It appears that any successful attack these days is labeled, Sophisticated. The implication is that the attacks were unpreventable. The reality is very different. We dissect recent attacks, and then go through how they could have been prevented. Advanced Persistent Security principles are applied to demonstrate how even successful breaches can be contained to significantly reduce loss.
(Source: RSA USA 2016-San Francisco)
Safe never sleep - a peak into the IT underworld. Security briefing from McAfee and Global Micro - Microsoft Hosting Partner of the Year 2010 and 2011. Presentation by Christo Van Staden www.globalmicro.co.za. Follow me on twitter @jjrmilner
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...Luigi Delgrosso
Recorded Webinar at http://event.on24.com/wcc/r/1117340/BECF92C8BBDF5B51399A8FB934C97054
This Webinar has been hold in Italian language by Luigi Delgrosso and Fabrizio Patriarca.
Please contact them to get additional details and get a visit on site
The paper covers honeypot (and honeynet) basics and definitions and then outlines important implementation and setup guidelines. It also describes some of the security lessons a company can derive from running a honeypot, based on the author experience running a research honeypot. The article also provides insights on techniques of the attackers and concludes with considerations useful for answering the question “Should your organization deploy a honeynet?”
Safe never sleep - a peak into the IT underworld. Security briefing from McAfee and Global Micro - Microsoft Hosting Partner of the Year 2010 and 2011. Presentation by Christo Van Staden www.globalmicro.co.za. Follow me on twitter @jjrmilner
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...Luigi Delgrosso
Recorded Webinar at http://event.on24.com/wcc/r/1117340/BECF92C8BBDF5B51399A8FB934C97054
This Webinar has been hold in Italian language by Luigi Delgrosso and Fabrizio Patriarca.
Please contact them to get additional details and get a visit on site
The paper covers honeypot (and honeynet) basics and definitions and then outlines important implementation and setup guidelines. It also describes some of the security lessons a company can derive from running a honeypot, based on the author experience running a research honeypot. The article also provides insights on techniques of the attackers and concludes with considerations useful for answering the question “Should your organization deploy a honeynet?”
Peter Wood has worked as an ethical hacker for the past 20 years, with clients in sectors as diverse as banking, insurance, retail and manufacturing. He will describe how advanced persistent threats operate from a security intelligence perspective, based on published case studies and analysis. He will highlight APT entry points and exploitation techniques and suggest practical prevention and detection strategies.
AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...AlienVault
Due to the recent, well-publicized events involving celebrities and their private photos, the phrase “brute-force attack” has become the web’s newest buzzword. As an IT professional, it’s vital that you detect brute force attacks as quickly as possible so you can shut them down before the damage is done. Join us for a live demo, where we’ll demonstrate a brute force attack (simulated, of course!) and show how AlienVault USM can help you detect an (attempted) intruder and investigate the attack.
You'll learn:
How attackers can use brute force attacks to gain access to your network
Measures you can take to better secure your environment and prevent these attacks
How AlienVault USM alerts you immediately of brute force attack attempts, giving you valuable time to shut it down
How to use AlienVault USM to investigate an attack and identify compromised assets
The Information Security Community on LinkedIn, with the support of Cybereason, conducted a comprehensive online research project to gain
more insight into the state of threat hunting in security
operation centers (SOCs). When the 330 cybersecurity and IT professionals were asked what keeps them up at night, many comments revolved around a central theme of undetected threats slipping through an organization’s defenses. Many
responses included “unknown” and “advanced” when
describing threats, indicating the respondents understand
the challenges and fear those emerging threats.
Read the full report here.
Advanced Persistent Threats (APTs) are a serious concern as they represent a threat to an organization’s intellectual property, financial assets and reputation. In some cases, these threats target critical infrastructure and government institutions, thereby threatening the country’s national security itself.
Applied cognitive security complementing the security analyst Priyanka Aash
Security incidents are increasing dramatically and becoming more sophisticated, making it almost impossible for security analysts to keep up. A cognitive solution that can learn about security from structured and unstructured information sources is essential. It can be applied to empower security analysts with insights to qualify incidents and investigate risks quickly and accurately.
(Source : RSA Conference 2017)
Intelligence-Led Security: Powering the Future of Cyber DefensePriyanka Aash
A new class of intelligence-led security is powering the future of cyber-defense, driven by deeper and broader visibility into the attacker ecosystem. This session will look at how intelligence is influencing the development of security products/services and how defenses will benefit from the integration of data from across IT/security operations with insights on the evolving threat landscape.
