This document provides an overview of Microsoft's Cybersecurity Reference Architectures (MCRA). It begins with an introduction to MCRA and related topics like Zero Trust. It then discusses implementation considerations for architects, technical managers, CIOs, and CISOs. The document outlines various security roles and provides guidance on security strategy, programs, and initiatives. It also lists several Microsoft and third-party resources for security documentation, benchmarks, frameworks, and more. Finally, it discusses key principles for a Zero Trust approach and how Microsoft products can help implement Zero Trust architectures across networks, applications, endpoints, identities, data, and infrastructure.
This document summarizes a presentation given by Ranjit Sawant of FireEye. The presentation covered the following key points:
1) Attackers are increasingly leveraging COVID-19 themes in cyber attacks, with malicious emails related to COVID-19 increasing fourfold in March 2020. However, these emails still represent a small percentage of overall malicious emails detected.
2) FireEye Endpoint Security provides capabilities to detect and respond to advanced threats, going beyond just malware to track indicators of compromise, behavior, and attacker techniques across the attack lifecycle.
3) The presentation included a war story example of how FireEye Endpoint Security was used to investigate and respond to a sophisticated nation-state attacker targeting an Asian bank.
This document provides statistics on vulnerabilities from assessments performed in 2021 using the Edgescan platform. It finds that 20.4% of full stack vulnerabilities were high or critical risk. Web applications had more critical vulnerabilities but also more low risk issues than the network layer. The average time to remediate vulnerabilities across the full stack was 57.5 days, with critical issues taking longer to fix on the web application/API layer (47.6 days) than the device/host layer (61.4 days). Industries like healthcare had shorter remediation times than public administration and manufacturing. The report aims to demonstrate the state of security based on Edgescan's vulnerability assessments and identify trends.
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
This document discusses building a cyber security operations center (CSOC). It covers the need for a CSOC, its core components including security information and event management (SIEM), and integrating components like monitoring, alerting, and reporting. Key aspects that are important for a successful CSOC are people, processes, and technology. The roles and skills required for people in the CSOC and training needs are outlined. Developing standardized processes, procedures and workflows that align with frameworks like ISO are also discussed.
ServiceNow is an enterprise IT cloud company that transforms IT by automating and managing IT across organizations. It has over 2300 customers and 2100 employees. Justin Dolly is the CISO of ServiceNow. Previously, ServiceNow's security tools were disparate and information was difficult to access. ServiceNow now collects over 400GB of data daily with Splunk, using it as their SIEM to provide threat identification, event correlation, and compliance reporting across the enterprise. Events detected by Splunk trigger actions that push data into ServiceNow, where a security team analyzes events and elevates potential incidents for investigation.
Building a Next-Generation Security Operations Center (SOC)Sqrrl
So, you need to build a Security Operations Center (SOC)? What does that mean? What does the modern SOC need to do? Learn from Dr. Terry Brugger, who has been doing information security work for over 15 years, including building out a SOC for a large Federal agency and consulting for numerous large enterprises on their security operations.
Watch the presentation with audio here: http://info.sqrrl.com/sqrrl-october-webinar-next-generation-soc
Automation: The Wonderful Wizard of CTI (or is it?) MITRE ATT&CK
The document describes MITRE's Threat Report Automated Mapper (TRAM) tool, which uses machine learning to automatically map cyber threat reports to MITRE ATT&CK techniques. TRAM aims to streamline the process of analyzing reports and adding information to ATT&CK, though challenges remain around prediction accuracy and identifying new techniques. The document outlines TRAM's development process and discusses balancing automation with human analysis to better integrate cyber threat intelligence into ATT&CK.
This document provides an overview of Microsoft's Cybersecurity Reference Architectures (MCRA). It begins with an introduction to MCRA and related topics like Zero Trust. It then discusses implementation considerations for architects, technical managers, CIOs, and CISOs. The document outlines various security roles and provides guidance on security strategy, programs, and initiatives. It also lists several Microsoft and third-party resources for security documentation, benchmarks, frameworks, and more. Finally, it discusses key principles for a Zero Trust approach and how Microsoft products can help implement Zero Trust architectures across networks, applications, endpoints, identities, data, and infrastructure.
This document summarizes a presentation given by Ranjit Sawant of FireEye. The presentation covered the following key points:
1) Attackers are increasingly leveraging COVID-19 themes in cyber attacks, with malicious emails related to COVID-19 increasing fourfold in March 2020. However, these emails still represent a small percentage of overall malicious emails detected.
2) FireEye Endpoint Security provides capabilities to detect and respond to advanced threats, going beyond just malware to track indicators of compromise, behavior, and attacker techniques across the attack lifecycle.
3) The presentation included a war story example of how FireEye Endpoint Security was used to investigate and respond to a sophisticated nation-state attacker targeting an Asian bank.
This document provides statistics on vulnerabilities from assessments performed in 2021 using the Edgescan platform. It finds that 20.4% of full stack vulnerabilities were high or critical risk. Web applications had more critical vulnerabilities but also more low risk issues than the network layer. The average time to remediate vulnerabilities across the full stack was 57.5 days, with critical issues taking longer to fix on the web application/API layer (47.6 days) than the device/host layer (61.4 days). Industries like healthcare had shorter remediation times than public administration and manufacturing. The report aims to demonstrate the state of security based on Edgescan's vulnerability assessments and identify trends.
