44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
A quick summary of the current state of big data technology and data science approaches used in cyber / network defender security analytics including summary use cases, a walk through of a reference architecture and breakdown of the required skills. Focus is on the knowledge needed to run a proof of concept and establish a programme for early benefits. Will then also include a view on the future of extending the platforms and capabilities of security analytics to cover performance metrics and data-driven security management approaches.
The Myths + Realities of Machine-Learning CybersecurityInterset
Dr. Chase Cunningham, Principal Analyst at Forrester Research, joined Interset’s CTO, Stephan Jou, for a chat about what machine learning means and how enterprises can successfully deploy security analytics strengthened by this type of artificial intelligence. (For more information, visit Interset.com.)
The only way to get where we need to be in security analysis is if we use Security Intelligence. This means working harder and understanding the big picture of your data.
Security Analytics and Big Data: What You Need to KnowMapR Technologies
The number of attacks on organization's' IT infrastructure are continuously increasing. It is becoming more and more difficult to identify unknown threats, in particular. This problem requires the ability to store more data and better tools to analyze the data.
Learn in this webinar why big data is enabling new security analytics solutions and why the MapR Quick Start Solution for Security Analytics offers an easy starting point for faster and deeper security analytics.
DATA SCIENCE METHODOLOGY FOR CYBERSECURITY PROJECTS cscpconf
Cybersecurity solutions are traditionally static and signature-based. The traditional solutions
along with the use of analytic models, machine learning and big data could be improved by
automatically trigger mitigation or provide relevant awareness to control or limit consequences
of threats. This kind of intelligent solutions is covered in the context of Data Science for
Cybersecurity. Data Science provides a significant role in cybersecurity by utilising the power
of data (and big data), high-performance computing and data mining (and machine learning) to
protect users against cybercrimes. For this purpose, a successful data science project requires
an effective methodology to cover all issues and provide adequate resources. In this paper, we
are introducing popular data science methodologies and will compare them in accordance with
cybersecurity challenges. A comparison discussion has also delivered to explain methodologies’
strengths and weaknesses in case of cybersecurity projects.
Machine Learning + AI for Accelerated Threat-HuntingInterset
How quickly can your enterprise find the cyberthreats that matter? In case you missed our talk at #MPOWER17, this is how the new Interset-McAfee security ecosystem helps security teams find them faster.
The Myths + Realities of Machine-Learning CybersecurityInterset
Dr. Chase Cunningham, Principal Analyst at Forrester Research, joined Interset’s CTO, Stephan Jou, for a chat about what machine learning means and how enterprises can successfully deploy security analytics strengthened by this type of artificial intelligence. (For more information, visit Interset.com.)
The only way to get where we need to be in security analysis is if we use Security Intelligence. This means working harder and understanding the big picture of your data.
Security Analytics and Big Data: What You Need to KnowMapR Technologies
The number of attacks on organization's' IT infrastructure are continuously increasing. It is becoming more and more difficult to identify unknown threats, in particular. This problem requires the ability to store more data and better tools to analyze the data.
Learn in this webinar why big data is enabling new security analytics solutions and why the MapR Quick Start Solution for Security Analytics offers an easy starting point for faster and deeper security analytics.
DATA SCIENCE METHODOLOGY FOR CYBERSECURITY PROJECTS cscpconf
Cybersecurity solutions are traditionally static and signature-based. The traditional solutions
along with the use of analytic models, machine learning and big data could be improved by
automatically trigger mitigation or provide relevant awareness to control or limit consequences
of threats. This kind of intelligent solutions is covered in the context of Data Science for
Cybersecurity. Data Science provides a significant role in cybersecurity by utilising the power
of data (and big data), high-performance computing and data mining (and machine learning) to
protect users against cybercrimes. For this purpose, a successful data science project requires
an effective methodology to cover all issues and provide adequate resources. In this paper, we
are introducing popular data science methodologies and will compare them in accordance with
cybersecurity challenges. A comparison discussion has also delivered to explain methodologies’
strengths and weaknesses in case of cybersecurity projects.
Machine Learning + AI for Accelerated Threat-HuntingInterset
How quickly can your enterprise find the cyberthreats that matter? In case you missed our talk at #MPOWER17, this is how the new Interset-McAfee security ecosystem helps security teams find them faster.
How to Operationalize Big Data Security AnalyticsInterset
Analytics tools and analysis tools are not the same. Here is how to accelerate threat-detection activities with a holistic, strategic security-analytics solution.
In security, rules and thresholds create an excess of security alerts. This slows down security teams, and buries real threats to the enterprise. Analytics, in contrast, will take billions of events and distill them into a handful of true threat leads. This presentation explains—through case studies—how to use statistical methods to validate threats and reduce false positives.
WEBINAR: How To Use Artificial Intelligence To Prevent Insider ThreatsInterset
Interset CTO Stephan Jou joins Holger Schulze, CEO at Cybersecurity Insiders, to discuss the impact of insider attacks and how AI can be used to mitigate these threats. To watch the webinar recording, click here: https://register.gotowebinar.com/register/2916777136713869315
Want to learn more about the risks of insider threats? Check out highlights from the 2018 Insider Threat Report: https://www.slideshare.net/Interset/2018-insider-threat-report-infographic
3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FONandita Nityanandam
In today's competitive landscape where manufacturers need to seamlessly connect devices, departments, and people across geographical boundaries, Dynamics 365, with new-age collaboration, productivity, and intelligence features, allows them to streamline every aspect of their manufacturing business while constantly enhancing employee productivity and customer satisfaction. Go through this presentation to know the top reasons for moving to Dynamics 365FO.
