serious
about
interconnecDvity
• We
need
to
find
new
ways
to
work
• We
need
to
accept
some
inconvenience
• Designing
systems
for
patchability
• Systems
that
can
be
patched
without
being
restarted
• Hot
Standby
failover
• Patches
that
do
not
require
upgrades
• Security
patches
that
can
be
accepted
without
performance
concerns
• Built
in
IDS
capability?
• Designing
systems
for
failure
23. Network Visibility through Netflow
DMZ
VPN
Internal
Network
Internet
NetFlow Packets
src and dst ip
src and dst port
start time
end time
mac address
byte count
- more -
NetFlow
3G
Internet
3G
Internet
NetFlow
NetFlow
NetFlow
NetFlow
NetFlow
Collector
24. Intrusion Audit Trails
1:06:15
PM:
Internal
Host
Visits
Malicious
Web
Site
1:06:30
PM:
Malware
InfecDon
Complete,
Accesses
Internet
Command
and
Control
1:06:35
PM:
Malware
begins
scanning
internal
network
1:13:59
PM:
MulDple
internal
infected
hosts
1:07:00
PM:
Gateway
malware
analysis
idenDfies
the
transacDon
as
malicious
1:14:00
PM:
Administrators
manually
disconnect
the
iniDal
infected
host
Do
you
know
what
went
on
while
you
were
miDgaDng?