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
This document discusses building a cyber security operations center (CSOC). It covers the need for a CSOC, its core components including security information and event management (SIEM), and integrating components like monitoring, alerting, and reporting. Key aspects that are important for a successful CSOC are people, processes, and technology. The roles and skills required for people in the CSOC and training needs are outlined. Developing standardized processes, procedures and workflows that align with frameworks like ISO are also discussed.
ServiceNow is an enterprise IT cloud company that transforms IT by automating and managing IT across organizations. It has over 2300 customers and 2100 employees. Justin Dolly is the CISO of ServiceNow. Previously, ServiceNow's security tools were disparate and information was difficult to access. ServiceNow now collects over 400GB of data daily with Splunk, using it as their SIEM to provide threat identification, event correlation, and compliance reporting across the enterprise. Events detected by Splunk trigger actions that push data into ServiceNow, where a security team analyzes events and elevates potential incidents for investigation.
Building a Next-Generation Security Operations Center (SOC)Sqrrl
So, you need to build a Security Operations Center (SOC)? What does that mean? What does the modern SOC need to do? Learn from Dr. Terry Brugger, who has been doing information security work for over 15 years, including building out a SOC for a large Federal agency and consulting for numerous large enterprises on their security operations.
Watch the presentation with audio here: http://info.sqrrl.com/sqrrl-october-webinar-next-generation-soc
Automation: The Wonderful Wizard of CTI (or is it?) MITRE ATT&CK
The document describes MITRE's Threat Report Automated Mapper (TRAM) tool, which uses machine learning to automatically map cyber threat reports to MITRE ATT&CK techniques. TRAM aims to streamline the process of analyzing reports and adding information to ATT&CK, though challenges remain around prediction accuracy and identifying new techniques. The document outlines TRAM's development process and discusses balancing automation with human analysis to better integrate cyber threat intelligence into ATT&CK.
This document discusses Mandiant's incident response methodology and technology. It covers their evolution of incident response approaches over time from disk forensics to memory forensics to live response. Mandiant's current approach involves hunting across endpoints and networks using indicators of compromise to identify compromised systems. They deploy network and host sensors to gain visibility and conduct deep analysis using tools like Mandiant Incident Response and Network Traffic Analysis Platform. The document also outlines Mandiant's incident response services and how they help organizations understand risk, identify compromises, and prepare for future incidents.
Michael Saylor is the executive director of Cyber Defense Labs at UT Dallas. The document discusses current cyber security trends and emerging threats. Recent trends in 2013 included an increase in attacks with web and social engineering components as well as politically motivated DDoS attacks. Mobile devices and applications are increasingly being targeted, as are advanced persistent threats from groups like China's APT1. Emerging threats discussed include the potential for increased cyber crime and terrorism from groups funded by drug cartels and foreign states. The document recommends best practices for organizations like user education, monitoring, encryption, and frequent security assessments.
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Frameworks" will help you understand why and how the organizations are using the cybersecurity framework to Identify, Protect and Recover from cyber attacks.
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
Risk Analysis Of Banking Malware AttacksMarco Morana
Analysis of How Banking Malware Like Zeus Exploit Weakenesses In On-Line Banking Applications and Security Controls. This prezo is a walkthrough the attack scenarion, the attack vectors, the vulnerability exploits and the techniques to model the threats so that countermeasures can be identified
The biggest challenge in performance tuning is identifying the root cause of the bottleneck. Once you find it, the fix often becomes trivial. However, this detective work takes patience, skills, and effort, so we often attempt to guess the cause, by trying out tentative fixes. The result: messy code, waste of time and money, and frustration. During this talk you will learn how to correctly zoom in on the bottleneck using three levels of profiling: distributed tracing with Zipkin, metrics with Micrometer, and profiling with the Java Flight Recorder already built into your JVM. We’ll focus on the latter and learn how to read a flame graph to trace some common issues of backend systems like connection/thread pool starvation, time-consuming aspects, hot methods, and lock contention, even if these occur in library code you did not write.
Secure software development presentationMahdi Dolati
The document discusses web application security and secure development. It covers common web attacks like SQL injection and cross-site scripting. It then provides solutions to these attacks such as validating user input, using parameterized queries, and encoding output. It emphasizes the importance of baking security into the entire development process through training, threat modeling, secure coding practices, and security testing.
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchMITRE - ATT&CKcon
From MITRE ATT&CKcon Power Hour October 2020
By:
Aunshul Rege, Associate Professor, Temple University, @prof_rege
Rachel Bleiman, PhD Student/NSF Graduate Research Assistant, Temple University, @rab1928
This presentation from the MITRE ATT&CKcon Power Hour session on October 9, 2020, explores the application of the MITRE ATT&CK® and PRE-ATT&CK matrices in cybercrime education and research. Specifically, Rege and Bleiman demonstrate the mapping of the PRE-ATT&CK matrix to social engineering case studies as an experiential learning project in an upper-level cybercrime liberal arts course. It thus allows students to understand the alignment process of threat intelligence to the PRE-ATT&CK framework and also learn about its usefulness/limitations. The talk also discusses the mapping of the ATT&CK matrix, tactics, techniques, software, and groups for two cybercrime datasets created by collating publicly disclosed incidents: (i) critical infrastructure ransomware (CIRW) incidents, and (ii) social engineering (SE) incidents. For the CIRW dataset, 39% of the strains mapped onto the ATT&CK software. For the SE dataset, 49% of the groups and 65% of the techniques map on to the MITRE framework. This helps the researchers identify the framework's usefulness/limitations and also helps our datasets connect to richer information that may not otherwise be available in the publicly disclosed incidents.