How to Operationalize Big Data Security Analytics - Technology Spotlight at I...Interset
At IANS Forum NYC 2018, Interset Technology Architect Bob Patten discussed how companies can operationalize security analytics with Interset's threat detection platform, which distills billions of events into a handful of prioritized threat leads through unsupervised machine learning and an open source, big data architecture.
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoescentralohioissa
This presentation is to provide IT departments who have not leveraged their own data analytics skills for increasing the efficiency and effectiveness of compliance efforts to implement very low-cost solutions while achieving high returns on investment. Focusing on understanding how audit performs testing should assist IT organizations in designing their own compliance testing. Multiple examples will be provided to demonstrate how unlocking the potential of small and/or unstructured data and focusing on data relationships will improve overall data integrity and provide quantifiable measures of operational effectiveness.
Data Connectors San Antonio Cybersecurity Conference 2018Interset
In this presentation, Interset Principal Data Scientist Roy Wilds dives into examples of how companies have successfully deployed security analytics. He also addresses how to choose the correct technology, fit it into existing security operations, and define success metrics to measure results.
Ashrith talks about whether it's time for the cyber security industry to start using AI to solve their challenges
- Powered by the open source machine learning software H2O.ai. Contributors welcome at: https://github.com/h2oai
- To view videos on H2O open source machine learning software, go to: https://www.youtube.com/user/0xdata
Operationalizing Big Data Security Analytics - IANS Forum Toronto KeynoteInterset
Presented by Stephan Jou, Interset CTO, at IANS Forum Toronto 2018, this presentation explores how companies can operationalize security analytics with Interset's threat detection platform, which distills billions of events into a handful of prioritized threat leads through unsupervised machine learning and an open source, big data architecture.
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]Interset
At the 2018 CRIAQ RDV Forum, Interset Director of Field Operations Jay Lillie presented on Interset's mission to apply principled math and data science to cybersecurity in order to detect insider threats.
A brief run-through of the economics of controls, threats and how attackers and defenders think. Following an introduction to the current and next generation security analytics.
Cybersecurity 2014: The Impact of Policies and Regulations on Companies by Andrea Almeida from the First Semi-Annual Cyber Security Conference in Plano, Texas held September 26-27, 2014.
The more your organization knows about potential threats, the safer your critical assets will be, but are traditional solutions, such as monthly scans and haphazard patching enough? What your scanner isn’t telling you are the critical vulnerabilities that should be fixed first.
Presented by Patrick Miller, The Anfield Group and Jason Ile, Tripwire
Abstract: This presentation emphasis the importance of building an environment where compliance is a natural byproduct of effective security controls. The presenters discuss how to establish info security controls that reinforce a culture of controls, by being plugged into the daily operational processes of IT operations, software and service development, project management and Internal audit.
Additional, the presenters explore the various benefits of continuous monitoring and how to achieve it through a step-by-step practice.
Building Human Intelligence – Pun IntendedEnergySec
Presented by: Rohyt Belani, Phishme
Abstract: In the physical world, the human brain has evolved to avoid danger. The threat of physical pain triggers fear – and we have learned to avoid behavior that causes pain. In the electronic world of email, however, this concept doesn’t translate. Clicking on a malicious link or opening an attachment laced with malware doesn’t cause pain, and often a user won’t even notice anything is wrong after doing it. How then, can we teach fear perception in the electronic world? Is it even possible? In this presentation I’ll discuss how immersive training can key on psychological triggers to teach people to become skeptical email users who not only avoid undesired security behavior but can aid intrusion detection by reporting suspicious emails, helping to mitigate one of the most serious problems in security: slow incident detection times. According to reports from Mandiant and Verizon, average detection time for an incident is in the hundreds of days. A properly trained workforce is not only resilient to phishing attacks, but can improve detection times as well.
A New Approach to Threat Detection: Big Data Security Analytics Interset
Learn how to distill billions of events into a handful of security leads. Security analytics powered by machine learning is proven to make your SOC more efficient. This presentation includes four case studies.
How to Operationalize Big Data Security AnalyticsInterset
Analytics tools and analysis tools are not the same. Here is how to accelerate threat-detection activities with a holistic, strategic security-analytics solution.
In security, rules and thresholds create an excess of security alerts. This slows down security teams, and buries real threats to the enterprise. Analytics, in contrast, will take billions of events and distill them into a handful of true threat leads. This presentation explains—through case studies—how to use statistical methods to validate threats and reduce false positives.
WEBINAR: How To Use Artificial Intelligence To Prevent Insider ThreatsInterset
Interset CTO Stephan Jou joins Holger Schulze, CEO at Cybersecurity Insiders, to discuss the impact of insider attacks and how AI can be used to mitigate these threats. To watch the webinar recording, click here: https://register.gotowebinar.com/register/2916777136713869315
Want to learn more about the risks of insider threats? Check out highlights from the 2018 Insider Threat Report: https://www.slideshare.net/Interset/2018-insider-threat-report-infographic
3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FONandita Nityanandam
In today's competitive landscape where manufacturers need to seamlessly connect devices, departments, and people across geographical boundaries, Dynamics 365, with new-age collaboration, productivity, and intelligence features, allows them to streamline every aspect of their manufacturing business while constantly enhancing employee productivity and customer satisfaction. Go through this presentation to know the top reasons for moving to Dynamics 365FO.
How to Operationalize Big Data Security Analytics - Technology Spotlight at I...Interset
At IANS Forum NYC 2018, Interset Technology Architect Bob Patten discussed how companies can operationalize security analytics with Interset's threat detection platform, which distills billions of events into a handful of prioritized threat leads through unsupervised machine learning and an open source, big data architecture.
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoescentralohioissa
This presentation is to provide IT departments who have not leveraged their own data analytics skills for increasing the efficiency and effectiveness of compliance efforts to implement very low-cost solutions while achieving high returns on investment. Focusing on understanding how audit performs testing should assist IT organizations in designing their own compliance testing. Multiple examples will be provided to demonstrate how unlocking the potential of small and/or unstructured data and focusing on data relationships will improve overall data integrity and provide quantifiable measures of operational effectiveness.