(Source: RSA Conference USA 2017)
Peter Wood has worked as an ethical hacker for the past 20 years, with clients in sectors as diverse as banking, insurance, retail and manufacturing. He will describe how advanced persistent threats operate from a security intelligence perspective, based on published case studies and analysis. He will highlight APT entry points and exploitation techniques and suggest practical prevention and detection strategies.
AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...AlienVault
Due to the recent, well-publicized events involving celebrities and their private photos, the phrase “brute-force attack” has become the web’s newest buzzword. As an IT professional, it’s vital that you detect brute force attacks as quickly as possible so you can shut them down before the damage is done. Join us for a live demo, where we’ll demonstrate a brute force attack (simulated, of course!) and show how AlienVault USM can help you detect an (attempted) intruder and investigate the attack.
You'll learn:
How attackers can use brute force attacks to gain access to your network
Measures you can take to better secure your environment and prevent these attacks
How AlienVault USM alerts you immediately of brute force attack attempts, giving you valuable time to shut it down
How to use AlienVault USM to investigate an attack and identify compromised assets
The Information Security Community on LinkedIn, with the support of Cybereason, conducted a comprehensive online research project to gain
more insight into the state of threat hunting in security
operation centers (SOCs). When the 330 cybersecurity and IT professionals were asked what keeps them up at night, many comments revolved around a central theme of undetected threats slipping through an organization’s defenses. Many
responses included “unknown” and “advanced” when
describing threats, indicating the respondents understand
the challenges and fear those emerging threats.
Read the full report here.
Advanced Persistent Threats (APTs) are a serious concern as they represent a threat to an organization’s intellectual property, financial assets and reputation. In some cases, these threats target critical infrastructure and government institutions, thereby threatening the country’s national security itself.
Applied cognitive security complementing the security analyst Priyanka Aash
Security incidents are increasing dramatically and becoming more sophisticated, making it almost impossible for security analysts to keep up. A cognitive solution that can learn about security from structured and unstructured information sources is essential. It can be applied to empower security analysts with insights to qualify incidents and investigate risks quickly and accurately.
(Source : RSA Conference 2017)
Intelligence-Led Security: Powering the Future of Cyber DefensePriyanka Aash
A new class of intelligence-led security is powering the future of cyber-defense, driven by deeper and broader visibility into the attacker ecosystem. This session will look at how intelligence is influencing the development of security products/services and how defenses will benefit from the integration of data from across IT/security operations with insights on the evolving threat landscape.
(Source: RSA Conference USA 2017)
Make IR Effective with Risk Evaluation and ReportingPriyanka Aash
Today, determining risk of a cyberattack is the generic vulnerability or malware rating ignoring aspects of how the business is impacted. Understanding the vulnerability state of the network, reputational risk, business loss, cost of IR and reconstitution cost are rarely understood. This presentation will show a data-driven approach to IR prioritizing response based on risk and business impact.
(Source: RSA USA 2016-San Francisco)
Introduction and a Look at Security TrendsPriyanka Aash
The security industry has significantly changed over the last 25 years, as reflected in the content at RSA Conference. This introductory session will look at some of the major shifts, the economics that are driving the shifts, and the trends that are shaping current and future directions.
(Source: RSA USA 2016-San Francisco)
Security professionals often call people “the weakest link.” We claim that they'll always make mistakes, however hard we try, and throw up our hands. But the simple truth is that we can help people do well at a wide variety of security tasks, and it’s easy to get started. Building on work in usable security and threat modeling, this session will give you actionable, proven ways to secure people.
(Source: RSA USA 2016-San Francisco)
Briefing the board lessons learned from cisos and directorsPriyanka Aash
Communicating effectively with the board of directors can make or break a security program. Across 2016, John Pescatore and Alan Paller of SANS talked with dozens of CISOs and several members of corporate boards and distilled down a set of best practices and lessons learned. This session will present the findings from that effort, with lessons learned from real-world board sessions.
(Source : RSA Conference USA 2017)
Introduction to the Current Threat LandscapeMelbourne IT
Do you know what threats are lurking in the shadows? Have you been compromised without even knowing about it? Most companies don't even know if their business has been subjected to attacks and even worse, may have lost sensitive data without knowing about it until it’s too late.
The latest vulnerabilities highlight the extent and depth that hackers are adopting to steal your content or destroy trust in your brand. Our industry experts joining us for the presentation have a wealth of experience in robust security strategies and will be discussing the current online threat landscape, the most prominent approaches to security breaches and what you need to consider to protect your online presence from any potential malicious attacks.