SOC Lessons from DevOps and SRE by Anton ChuvakinAnton Chuvakin
SOC Lessons from DevOps and SRE by Dr Anton Chuvakin - RSA 2023 Google Cloud sideshow presentation focused on using select DevOps and SRE lessons to make your SOC better
This document discusses cyber attacks on the SWIFT global financial messaging network. It begins by providing background on SWIFT and explaining that cyber attacks on the network are a growing concern. It then describes different types of SWIFT attacks, including unauthorized fund transfers, data theft, malware infections, and others. Notable past attacks are discussed, such as the 2016 Bangladesh Bank heist where $81 million was stolen. The document stresses that coordinated prevention and response strategies are needed across borders to safeguard systems from these sophisticated cyber threats.
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
Everyone should now understand that no bank or financial institution is immune from cyber risk. Many are now ready to move forward with improving their cyber risk posture but do not know what to do next or how to prioritize their resources. Recognizing that cybersecurity is an overall business risk issue that must be properly managed to comply with many laws and regulations governing banks and financial institutions, this presentation will provide a strategy for how to better understand and manage such risks by:
(1) Providing an overview of the legal and regulatory framework;
(2) Examining the most likely real-world risks; and
(3) Providing strategies for how to manage such risks, including cyber insurance and the development and implementation of an appropriate cyber risk management program (which is not as difficult as it sounds).
Shawn E. Tuma, cybersecurity and data privacy attorney at Spencer Fane, LLP, delivered the presentation titled Cybersecurity: Cyber Risk Management for Banks & Financial Institutions (and Attorneys Who Represent Them) at the Southwest Association of Bank Counsel 42nd Annual Convention on September 20, 2018 (formerly, Texas Association of Bank Counsel).
Jared Ondricek leads software development for ATT&CK. Recent updates include adding ICS content to the website, improving detection objects and campaigns pages, custom links and SVG export in Navigator, authentication and other improvements in Workbench, transitioning the TAXII server to STIX 2.1 and OpenAPI, merging the Python library with other scripts, and planning to centralize GitHub documentation. Future work includes further Workbench, TAXII, and Python improvements along with a centralized GitHub landing page.
Understanding Cyber Kill Chain and OODA loopDavid Sweigert
The document discusses using an attacker's tactics and techniques to design effective cybersecurity defenses. It provides examples of mapping security controls and tools to different stages of common attack models like the Lockheed Martin Kill Chain. This allows an organization to see where in the attack cycle they have visibility and can disrupt threats. The document advocates taking a strategic, intelligence-driven approach to cyber defense by understanding adversaries' full operations in order to implement controls earlier in the attack cycle.
Security patterns and model driven architecturebdemchak
This document provides an overview of security patterns and model driven architecture. It summarizes three papers on using security patterns to model security requirements. The document discusses how security patterns can be used to address the common problem of irregular and haphazard application of security measures leading to insecure systems. It describes Cheng's approach of revising the security pattern template to allow formal verification of requirements. Rosado's approach is also summarized, which presents a standardized security pattern template and evaluates several common security patterns. The document provides context on how security patterns can help capture expertise to facilitate secure systems design.
Automating the mundanity of technique IDs with ATT&CK Detections CollectorMITRE ATT&CK
From ATT&CKcon 3.0
By Marcus LaFerrera and Ryan Kovar, Splunk
Since the release of MITRE ATT&CK, vendors and governmental bodies have begun mapping their security blogs, whitepapers, and threat intel reports to ATT&CK TTPs, which is incredible! Vendors have then begun mapping their detections to those mapped TTPs, which is even more awesome! What is not awesome is dissecting a piece of prose for all of the specific embedded ATT&CK technique IDs and then mapping them to your detections to determine coverage. Over the last year, the team at Splunk has spent more time doing this than they would like to admit, so they wrote a tool to do it for them and want to share it with the world. Join the Splunk team as they tell the world about ATT&CK Detections Collector (ADC). ADC is an open-source python tool that will allow you to extract MITRE technique IDs from a third-party URLs and output them into a file. If you use Splunk, the team even maps them to their existing (previously mapped) detection corpus. They even added the ability to export them into a navigator json for fun, profit, or (at least) better visualization!
An introduction to SOC (Security Operation Center)Ahmad Haghighi
The document discusses building a security operations center (SOC). It defines a SOC as a centralized unit that deals with security issues on an organizational and technical level. It monitors, assesses, and defends enterprise information systems. The document discusses whether to build an internal SOC or outsource it. It also covers SOC technologies, personnel requirements, and the five generations of SOCs. It provides resources for learning more about designing and maturing a SOC.