Data Connectors San Antonio Cybersecurity Conference 2018Interset
In this presentation, Interset Principal Data Scientist Roy Wilds dives into examples of how companies have successfully deployed security analytics. He also addresses how to choose the correct technology, fit it into existing security operations, and define success metrics to measure results.
Ashrith talks about whether it's time for the cyber security industry to start using AI to solve their challenges
- Powered by the open source machine learning software H2O.ai. Contributors welcome at: https://github.com/h2oai
- To view videos on H2O open source machine learning software, go to: https://www.youtube.com/user/0xdata
Operationalizing Big Data Security Analytics - IANS Forum Toronto KeynoteInterset
Presented by Stephan Jou, Interset CTO, at IANS Forum Toronto 2018, this presentation explores how companies can operationalize security analytics with Interset's threat detection platform, which distills billions of events into a handful of prioritized threat leads through unsupervised machine learning and an open source, big data architecture.
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]Interset
At the 2018 CRIAQ RDV Forum, Interset Director of Field Operations Jay Lillie presented on Interset's mission to apply principled math and data science to cybersecurity in order to detect insider threats.
A brief run-through of the economics of controls, threats and how attackers and defenders think. Following an introduction to the current and next generation security analytics.
Cybersecurity 2014: The Impact of Policies and Regulations on Companies by Andrea Almeida from the First Semi-Annual Cyber Security Conference in Plano, Texas held September 26-27, 2014.
The more your organization knows about potential threats, the safer your critical assets will be, but are traditional solutions, such as monthly scans and haphazard patching enough? What your scanner isn’t telling you are the critical vulnerabilities that should be fixed first.
Presented by Patrick Miller, The Anfield Group and Jason Ile, Tripwire
Abstract: This presentation emphasis the importance of building an environment where compliance is a natural byproduct of effective security controls. The presenters discuss how to establish info security controls that reinforce a culture of controls, by being plugged into the daily operational processes of IT operations, software and service development, project management and Internal audit.
Additional, the presenters explore the various benefits of continuous monitoring and how to achieve it through a step-by-step practice.
Building Human Intelligence – Pun IntendedEnergySec
Presented by: Rohyt Belani, Phishme
Abstract: In the physical world, the human brain has evolved to avoid danger. The threat of physical pain triggers fear – and we have learned to avoid behavior that causes pain. In the electronic world of email, however, this concept doesn’t translate. Clicking on a malicious link or opening an attachment laced with malware doesn’t cause pain, and often a user won’t even notice anything is wrong after doing it. How then, can we teach fear perception in the electronic world? Is it even possible? In this presentation I’ll discuss how immersive training can key on psychological triggers to teach people to become skeptical email users who not only avoid undesired security behavior but can aid intrusion detection by reporting suspicious emails, helping to mitigate one of the most serious problems in security: slow incident detection times. According to reports from Mandiant and Verizon, average detection time for an incident is in the hundreds of days. A properly trained workforce is not only resilient to phishing attacks, but can improve detection times as well.
A New Approach to Threat Detection: Big Data Security Analytics Interset
Learn how to distill billions of events into a handful of security leads. Security analytics powered by machine learning is proven to make your SOC more efficient. This presentation includes four case studies.
44CON 2014 - Researching Android Device Security with the Help of a Droid Arm...44CON
44CON 2014 - Researching Android Device Security with the Help of a Droid Army, Joshua J. Drake
In the last few years, Android has become the world’s leading smart phone operating system. Unfortunately, the diversity and sheer number of devices in the ecosystem represent a significant challenge to security researchers. Primarily, auditing and exploit development efforts are less effective when focusing on a single device because each device is like a snowflake: unique.
This presentation centers around the speaker’s approach to dealing with the Android diversity problem, which is often called “fragmentation”. To deal with the issue, Joshua created a heterogeneous cluster of Android devices. By examining and testing against multiple devices, you can discover similarities and differences between devices or families of devices. Such a cluster also enables quickly testing research findings or extracting specific information from each device.
44CON 2104 - Lessons Learned from Black Hat's Infrastructure, Conan Dooley44CON
44CON 2104 - Lessons Learned from Black Hat's Infrastructure, Conan Dooley
Let’s take a quick trip across the sea to the halls of Black Hat. What made the training network tick? How was it created, who was attacking the network, and how was it defended? How do you keep the wired training network up and reliable when you have nearly two thousand people hammering on it? What tricks kept the wireless running for all those tweets?
44CON 2014 - Flushing Away Preconceptions of Risk, Thom Langford44CON
44CON 2014 - Flushing Away Preconceptions of Risk, Thom Langford
Risk is often seen as a dirty word in business. It is a thing that needs to be reduced to nothing, and has no possible good use in an organization, especially a security programme.
This couldn’t be more wrong! Risk is an inherent part of any business, and yet it is often poorly recognized and leveraged in the security organisation. In this presentation Thom will look at three areas of the risk conundrum to open the veil on the elusive art of understanding and ultimately measuring risk.
44CON 2013 - .Net Havoc - Manipulating Properties of Dormant Server Side Web ...44CON
Most modern web application frameworks use Server-Side Web Controls to enhance the development process; components that other platforms require the developer to implement can be dragged and dropped into the page design view.
These components are also protected using a variety of mechanisms, including digital signatures, content restrictions and even invisibility.
However, developers that use these components improperly can expose their application to a variety of different attacks that can be executed despite, and sometimes due to the existence of security mechanisms.