About Melbourne IT:
Melbourne IT Enterprise Services designs, builds and operates custom cloud solutions for Australia’s leading enterprises. Its expert staff help enterprises solve business challenges and build cultures that enable organisations to use technology investments efficiently to improve long-term value. With more than 15 years’ experience in delivering managed outcomes to Australian enterprises, Melbourne IT has been long associated with enabling success. Its certified cloud, consulting, and security experts repeatedly deliver results. Many of the brands you already know and trust rely on Melbourne IT. For more information, visit www.melbourneitenterprise.com.au
Three Considerations To Amplify Your Detection and Response ProgramMorphick
View the webinar on demand now! https://goo.gl/Mvv4Hw
Defensive security technologies increasingly fail to prevent advanced attackers from gaining access to enterprise networks. Sophisticated attackers can only be stopped by proactive security measures that harness skilled analysts and advanced technology.
Join Morphick and Endgame for a webinar to learn effective strategies to detect and eliminate advanced threats in your Enterprise. This webinar will highlight:
- Today’s security landscape
- How to close the protection gap
- Three strategic considerations to stop advanced threats
Dave Hogue provided one of the first in-depth perspectives from a “Day in the Life” of NSA’s Cybersecurity Threat Operations Center (NCTOC)—the mission, threat landscape, and offer best principles for CISOs and other network defenders. Mr. Hogue equipped the audience with actionable insights that they can implement into their daily operations.
(Source: RSA Conference USA 2018)
Learnings from the Cloud: What to Watch When Watching for BreachPriyanka Aash
Protecting against account breach and misuse when using a cloud service can be challenging, as the cloud service decides what tooling is available, and control may be limited. This session will share learnings and best practices from the Office 365 engineering team: from the patterns observed, what are best practices to protect against account breach?
(Source: RSA Conference USA 2017)
Opening the Door to DoD Perspectives on Cyber Threat IntelligencePriyanka Aash
Cyberthreats are growing in volume and variety. It is critical for the security industry to understand how to help DoD improve its cyber-intelligence. Defense Intelligence Officer for Cyber, Mr. Carback, will share DoD imperatives that will baseline your understanding of the actors, their intent and impact, the role of cyber-intelligence in DoD, and how we can partner together.
(Source: RSA Conference USA 2017)
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
Key Discussion Pointers:
1. Introduction to Data Privacy
- What is data privacy
- Privacy laws around the globe
- DPDPA Journey
2. Understanding the New Indian DPDPA 2023
- Objectives
- Principles of DPDPA
- Applicability
- Rights & Duties of Individuals
- Principals
- Legal implications/penalties
3. A practical approach to DPDPA compliance
- Personal data Inventory
- DPIA
- Risk treatment
It covers popular IaaS/PaaS attack vectors, list them, and map to other relevant projects such as STRIDE & MITRE. Security professionals can better understand what are the common attack vectors that are utilized in attacks, examples for previous events, and where they should focus their controls and security efforts.
Discuss Security Incidents & Business Use Case, Understanding Web 3 Pros
and Web 3 Cons. Prevention mechanism and how to make sure that it doesn’t happen to you?
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
Round Table Discussion On "Emerging New Threats And Top CISO Priorities In 2022"_ Bangalore
Date - 28 September, 2022. Decision Makers of different organizations joined this discussion and spoke on New Threats & Top CISO Priorities
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
Cloud Security Groups are the firewalls of the cloud. They are built-in and provide basic access control functionality as part of the shared responsibility model. However, Cloud Security Groups do not provide the same protection or functionality that enterprises have come to expect with on-premises deployments. In this talk we will discuss the top cloud risks in 2020, why perimeters are a concept of the past and how in the world of no perimitiers do Cloud Security groups, the "Cloud FIrewalls", fit it. We will practically explore Cloud Security Group limitations across different cloud setups from a single vNet to multi-cloud
Most organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems. However, once the policies are signed by senior leadership and distributed throughout the organization, significant cybersecurity governance challenges remain. In this workshop I will explain the transforming organizational security to strengthen defenses and integrate cybersecurity with the overall approach toward security governance, risk management and compliance.