FireEye provides cybersecurity products and services including threat intelligence, security consulting, incident response, and security technologies. The document outlines FireEye's offerings including threat intelligence subscriptions, security products like network security and email security, security services like incident response and expertise on demand, and consulting services from Mandiant. FireEye differentiates itself through its threat intelligence capabilities which leverage insights from responding to breaches and its security technologies.
Personally designed (content + graphics design), officially accredited COBIT®5 Foundation courseware.
COBIT® is a trademark of ISACA® registered in the United States and other countries.
Trademarks are properties of the holders, who are not affiliated with courseware author.
This document discusses managing misconfigurations in DevOps and infrastructure as code (IaC). It notes that rapid cloud service growth and learning curves can lead to misconfigurations and lack of visibility. The top 5 areas where AWS configurations fail conformance checks are EC2, EBS, S3, resource groups, and CloudFormation templates. Continuous monitoring and remediation tools are needed to detect and fix misconfigurations to reduce security incidents by 80%. Hands-on experience with tools like Cloud Conformity is offered to analyze IaC and live environments against best practices.
This document provides an overview of cloud computing. It discusses the different service models of cloud computing including Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). The document outlines some tips for getting started with each service model and highlights key considerations like security, costs, and customization options. It also discusses challenges of cloud computing and debunks some common myths. The future of cloud computing is presented as continuing rapid growth with the global market expected to increase to $241 billion by 2020.
This document discusses Mandiant's incident response methodology and technology. It covers their evolution of incident response approaches over time from disk forensics to memory forensics to live response. Mandiant's current approach involves hunting across endpoints and networks using indicators of compromise to identify compromised systems. They deploy network and host sensors to gain visibility and conduct deep analysis using tools like Mandiant Incident Response and Network Traffic Analysis Platform. The document also outlines Mandiant's incident response services and how they help organizations understand risk, identify compromises, and prepare for future incidents.
Michael Saylor is the executive director of Cyber Defense Labs at UT Dallas. The document discusses current cyber security trends and emerging threats. Recent trends in 2013 included an increase in attacks with web and social engineering components as well as politically motivated DDoS attacks. Mobile devices and applications are increasingly being targeted, as are advanced persistent threats from groups like China's APT1. Emerging threats discussed include the potential for increased cyber crime and terrorism from groups funded by drug cartels and foreign states. The document recommends best practices for organizations like user education, monitoring, encryption, and frequent security assessments.
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Frameworks" will help you understand why and how the organizations are using the cybersecurity framework to Identify, Protect and Recover from cyber attacks.
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
Risk Analysis Of Banking Malware AttacksMarco Morana
Analysis of How Banking Malware Like Zeus Exploit Weakenesses In On-Line Banking Applications and Security Controls. This prezo is a walkthrough the attack scenarion, the attack vectors, the vulnerability exploits and the techniques to model the threats so that countermeasures can be identified
The biggest challenge in performance tuning is identifying the root cause of the bottleneck. Once you find it, the fix often becomes trivial. However, this detective work takes patience, skills, and effort, so we often attempt to guess the cause, by trying out tentative fixes. The result: messy code, waste of time and money, and frustration. During this talk you will learn how to correctly zoom in on the bottleneck using three levels of profiling: distributed tracing with Zipkin, metrics with Micrometer, and profiling with the Java Flight Recorder already built into your JVM. We’ll focus on the latter and learn how to read a flame graph to trace some common issues of backend systems like connection/thread pool starvation, time-consuming aspects, hot methods, and lock contention, even if these occur in library code you did not write.
Secure software development presentationMahdi Dolati
The document discusses web application security and secure development. It covers common web attacks like SQL injection and cross-site scripting. It then provides solutions to these attacks such as validating user input, using parameterized queries, and encoding output. It emphasizes the importance of baking security into the entire development process through training, threat modeling, secure coding practices, and security testing.
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchMITRE - ATT&CKcon
From MITRE ATT&CKcon Power Hour October 2020
By:
Aunshul Rege, Associate Professor, Temple University, @prof_rege
Rachel Bleiman, PhD Student/NSF Graduate Research Assistant, Temple University, @rab1928
This presentation from the MITRE ATT&CKcon Power Hour session on October 9, 2020, explores the application of the MITRE ATT&CK® and PRE-ATT&CK matrices in cybercrime education and research. Specifically, Rege and Bleiman demonstrate the mapping of the PRE-ATT&CK matrix to social engineering case studies as an experiential learning project in an upper-level cybercrime liberal arts course. It thus allows students to understand the alignment process of threat intelligence to the PRE-ATT&CK framework and also learn about its usefulness/limitations. The talk also discusses the mapping of the ATT&CK matrix, tactics, techniques, software, and groups for two cybercrime datasets created by collating publicly disclosed incidents: (i) critical infrastructure ransomware (CIRW) incidents, and (ii) social engineering (SE) incidents. For the CIRW dataset, 39% of the strains mapped onto the ATT&CK software. For the SE dataset, 49% of the groups and 65% of the techniques map on to the MITRE framework. This helps the researchers identify the framework's usefulness/limitations and also helps our datasets connect to richer information that may not otherwise be available in the publicly disclosed incidents.