44CON 2014 - Switches Get Stitches, Eireann Leverett & Matt Erasmus44CON
44CON 2014 - Switches Get Stitches, Eireann Leverett & Matt Erasmus
This 2 hour workshop will introduce you to Industrial Ethernet Switches and their vulnerabilities. These are switches used in industrial environments, like substations, factories, refineries, ports, or other other homes of industrial automation equipment. In other words, scada and ICS switches. You will gain familiarity with the basic usage of these switches, and do some very light traffic analysis and firmware reverse engineering.
Not only will vulnerabilities be disclosed for the first time (exclusively at 44CON), but the methods of finding those vulnerabilities will be shared. If you have never done any reverse engineering or firmware analysis, this might be a good place to start.
You will need to be familiar with a linux commandline, and the usage of tools such as BURP and wireshark. If you are an IDA Pro wizard we welcome your attendance, but we won’t be teaching you anything new. However, we will examine firmware and device embedded webservers with tools such binwalk, strings, grep, xxd, python, scapy, and compression utilities.
All vulnerabilities taught/disclosed will be in the default configuration state of the devices. While these vulnerabilities have been responsibly disclosed to the vendors, SCADA/ICS patching in live environments tends to take 1-3 years. So this work will be fresh and useful for your penetration tests in the future.
You might even find new vulnerabilities with the chance to play with these devices (which are being brought to 44CON for this workshop)!
44CON 2014 - I Hunt TR-069 Admins: Pwning ISPs Like a Boss, Shahar Tal44CON
44CON 2014 - I Hunt TR-069 Admins: Pwning ISPs Like a Boss, Shahar Tal
Residential gateway (/SOHO router) exploitation is a rising trend in the security landscape - ever so often do we hear of yet another vulnerable device, with the occasional campaign targeted against specific versions of devices through independent scanning or Shodan dorking. We shine a bright light on TR-069/CWMP, the previously under-researched, de-facto CPE device management protocol, and specifically target ACS (Auto Configuration Server) software, whose pwnage can have devastating effects on critical amounts of users. These servers are, by design, in complete control of entire fleets of consumer premises devices, intended for use by ISPs and Telco providers. or nation-state adversaries, of course (sorry NSA, we know it was a cool attack vector with the best research-hours-to-mass-pwnage ratio). We investigate several TR-069 ACS platforms, and demonstrate multiple instances of poorly secured deployments, where we could have gained control over hundreds of thousands of devices. During the talk (pending patch availability), we will release exploits to vulnerabilities we discovered in ACS software, including RCEs on several platforms.
44CON 2014 - Advanced Excel Hacking, Didier Stevens
This is a workshop on hacking Excel on Windows without exploits.
Visual Basic for Applications (VBA) is a powerful programming language, more powerful than VBScript, because it has access to the Windows API. What I teach in this workshop is applicable to all applications with VBA support (Word, Powerpoint, AutoCAD, …), but I choose Excel because of its prevalence and its tabular GUI that is particularly suited for inputting and outputting data.
I illustrate 2 major hacking techniques on Excel: pure VBA and VBA mixed with with special shellcode and DLLs.
44CON 2014 - I gave a talk about robots and hardware!, Josh Thomas44CON
44CON 2014 - I gave a talk about robots and hardware!, Josh Thomas
”…and therein lies the Android problem…” Vendors, service providers, handset manufacturers, an insane number of different devices, patch stagnation, lack of updates, blah, blah, blah. We get it, and honestly it’s starting to be a tad boring. So why would you want to sit through yet another Android talk? You don’t, and I don’t want to give that talk anyway.
Instead, let us spend some time talking about the roots of all smartphones: The hardware design, the system on chip internals, the problematic linux kernels. Let’s chat about design reuse and how to take advantage of lazy electronic engineers. Let’s converse about generational design flaws and how they can be exploited. In short, let’s talk about breaking a bunch of expensive toys.
This talk will cover multiple handset manufacturers internal PCB designs, a fair bit of Qualcomm exploration, some witty banter about the fossil-esque linux kernel we drag about daily and probably some childish poking at the trusted boot process
44CON 2014 - Simple Hardware Sidechannel Attacks for 10 GBP or Less, Joe Fitz...44CON
44CON 2014 - Simple Hardware Sidechannel Attacks for 10 GBP or Less, Joe FitzPatrick
Most dismiss power side channel attacks as difficult, expensive and unlikely, and are therefore out of scope for many security evaluations. Recent presentations have demonstrated how to get this cost down to a few hundred dollars using low-cost, high performance analog components alongside current high performance FPGAs.
By simplifying both the target hardware and the analysis, I aim to present a series of simple examples of timing and power analysis attacks on microcontroller hardware that require no advanced math and can be done in the comfort of your home for less than $20 in parts
44CON 2014 - GreedyBTS: Hacking Adventures in GSM, Hacker Fantastic44CON
44CON 2014 - GreedyBTS: Hacking Adventures in GSM, Hacker Fantastic
There are over 2.9 BILLION subscribers on GSM networks today. How many of these subscribers are susceptible to trivial attacks that can leave phone calls, text messages and web surfing habits accessible to an attacker? This talk intends to discuss the reasons why GSM networks are still vulnerable today and demonstrate attack tools that might make you re-think how you handle sensitive data via your phone. The presenter will discuss his own experience of analysing GSM environments and provide a demonstration of GreedyBTS which can be used to compromise a targets phone calls, messaging and web surfing habits. Mobile Phones will be harmed during this presentation.
44CON 2014 - Binary Protocol Analysis with CANAPE, James Forshaw44CON
44CON 2014 - Binary Protocol Analysis with CANAPE, James Forshaw
CANAPE is an open source network proxy written in .NET. It has been developed to aid in the analysis and exploitation of unknown application network protocols using a similar use case to common HTTP proxies such as Burp or CAT.
This workshop will go through the basics of analysing an unknown application protocol with hands on training examples. By the end of the workshop candidates should be able to better understand CANAPE’s functionality and be able to apply that to other protocols they come across.
Getting Real About Security Management and “Big Data” EMC
It’s an exciting yet daunting time to be a security professional. Security threats are becoming more aggressive and voracious. Governments and industry bodies are getting more prescriptive around compliance. Combined with exponentially more complex IT environments, security management is increasingly challenging. Moreover, new “Big Data” technologies purport bringing advanced analytic techniques like predictive analysis and advanced statistical techniques close to the security professional.
How the latest trends in data security can help your data protection strategy...Ulf Mattsson
Data breaches are on the rise. The constant threat of cyber attacks combined with the high cost and a shortage of skilled security engineers has put many companies at risk. There is a shift in cybersecurity investment and IT risk and security leaders must move from trying to prevent every threat and acknowledge that perfect protection is not achievable. PCI DSS 3.2 is out with an important update on data discovery and requirements to detect security control failures.
In this webinar, cybersecurity expert Ulf Mattsson will highlight current trends in the security landscape based on major industry report findings, and discuss how we should re-think our security approach.
Don’t be fooled by vague claims about data protection—especially in the cloud. HITRUST Common Security Framework (CFS) is the gold standard for data security and compliance. While security guidelines, like HIPAA, use phrases like “reasonable and appropriate” protection, HITRUST provides clear and actionable guidance for risk management. It’s the only certifiable framework that includes HIPAA, PCI, ISO, and NIST controls—here’s how you can benefit.
Takeaways & Learning Objectives
What is HITRUST CSF, and how does it differ from regulations like HIPAA?
How can your organization leverage HITRUST?
Best practices for secure cloud deployments
Join OnRamp’s VP of Product, Toby Owen, and OnRamp’s Head of Information Security, Nikola Todev in an educational and interactive session
Optimizing Security Operations: 5 Keys to SuccessSirius
Organizations are suffering from cyber fatigue, with too many alerts, too many technologies, and not enough people. Many security operations center (SOC) teams are underskilled and overworked, making it extremely difficult to streamline operations and decrease the time it takes to detect and remediate security incidents.
Addressing these challenges requires a shift in the tactics and strategies deployed in SOCs. But building an effective SOC is hard; many companies struggle first with implementation and then with figuring out how to take their security operations to the next level.
Read to learn:
--Advantages and disadvantages of different SOC models
--Tips for leveraging advanced analytics tools
--Best practices for incorporating automation and orchestration
--How to boost incident response capabilities, and measure your efforts
--How the NIST Cybersecurity Framework and CIS Controls can help you establish a strong foundation
Start building your roadmap to a next-generation SOC.
Improve Information Security Practices in the Small EnterpriseGeorge Goodall
Over 80% of small-medium sized business consider themselves non-targets for cyber-attacks. However, 60% of all targeted attacks are towards small-medium sized organizations. The capabilities of hackers have risen dramatically in the last two years. Organizations of all sizes need a security plan. Security by obscurity is no longer a viable option. Adopt a proven strategy to protect vital corporate assets.
Protecting health and life science organizations from breaches and ransomwareCloudera, Inc.
3 Things to Learn About:
* 1. Ransomware is a particular problem and currently the highest priority for healthcare organizations. Machine learning can use the structure of a malicious email to detect an attack even before the email is opened.
* 2. Big data architectures provide the machine-learning models with the volume and variety of data required to achieve complete visibility across the spectrum of IT activity—from packets to logs to alerts.
* 3. Intel and industry partners are currently running one-hour, complimentary, confidential benchmark engagements for HLS organizations that want to see how their security compares with the industry .
Regulatory compliance mandates have historically focused on IT & endpoint security as the primary means to protect data. However, as our digital economy has increasingly become software dependent, standards bodies have dutifully added requirements as they relate to development and deployment practices. Enterprise applications and cloud-based services constantly store and transmit data; yet, they are often difficult to understand and assess for compliance.
This webcast will present a practical approach towards mapping application security practices to common compliance frameworks. It will discuss how to define and enact a secure, repeatable software development lifecycle (SDLC) and highlight activities that can be leveraged across multiple compliance controls. Topics include:
* Consolidating security and compliance controls
* Creating application security standards for development and operations teams
* Identifying and remediating gaps between current practices and industry accepted "best practices”
How do we separate hype from useful information in Cyber Security? As Congress is debating a National privacy law, and several states have their own privacy and breach reporting laws including Georgia, how will that impact our workload? Privacy starts with good cyber-hygiene. We will look at how we can leverage the focus on Privacy to address standards for:
Firewall and network setups
Cloud security
Protocols and ports that need attention
Authentication best practices
Server and network rights
Password rules
Ulf Mattsson will highlight current trends in the security landscape based on major industry report findings, and discuss how we should re-think our security approach.
Exploration Draft Document- CEM Machine Learning & AI Project 2018Leslie McFarlin
Draft document to present findings of exploratory work on the incorporation of machine learning and AI into an existing data security product. The project was abandoned due to conflicting work done by product management.
Cyber Security in the market place: HP CTO DaySymantec
Cyber Security in the market place overview presented at HP CTO Day,covering: the current cyber-security threats to Enterprise Businesses and Government Departments, along with the board-level concerns and priorities for investment in systems and services to protect and secure their information.
How to Mitigate Risk From Your Expanding Digital PresenceSurfWatch Labs
The digital presence of organizations continues to expand, and with that expansion comes greater exposure to digital risks. Visibility into those risks is critical in order to effectively manage that risk.
Info Sec Opportunity – Embracing Big Data with People, Process, & Technology
Increased awareness for participants to begin and/or expand upon channels for utilizing Big Data to enhance their respective programs via People, Process & Technology.