SOC Lessons from DevOps and SRE by Anton ChuvakinAnton Chuvakin
SOC Lessons from DevOps and SRE by Dr Anton Chuvakin - RSA 2023 Google Cloud sideshow presentation focused on using select DevOps and SRE lessons to make your SOC better
This document discusses cyber attacks on the SWIFT global financial messaging network. It begins by providing background on SWIFT and explaining that cyber attacks on the network are a growing concern. It then describes different types of SWIFT attacks, including unauthorized fund transfers, data theft, malware infections, and others. Notable past attacks are discussed, such as the 2016 Bangladesh Bank heist where $81 million was stolen. The document stresses that coordinated prevention and response strategies are needed across borders to safeguard systems from these sophisticated cyber threats.
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
Everyone should now understand that no bank or financial institution is immune from cyber risk. Many are now ready to move forward with improving their cyber risk posture but do not know what to do next or how to prioritize their resources. Recognizing that cybersecurity is an overall business risk issue that must be properly managed to comply with many laws and regulations governing banks and financial institutions, this presentation will provide a strategy for how to better understand and manage such risks by:
(1) Providing an overview of the legal and regulatory framework;
(2) Examining the most likely real-world risks; and
(3) Providing strategies for how to manage such risks, including cyber insurance and the development and implementation of an appropriate cyber risk management program (which is not as difficult as it sounds).
Shawn E. Tuma, cybersecurity and data privacy attorney at Spencer Fane, LLP, delivered the presentation titled Cybersecurity: Cyber Risk Management for Banks & Financial Institutions (and Attorneys Who Represent Them) at the Southwest Association of Bank Counsel 42nd Annual Convention on September 20, 2018 (formerly, Texas Association of Bank Counsel).
Jared Ondricek leads software development for ATT&CK. Recent updates include adding ICS content to the website, improving detection objects and campaigns pages, custom links and SVG export in Navigator, authentication and other improvements in Workbench, transitioning the TAXII server to STIX 2.1 and OpenAPI, merging the Python library with other scripts, and planning to centralize GitHub documentation. Future work includes further Workbench, TAXII, and Python improvements along with a centralized GitHub landing page.
Understanding Cyber Kill Chain and OODA loopDavid Sweigert
The document discusses using an attacker's tactics and techniques to design effective cybersecurity defenses. It provides examples of mapping security controls and tools to different stages of common attack models like the Lockheed Martin Kill Chain. This allows an organization to see where in the attack cycle they have visibility and can disrupt threats. The document advocates taking a strategic, intelligence-driven approach to cyber defense by understanding adversaries' full operations in order to implement controls earlier in the attack cycle.
Security patterns and model driven architecturebdemchak
This document provides an overview of security patterns and model driven architecture. It summarizes three papers on using security patterns to model security requirements. The document discusses how security patterns can be used to address the common problem of irregular and haphazard application of security measures leading to insecure systems. It describes Cheng's approach of revising the security pattern template to allow formal verification of requirements. Rosado's approach is also summarized, which presents a standardized security pattern template and evaluates several common security patterns. The document provides context on how security patterns can help capture expertise to facilitate secure systems design.
Automating the mundanity of technique IDs with ATT&CK Detections CollectorMITRE ATT&CK
From ATT&CKcon 3.0
By Marcus LaFerrera and Ryan Kovar, Splunk
Since the release of MITRE ATT&CK, vendors and governmental bodies have begun mapping their security blogs, whitepapers, and threat intel reports to ATT&CK TTPs, which is incredible! Vendors have then begun mapping their detections to those mapped TTPs, which is even more awesome! What is not awesome is dissecting a piece of prose for all of the specific embedded ATT&CK technique IDs and then mapping them to your detections to determine coverage. Over the last year, the team at Splunk has spent more time doing this than they would like to admit, so they wrote a tool to do it for them and want to share it with the world. Join the Splunk team as they tell the world about ATT&CK Detections Collector (ADC). ADC is an open-source python tool that will allow you to extract MITRE technique IDs from a third-party URLs and output them into a file. If you use Splunk, the team even maps them to their existing (previously mapped) detection corpus. They even added the ability to export them into a navigator json for fun, profit, or (at least) better visualization!
An introduction to SOC (Security Operation Center)Ahmad Haghighi
The document discusses building a security operations center (SOC). It defines a SOC as a centralized unit that deals with security issues on an organizational and technical level. It monitors, assesses, and defends enterprise information systems. The document discusses whether to build an internal SOC or outsource it. It also covers SOC technologies, personnel requirements, and the five generations of SOCs. It provides resources for learning more about designing and maturing a SOC.
FireEye provides cybersecurity products and services including threat intelligence, security consulting, incident response, and security technologies. The document outlines FireEye's offerings including threat intelligence subscriptions, security products like network security and email security, security services like incident response and expertise on demand, and consulting services from Mandiant. FireEye differentiates itself through its threat intelligence capabilities which leverage insights from responding to breaches and its security technologies.
Personally designed (content + graphics design), officially accredited COBIT®5 Foundation courseware.
COBIT® is a trademark of ISACA® registered in the United States and other countries.
Trademarks are properties of the holders, who are not affiliated with courseware author.