Similar to 44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins (20)
They're All Scorpions - Successful SecOps in a Hostile Workplace - Pete Herzo...44CON
Your job is to secure operations. But nobody listens to you. There’s no budget. Management keeps making bad security decisions that seem to sabotage your efforts. Do you flee or do you try harder? The security books, blogs, and tweeting pundits out there tell us we need to learn the language of business. We need to put risk in terms of money that management understands. We need to be like the management we’re trying to protect. And that’s where it all falls apart. The security to business relationship is often textbook abusive codependency. You do well and nobody notices. You fail and you get fired or worse- shamed by your peers over social media for whatever the company releases as the statement for the breach. So how do you do SecOps under those conditions? This talk will focus on new ways to approach SecOps to face the challenges you have today with business demands. We will look at new security research that will make a difference for how you do your job. Most of all we will show you technical security practices to help you sustain your new found stance.
How to Explain Post-Quantum Cryptography to a Middle School Student - Klaus S...44CON
One of the hottest topics in current crypto research is Post-Quantum Cryptography. This branch of cryptography addresses asymmetric crypto systems that are not prone to quantum computers.
Virtually all asymmetric crypto systems currently in use (Diffie-Hellman, RSA, DSA, and Elliptic Curve Crypto Systems) are not Post-Quantum. They will be useless, once advanced quantum computers will be available. Quantum computer technology has made considerable progress in recent years, with major organisations, like Google, NSA, and NASA, investing in it.
Post-Quantum Cryptography uses advanced mathematical concepts. Even if one knows the basics of current asymmetric cryptography (integer factorisation, discrete logarithms, …), Post-Quantum algorithms are hard to understand.
The goal of this presentation is to explain Post-Quantum Cryptography in a way that is comprehensible for non-mathematicians. Five families of crypto systems (as good as all known Post-Quantum algorithms belong to these) will be introduced:
Lattice-based systems:
The concept of lattice-based asymmetric encryption will be explained with a two-dimensional grid (real-world implementations use 250 dimensions and more). Some lattice-based ciphers (e.g., New Hope) make use of the Learning with Error (LWE) concept. I will demonstrate LWE encryption in a way that is understandable to somebody who knows Gaussian elimination (this is taught at middle school). Other lattice-based systems (especially NTRU) use truncated polynomials, which I will also explain in a simple way.
Code-based systems:
McEliece and a few other asymmetric ciphers are based on error correction codes. While teaching the whole McEliece algorithm might be too complex for a 44CON presentation, it is certainly possible to explain error correction codes and the main McEliece fundamentals.
Non-commutative systems:
There are nice ways to explain non-commutative groups and the crypto systems based on these, using everyday-life examples. Especially, twisting a Rubik’s Cube and plaiting a braid are easy-to-understand group operations a crypto system can be built on.
Multivariate systems:
Multivariate crypto can be explained to somebody who knows Gaussian elimination.
Hash-based signatures: If properly explained, Hash-based signatures are easier to understand than any other asymmetric crypto scheme.
I will explain these systems with cartoons, drawings, photographs, a Rubik’s Cube and other items.
In addition, I will give a short introduction to quantum computers and the current Post-Quantum Crypto Competition (organised by US authority NIST).
Using SmartNICs to Provide Better Data Center Security - Jack Matheson - 44CO...44CON
Data Center security has been forced to reinvent itself as software complexity increases, networking capabilities grow more agile, and attack complexity turns unmanageable. With this change, the need for security policy enforcement to be handled at the edge has pushed functionality onto host compute systems, resulting in inherent performance loss and security weakness due to consolidation of resources.
In the first part of the talk we will be presenting a SmartNIC-based model for data-center security that solves both the performance problem and the security problems of edge-centric policy models. The model features a more robust isolation of responsibilities, superior offload capabilities, significantly better scaling of policy, and unique visibility opportunities.
To illustrate this, we present a SmartNIC-based reference architecture for network layout, as well as examples of SmartNIC security controls and their resulting threat models.
The second part of the talk will unveil a new innovative technique for tamper proof host introspection as SmartNICs are in a unique position to analyze and inspect the memory of the host to which they are attached. Normally, this functionality is reserved for a hypervisor, where it is known as ‘guest introspection’ or ‘virtual-machine introspection’. With host introspection, security controls no longer live in the hypervisor, but on the SmartNIC itself, on a separate trust domain. In this way, the visibility normally achieved with guest introspection can be performed for the entire host memory in an isolated and secure area. In order for host introspection to work in the same way as guest introspection, memory is DMA transferred in bursts over the PCI-e bus that attaches the SmartNIC to the host. As this method can be subverted to hide unwanted software, we will demonstrate a novel approach to tamper proof the acquisition of memory and for performing live introspection.
Host introspection complements the network controls implemented using the SmartNIC by enabling the measurement of the integrity and the behavior of workloads (virtual machines, containers, bare metal servers) to identify possible indicators of compromise. The visibility and context gained also enhances the granularity of network controls, resulting in measurably better security for the data center compared to traditional software-only based controls.
JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and...44CON
Exploits, Backdoors, and Hacks: words we do not commonly hear when speaking of Machine Learning (ML). In this talk, I will present the relatively new field of hacking and manipulate machine learning systems and the potential these techniques pose for active offensive research.
The study of Adversarial ML allows us to leverage the techniques used by these algorithms to find weak points and exploit them in order to achieve:
Unexpected consequences (why did it decide this rifle is a banana?)
Data leakage (how did they know Joe has diabetes)
Memory corruption and other exploitation techniques (boom! RCE)
Influence the output
In other words, while ML is great at identifying and classifying patterns, an attacker can take advantage of this and take control of the system.
This talk is an extension of research made by many people, including presenters at DefCon, CCC, and others – a live demo will be shown on stage!