This document discusses managing misconfigurations in DevOps and infrastructure as code (IaC). It notes that rapid cloud service growth and learning curves can lead to misconfigurations and lack of visibility. The top 5 areas where AWS configurations fail conformance checks are EC2, EBS, S3, resource groups, and CloudFormation templates. Continuous monitoring and remediation tools are needed to detect and fix misconfigurations to reduce security incidents by 80%. Hands-on experience with tools like Cloud Conformity is offered to analyze IaC and live environments against best practices.
This document provides an overview of cloud computing. It discusses the different service models of cloud computing including Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). The document outlines some tips for getting started with each service model and highlights key considerations like security, costs, and customization options. It also discusses challenges of cloud computing and debunks some common myths. The future of cloud computing is presented as continuing rapid growth with the global market expected to increase to $241 billion by 2020.
This document discusses Software as a Service (SaaS) and when it may be preferable to traditional on-premise software for finance technologies. It finds that SaaS offers lower upfront costs, faster implementation, and easier upgrades than on-premise options. However, concerns include data security, customization limitations, and reliance on internet connectivity. SaaS maturity varies by application, with ERP becoming more cloud-based and specialized finance functions often having proven SaaS solutions. Companies should consider SaaS when requirements can be met, costs are lower over time, and legal/security issues are addressed by the vendor.
Build a complete security operations and compliance program using a graph dat...Erkang Zheng
Attackers think in graphs; defenders operate with lists. That’s why attackers win.
What if we could have a graph-based, data-driven security and compliance platform that can:
· intelligently analyze my environment,
· automatically keep up with the constant changes,
· help us understand and navigate that complexity, and
· manage compliance in a data-driven, continuous way.
This presentation describes how my security team built our security operations and automate compliance evidence collection using a graph database. There are also actual screenshots from the JupiterOne platform showing the discovery of thousands of assets from connected AWS accounts and other cloud providers; the configuration analysis of these resources; the query and search with graphs to visualize the relevant relationships; as well as the alerts, findings, and compliance mapping. All without the need for additional 3rd party solutions.
Multi cloud governance best practices - AWS, Azure, GCPFaiza Mehar
If you are looking for complete instructions on how to build your own Cloud governance process and control then view our recorded webinar on our youtube channel. We take you step by step on what is governance for the cloud and a focus area for security governance.
The document discusses several initiatives and standards for cloud identity management including OASIC IDCloud, OpenGroup Jericho, CSA's Trusted Cloud Initiative, Simple Cloud Identity Management (SCIM), and NSTIC. It provides an overview of each, including their goals and focus areas such as use cases, interoperability profiles, and recommendations around identity provisioning, authentication, federation, and access control. The document also outlines why traditional identity and access management is insufficient for the cloud and why cloud providers and consumers need improved identity management.
This document provides an overview of IT/Network Operations concepts and strategies to improve cloud production. It begins with Joe Dietz introducing himself as a Network Security Professional and listing his current certifications. It then discusses various local user groups and events related to cloud security. The document covers topics such as selecting public vs private clouds, choosing cloud providers and applications, operational considerations, and approaches to connecting networks to the cloud such as extending datacenters or enabling edge services. It emphasizes that moving to the cloud still requires planning and not all applications are good candidates. The summary concludes by mentioning related reading on hybrid cloud services and tools.
Codeless Security for the Apps You Buy & Build on AWSCloudLock
Watch this webinar to learn what codeless security looks like for the cloud apps you build. Codeless - that means baking in security capabilities to defend your custom apps against data breaches without having to write a single line of code.
The document outlines 11 criteria to consider when evaluating Infrastructure as a Service cloud computing providers:
1) References from past customers about reliability, quality of service, and support.
2) Details of the Service Level Agreement and compensation for downtime.
3) Documentation, ease of setup, and first impressions.
4) Performance metrics like storage input/output and network bandwidth.
Security that works with, not against, your SaaS businessCloudPassage
The document discusses security challenges for software-as-a-service (SaaS) businesses and how CloudPassage's Halo platform addresses them. Cloud-based development complicates traditional security approaches. Halo automates security controls across cloud infrastructures to enhance visibility, simplify compliance, and support agile development without slowing it down. Case studies show how Halo has helped large companies secure their transition to SaaS-based models and secure acquisitions built in public clouds.
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...Amazon Web Services
This session tells the story of how security-minded enterprises provide end-to-end protection of their sensitive data in AWS. Learn about the enterprise security architecture design decisions made by Fortune 500 organizations during actual sensitive workload deployments, as told by the AWS security solution architects and professional service security, risk, and compliance team members who lived them. In this technical walkthrough, we share lessons learned from the development of enterprise security strategy, security use-case development, end-to-end security architecture and service composition, security configuration decisions, and the creation of AWS security operations playbooks to support the architecture.
The document discusses how the CIO can help deliver value through embracing new technologies and processes related to agile development, mobile, cloud, big data, and security. It provides examples of how IT is changing to focus on systems of engagement that are personalized, social, and analytics-driven. The document advocates involving information security early in the development process through representative in development teams and establishing security budgets at the start of projects to help improve organizational processes and security.
Geting cloud architecture right the first time linthicum interop fall 2013David Linthicum
The document discusses best practices for cloud architecture. It notes that many current cloud systems lack proper architecture and do not meet expectations due to issues like inefficient resource utilization, outages, lack of security and tenant management. Common mistakes made are not understanding how to scale architectures, deal with tenants, implement proper security, or use services correctly. The document provides guidance on developing a solid cloud architecture, including determining business needs, designing with services in mind, creating security and governance plans, and migrating only components that provide value to the cloud. It emphasizes focusing on core services like data, transactions and utilities, and building for tenants rather than individual users.
The document provides an agenda and details for a Lightning Workshop on March 11th 2015. It will include presentations on Salesforce1 Lightning Overview and hands-on tutorials for Lightning Components, Process Builder, Lightning App Builder, and Lightning Connect. Safe harbor statements are also included regarding any forward-looking statements made in the document.
The document discusses cloud pentesting techniques. It provides an agenda for a cloud pentesting training session that includes an introduction to cloud computing, the major cloud vendors and their product offerings, differences between cloud and conventional pentesting, exploring attack surfaces in Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). It discusses techniques such as exploiting metadata APIs, abusing cloud storage, attacking identity and access management services. The document also contains disclaimers and information about the speaker.
During a recent webinar, Jonathan Knudsen presented: "That's Not How This Works: All Development Should Be Secure."
Development teams are pressured to push new software out quickly. But with speed comes risk. Anyone can write software, but if you want to create software that is safe, secure, and robust, you need the right process. Webinar attendees will learn:
• Why traditional approaches to software development usually end in tears and heartburn
• How a structured approach to secure software development lowers risk for you and your customers
• Why automation and security testing tools are key components in the implementation of a secure development life cycle
For more information, please visit our website at www.synopsys.com/software-integrity.html
A cloud management platform (CMP) is fast becoming a de facto requirement for enterprises pursuing a multi-cloud or hybrid cloud strategy. But what should you be looking for in a CMP? Many companies make the mistake of taking a “boil the ocean” approach to a CMP evaluation. We’ll share best practices and discuss whether you need an RFP.
Migrating to Cloud? 5 motivations and 10 key security architecture considerat...Yew Weisin
1) The document discusses key considerations for developing a secure cloud migration strategy, including strategic alignment, security management and governance, access management, data classification and management, encryption, monitoring and reporting, and identity and access management.
2) It identifies 10 key security architecture considerations for cloud migration: division of responsibility, multi-tenancy, data classification and management, encryption and key management, monitoring and reporting, access management, business continuity, risk assessment, change management, and security as a service.
3) The document emphasizes that access management is one of the most critical security areas for cloud, and identity and access management as a service and cloud access security brokers are growing trends to help govern cloud services.
Spring Cloud Stream: What's New in 2.x—and What's Next?VMware Tanzu
Microservices architecture redefined the concept of a modern application as a set of independent, distributed, and loosely coupled services running in the cloud. Spring Cloud Stream is a framework for building these services and connecting them with shared messaging systems.
In this hands-on session, we’ll look at some of the new features and enhancements that are already part of the 2.0 line, and discuss what we’re working on and what to expect.
Presenter : Oleg Zhurakousky, Pivotal
Cloud Computing and Security - by KLC Consultingkylelai
Here is the presentation about the cloud computing fundamentals, what it is, what it take to go to cloud computing environment, what questions to ask before you jump into cloud computing, what risk and security measures you should understand. Afterviewing this presentation you should have basic understanding about cloud computing and cloud security. This presentation also provides cloud computing and security resources and links for more informations on cloud computing security.
Similar to [이찬우 강사] Security plus saas security assessment_2021.04 (20)
AI_introduction and requirements(2024.05.12).pdfLee Chanwoo
AI_introduction and requirements, Considerations for introducing artificial intelligence, understanding machine learning, artificial intelligence security, considerations for introducing ChatGPT, future of generative AI
bithumb_Privacy_Lecture(2021.12)
Personal information protection education, personal information accident cases, personal information protection usage method, importance of personal information protection, personal information protection practice rules
[이찬우 강사] Information security and digital sex crime_lecture(2020.09)Lee Chanwoo
Information security and digital sex crime, Digital Sex Crime Prevention Instructor Course, Definition and examples of information protection, definition of digital sexual crime and countermeasures
[이찬우 강사] Korea it information security academy public seminar presentation_st...Lee Chanwoo
[이찬우 강사] Korea it information security academy public seminar presentation_strategy for information security job_final version(20180106), 정보보안을 위한 취업전략
[이찬우 강사] Gyeonggi Institute of Science & Technology Promotion_employee inform...Lee Chanwoo
[이찬우 강사] Gyeonggi Institute of Science & Technology Promotion_employee information security education_Cyber security trends 201802 - 제4차 산업혁명 시대를 맞이한 사이버 정보보안 이슈 및 동향
This document discusses three key aspects of customizing security that everyone should know. It discusses (1) creating one's own security framework, (2) realizing threats and what is known, and (3) distinguishing between important and unimportant security issues in an increasingly complex IT environment. The document emphasizes the importance of having an accurate concept, broadening one's insights, and defining what is necessary versus optional in one's security approach.