Garbage In, RCE Out :)
Reverse Engineering and Bug Hunting on KMDF Drivers - Enrique Nissim - 44CON ...44CON
Numerous technical articles, presentations, and even books exists about reverse engineering the Windows Driver Model (WDM) for purposes that vary from simply understanding how a specific driver works, to malware analysis and bug hunting. On the other hand, Microsoft has been providing the Kernel Mode Driver Framework (KMDF) for quite a while and we now see more and more drivers shifting to this framework instead of interacting directly with the OS like in the old WDM times. Yet, there is close to no information on how to approach this model from a reverse engineering and offensive standpoint.
In this presentation, I will first do a quick recap on WDM drivers, its common structures, and how to identify its entry points. Then I’ll introduce KMDF with all its relevant functions for reverse engineering through a set of case-studies. I’ll describe how to interact with a KMDF device object through SetupDI api and how to find and analyze the different IO queues dispatch routines. Does the framework actually enhances security? We’ll come to a conclusion after revealing some major vendor implementation problems.
Armed with this knowledge, you will be able to run your own bug hunting session over any KMDF driver.
The UK's Code of Practice for Security in Consumer IoT Products and Services ...44CON
In March 2018, the UK launched its Secure by Design report in order to help defend against security threats, especially for consumer Internet of Things products and services. Over the past few years, poorly secured IoT devices have been hijacked in both targeted as well as large-scale DDoS attacks such as Mirai. In addition to this, poor security can threaten both privacy and safety.
The speaker, David Rogers authored the UK’s ‘Code of Practice for Security in Consumer IoT Products and Associated Services’, in collaboration with DCMS, NCSC, ICO and industry colleagues with extensive support from the security research community. David will discuss the guidelines within the Code of Practice, why these were prioritised and why the top three became dealing with the password problem, implementing vulnerability disclosure and acting on it and addressing software updates. David will also look at what’s next: what will the challenges be and will the Code of Practice succeed in its aims? How can IoT products possibly be certified and how will the threat landscape change in response to improving security?
Weak analogies make poor realities – are we sitting on a Security Debt Crisis...44CON
Cyber Security is often framed in terms of ‘Risk’- the possibility of suffering harm or loss – and the ‘Management’ of Risk to reduce uncertainty. This is familiar territory for businesses. Cyber Security falls in neatly under Risk Management, is assigned a suitable place on the organigramme, tossed some spare budget and granted a few paragraphs in the board report. NIST defines Risk as a ‘function of the likelihood of a given threat-source’s exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organisation’.
Key theme:
This presentation explores the idea that making cyber security analogous to risk is holding us back. How about we talk about security ‘debt’ instead? Technical Debt is already a well understood concept in software development – the cost of additional rework caused by choosing an easy solution now instead of using a better approach that would take longer or cost more. Changing our language changes how we think and how we behave. This presentation argues that such a change could have a significant impact on software security.
In this presentation we will comment on the power of ‘analogies’ and how they’ve shaped our industry. We’ll then consider the difference between the ‘security as risk’ and the ‘security as debt’ paradigms and explore how changing paradigms may change the way we think about, talk about and measure software security. We believe this could have a very empowering effect on development managers and other security professionals who are struggling to articulate the relative benefits of security (or a lack of security) to a software product.
Con speakers fear the Nerf gun. Overrun your talk time at your peril; Steve will shoot your arse with extreme prejudice until you STFU. We had to find a way to pwn the gun and shoot him back.
That’s when we found the Nerf Terrascout: a remote tank gun controlled over 2.4GHz, with a video feed to the remote, complete with crosshairs.
At first, we thought this would be a trivial job: figure out the RF and take control. It turned in to a mammoth hardware, firmware and RF reversing project.
This puppy is so over-specced it would drive you to tears.
The talk will cover the fails, hair loss and eventual success. There won’t be any smart dildos in it, though some of the techniques used are equally suited to teledildonics exploitation, if that’s your thing.
Reversing RF in a high frequency environment using SDRs is challenging. We’ll discuss how we worked around these issues using hardware reversing skills.
We had to import hardware from China for this project, which we could then programme ourselves using SPI, impersonate the legitimate controller and ‘jack the tank gun.
This talk will of course include a live demonstration of hijacking the tank gun and (possibly) shooting Steve.
Security module for php7 – Killing bugclasses and virtual-patching the rest! ...44CON
Presented by: Julien Voisin and Thibault Koechlin
Suhosin is a great PHP module, but unfortunately, it’s getting old, new ways have been found to compromise PHP applications, and some aren’t working anymore; and it doesn’t play well with the shiny new PHP 7. As a secure web-hosting company, we needed a reliable and future-proof solution to address the flow of new vulnerabilities that are published every day. This is why we developed Snuffleupagus, a new (and open-source!) PHP security module, that provides several features that we needed: passively killing several PHP-specific bug classes, but also implementing virtual-patching at the PHP level, allowing to patch vulnerabilities in a precise, false-positive-free, ultra-low overhead way, without even touching the applications’ code.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
4. SECURITY SCIENCE
4
Big Data?
Over-used buzzword.
Doug Laney defined 3Vs in 2001
Gartner promoted 3Vs in 2012
Google Trends
“Big Data” search interest over time
The 3Vs
Volume Velocity Variety Value Veracity
5. SECURITY SCIENCE
Big Data Disciplines
More useful to break Big Data down by activities you actually do:
• Decision Making
Data-Driven
Management
Data Science • Analytics, Sense-Making
• Technology, Nuts and Bolts
Data
Engineering
6. SECURITY SCIENCE
6
Data Lakes & CoEs
The data lake, an enterprise-wide Big Data platform, is emerging in
large scale businesses.
• Concentration of data
• Concentration of technology
Tends to be associated with Big Data “Centres of Excellence”.
• Concentration of Data Engineering skills
• Concentration of Data Science skills
• The CoEs are often hunting for well-defined early adopter Use
Cases to prove their value.
• The Data Lakes provide unexpected opportunities for ‘data
enrichment’ across organisational boundaries.
7. SECURITY SCIENCE
7
Why Big Data for Cyber Security?
Cyber Security is increasingly a data problem.
We are collecting, processing and analysing more and more data in
order to address the threat landscape.
• Known threat indicators
• Indicator targeted subsets of monitoring
data
• Assumes in advance what the risk is
• Near real-time analysis with limited memory
Network
Monitoring
using SIEM
8. SECURITY SCIENCE
8
What are the main Cyber Security use cases for Big Data?
Early adoption, provable ROI, vendor can develop a PoC without a
customer
• Probable matches to likely/possible threat
methods
• All the monitoring data over a longer period of
time
• Retroactive analysis using intelligence feeds
• Combining internal and external data sources
Network
Behavioural
Analytics
• More context and more data to investigate
• Single screen analysis
• Faster automated tooling for entity resolution and
event resolution
• Variety of visualisations available, timeline
visualisation especially key
Data-enabled
Investigation
9. SECURITY SCIENCE
Tools
• Hardware and
software
components
• Configuration
and utilization of
solution
components
People
• Skills of people
involved
• Engagement of
necessary
stakeholders
• Training
available
Process
• Essential
processes for
solution to work
• Includes
management of
tools,
knowledge,
intelligence and
people
Data
Sources
• The raw data
from a variety of
tools across the
environment.
• Includes
sensors, security
alerts and log
files.
Intelligence
• Data that
provides the
necessary
context to
enrich, interpret
and prioritize
analytic results
Knowledge
•The goal of the
data analysis
which is both
delivered to
stakeholders
and better
informs further
questions of the
data
9
What is a Big Data Security Analytics Capability?
10. SECURITY SCIENCE
10
What does a Big Data Security Analytics solution look like?
11. SECURITY SCIENCE
11
How does the Security Analytics team fit into an existing Security Team?
13. SECURITY SCIENCE
13
What is Situational Awareness?
Large body of academic work
A variety of different processual vs cognitive models suggested
Warning! The science is not robust in this area.
Dr Mica Endsley described the popular three stage model in 1995
Correlation with John Boyds OODA Loop.
SITUATIONAL AWARENESS
PERCEIVE UNDERSTAND PREDICT
14. SECURITY SCIENCE
14
How does Situational Awareness fit into Cyber Security?
OPERATIONAL CYBER SECURITY
OBSERVE ORIENTATE DECIDE ACT
SITUATIONAL AWARENESS
OPERATORS
HUNTERS
RESPONDERS
RESOLVERS
AUTOMATION?
15. SECURITY SCIENCE
15
How does Situational Awareness fit into Security Management?
SECURITY MANAGMENT
PLAN DO CHECK ACT
STUDY
SITUATION
SET GOALS
PLAN
ACTIVITIES
MEASURE
SUCCESS
STUDY
RESULTS
IMPROVE &
STANDARDISE
DELIVER
ACTIVITIES
SITUATIONAL
AWARENESS
SITUATIONAL AWARENESS AUTOMATION?
17. SECURITY SCIENCE
17
Why Data-Driven Security Management?
“The dearth of metrics and decision-making tools places the
determination of Information Security risk to the enterprise on the
judgment of IT security practitioners.” INFOSEC Research Council
“At present, the practice of measuring security is very ad-hoc. Many of
the processes for measurement and metric selection are mostly or
completely subjective or procedural.” Department of Homeland
Security
Most security decisions made in absence of good data.
Best/Good Practice is “cargo cult security”.
18. SECURITY SCIENCE
18
Low Hanging Fruit – Quantitative Security Management
Mixed Data Sources, Visualisation, Sets of Questions, Summary
Statistics
Trend Analysis, Security Posture, Perimeter View, Operational KPIs,
Controls Performance
Good indicator is large Excel sheets with complex pivot tables
• Multiple data sources; vuln scanners or probes,
hardware inventory, cmdb, patch servers, SOC
monitoring, external information feeds
• Multiple clear questions.
• Candidate for Question-Focused Dataset
Vulnerability
Management
• Multiple data sources; risk register, project
plans, incident reports, SOC feed, audit reports
• Multiple stakeholders with distinct interests
• Candidate for Interactive Visualisation
Executive
Dashboard
19. SECURITY SCIENCE
19
Big Data Security Analytics Opportunities
Once the Cyber use cases have been implemented there are
opportunities to operationalise and potentially automate some aspects
of security management activities
• Continuous monitoring, not just an annual
phishing exercise
• Enrich with HR data
• Report on trends and effectiveness of
awareness programs and training events
• Targeted training
Risky Staff
Behaviour
• Pre-Approved Change Controls at agreed
risk thresholds
• Firewall, network and server configuration
changes
• Increased targeted monitoring
• Distribution of IOCs to multiple endpoints
Automated
Incident
Response
20. SECURITY SCIENCE
20
The Future - Hypothesis-Driven Security Management
Experiments to identify the effectiveness of security activities and
controls in your environment
Multiple iterations following the Deming cycle
Replace Best/Good Practice with the Right Practice for You
Key skills:
1. Forming a useful, practical and measurable hypothesis
2. Achieving executive support for management experimentation
3. Understanding and applying the results to the business
• Some of these are Data Scientist skills, some are CISO skills.
• The CISO of the future will need to understand how to talk to Data
Scientists productively!
21. 21
Conclusion
There are no silver bullets!
We will still need humans in the loop but automation will allow us to
do more with less
Build open cyber big data analytics platforms
Invest in analytics skills now
Security is transforming from a subjective art to a data and
automation discipline