Ready to Unlock the Power of Blockchain!Toptal Tech
Imagine a world where data flows freely, yet remains secure. A world where trust is built into the fabric of every transaction. This is the promise of blockchain, a revolutionary technology poised to reshape our digital landscape.
Toptal Tech is at the forefront of this innovation, connecting you with the brightest minds in blockchain development. Together, we can unlock the potential of this transformative technology, building a future of transparency, security, and endless possibilities.
Discover the benefits of outsourcing SEO to Indiadavidjhones387
"Discover the benefits of outsourcing SEO to India! From cost-effective services and expert professionals to round-the-clock work advantages, learn how your business can achieve digital success with Indian SEO solutions.
HijackLoader Evolution: Interactive Process HollowingDonato Onofri
CrowdStrike researchers have identified a HijackLoader (aka IDAT Loader) sample that employs sophisticated evasion techniques to enhance the complexity of the threat. HijackLoader, an increasingly popular tool among adversaries for deploying additional payloads and tooling, continues to evolve as its developers experiment and enhance its capabilities.
In their analysis of a recent HijackLoader sample, CrowdStrike researchers discovered new techniques designed to increase the defense evasion capabilities of the loader. The malware developer used a standard process hollowing technique coupled with an additional trigger that was activated by the parent process writing to a pipe. This new approach, called "Interactive Process Hollowing", has the potential to make defense evasion stealthier.
11. 11
“Can refer to various references for SaaS security assessment.”
Preparation
2021 SecurityPlus
SaaS Security Assessment
✓ KISA, Cloud Service Information Security Guide(SaaS)
✓ KISA, Cloud Vulnerability Analysis Guide
✓ SK Infosec, Cloud Security Guide
✓ CIS Benchmark for Cloud Services
✓ Vendor, Reference Architecture Guide for SaaS
Copyright 2021. Chanwoo Lee All rights reserved.
“Must develop our own framework.”
12. Source Link : https://www.bettercloud.com/monitor/saas-operations-management/
SaaS Management Reference Architecture
13. 13
“Can derive your requirements through a security assessment.”
Assessment
2021 SecurityPlus
SaaS Security Assessment
✓ Service : Business and background
✓ Data : Legal and Privacy
✓ Architecture : Design and Configuration
✓ Application : Vendor and Product
✓ Authority : Accounts and Authentication
✓ Security Control : Data Leakage and Malware
✓ Monitoring : Log feeding and Integration
✓ Stakeholder : Role and Responsibility
Copyright 2021. Chanwoo Lee All rights reserved.
“Must analyze various use cases.”
14. Source Link : https://securityboulevard.com/2019/04/penetration-testing-for-saas-companies/
SaaS Security Reference Architecture
15. 15
“Must implement the requirements you have derived.”
F/up
2021 SecurityPlus
SaaS Security Assessment
[Data]
✓ Personal Information protection
✓ SSL/TLS Encryption
✓ Data and password Encryption
✓ Data Retention
✓ Tenant Restriction
✓ Sharing and Download permission disable
✓ Upload File Scanning
✓ Validation of file extension
Copyright 2021. Chanwoo Lee All rights reserved.
16. 16
“Must implement the requirements you have derived.”
F/up
2021 SecurityPlus
SaaS Security Assessment
[Access]
✓ SSO/SAML Integration
✓ IP Restriction
✓ Multi-Factor Authentication
✓ Guest Access Control
✓ Session Timeout
✓ Concurrent-session Control
✓ Minimizing Pre-defined roles and permissions
Copyright 2021. Chanwoo Lee All rights reserved.
17. 17
“Must implement the requirements you have derived.”
F/up
2021 SecurityPlus
SaaS Security Assessment
[Etc]
✓ Log management
✓ SIEM integration
✓ Management of API Key, Plug-in, Third-Party Program
✓ Application Configuration Analysis
Copyright 2021. Chanwoo Lee All rights reserved.
“Must discuss with stakeholders in advance.”
18. Source Link : https://www.hubspot.com/pricing/
SaaS Pricing Model(Subscription)
19. Source Link : https://www.atlassian.com/ko/software/jira
Issue Tracking system(Ex. JIRA)
20. 20
“Must get visibility and evaluate periodically.”
Evaluation
2021 SecurityPlus
SaaS Security Assessment
✓ Is the Assessment process operating as designed?
✓ What are the ways to improve the Assessment process?
✓ Has the security level of our company increased through
the Assessment process?
✓ Did you miss anything in the Assessment process?
✓ What are the problems you are facing while Assessment
process?
✓ What can you create after solving those problems?
Copyright 2021. Chanwoo Lee All rights reserved.
“Must evaluate on a paper and evidence basis.”
21. Source Link : https://docs.servicenow.com/
Dashboard(Ex. ServiceNow)
22. Source Link : https://congruentagile.com/2020/03/16/less-sprint/
Review and Retrospective
25. Changing people through technology
Chanwoo Lee | Richard
Blog blog.naver.com/jg706
Facebook www.facebook.com/jg706
Slideshare www.slideshare.net/jg706
Linkedin www.linkedin.com/in/jg706
Youtube www.youtube.com/channel/UC5Hs9p5_euXJbaf5E7Hx7Ag
jg719411@nate.com | 010-4772-0130