The Internet is home to seemingly infinite amounts of confidential and personal information. As a result of this mass storage of information, the system needs to be constantly updated and enforced to prevent hackers from retrieving such valuable and sensitive data. This increasing number of cyber-attacks has led to an increasing importance of Ethical Hacking. So Ethical hackers' job is to scan vulnerabilities and to find potential threats on a computer or networks. An ethical hacker finds the weakness or loopholes in a computer, web applications or network and reports them to the organization. It requires a thorough knowledge of Networks, web servers, computer viruses, SQL (Structured Query Language), cryptography, penetration testing, Attacks etc. In this session, you will learn all about ethical hacking. You will understand the what ethical hacking, Cyber- attacks, Tools and some hands-on demos. This session will also guide you with the various ethical hacking certifications available today.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
Sophisticated Attacks vs. Advanced Persistent Security
1. SESSION ID:
#RSAC
Araceli Treu Gomes
Advanced Persistent Security
to Combat
Advanced Persistent Threat
EXP-R03
Subject Matter Expert –
Intelligence and Investigations
Dell SecureWorks
@sleepdeficit_
Ira Winkler, CISSP
President
Secure Mentem
@irawinkler
2. #RSAC
Why The Hype Matters to Us
2
It destroys our focus
It changes the story
It asks questions that shouldn’t be asked
It deflects blame
Bad security vs unstoppable enemy
“If the top organizations can be hit, there is no way anyone will
expect us to stop the attacks”
3. #RSAC
The Question That Should Be Asked
3
Was it really a “sophisticated” attack, or
just bad security?
4. #RSAC
The Proclaimed “Sophisticated Attacks”
4
Hacking Team
IRS
Ashley Madison
Anthem
Premera
You name it, it’s sophisticated according to someone
5. #RSAC
It Can Also Help You
5
It gets people talking about security
Use the narrative to help your cause
If management is concerned about the hype, use it
Highlighting the common vulnerabilities exploited during attacks
can get you funding to mitigate similar vulnerabilities
Stating how your security would have stopped the attacks would
give you kudos
6. #RSAC
Hacking Team
6
Notable in that they supposedly support law enforcement and
had zero day vulnerabilities
Embarrassing data to customers
Leak of vulnerabilities causing ripple effect
8. #RSAC
IRS Breach
8
330,000 records compromised through Get Transcript function
400,000 attempted breaches
Compromised authentication scheme
Required “information on the taxpayer had”
Hmmmm….
Criminal downloaded records, filed false tax returns
Stole $50 Million
IRS Commissioner said it couldn’t be stopped citing
Smart criminals with lots of advanced computers, hiring smart people
OMG
9. #RSAC
Sophisticated?
9
All the criminals needed were credit reports
IRS used commercial system that asked questions with answers
available through credit reports
Went undetected for 400,000 relatively intensive attempts
10. #RSAC
Ashley Madison
10
Compromise of clients and client information
Led to suicides
Led to great embarrassment for others
Demonstrated that they did not delete accounts as
promised
Released sensitive internal documents
Revealed that there weren’t many real women on
site
11. #RSAC
Sophisticated?
11
SQL injection attacks likely
Criminals claimed that network poorly segmented
Pass1234 was root password on all servers
Poor password encryption used
Data not deleted
Arrogance
12. #RSAC
Anthem
12
80,000,000 health care records compromised
Largest breach of his type
This one was personal
Potentially perpetrated by China
Seemed to have signature of Deep Panda, and pandas are from
China
A large number of people have government access
16. #RSAC
Preventing the IRS Attack
16
Frankly authentication might not be feasible to strengthen
Better detection
IP analysis
Rapid increase in requests
Focus on misuse detection
17. #RSAC
The Irari Rules of Sophisticated Attacks
17
Must not actualize because of a
Phishing message
Malware must have been undetectable
Passwords were not easily guessed
User awareness exploited with poor
awareness program in place
Known vulnerabilities cannot have been
exploited
Multifactor authentication in use on
critical systems
Passwords were not hardcoded into the
systems (or on TV)
Detection capability was in place and
not ignored
Proper network segmentation in place
User accounts had minimum privileges
18. #RSAC
Advanced Persistent Threat or
ADAPTIVE Persistent Threat?
18
They are Persistent
They are a Threat
But they are more adaptive than they are advanced
Advanced implies sophisticated
Sophisticated implies unstoppable
19. #RSAC
APT Assumes Failure
19
Actually, “successful” APT assumes failure
They assume there will be countermeasures in place
They assume there will be detection mechanisms
They know they need to be adaptive
They are proactive
“Be like water” – Bruce Lee
22. #RSAC
Advanced Persistent Security
22
Fight APT with APS
Adaptive Persistent Security, but Advanced Persistent Security is
a better buzz term
Security programs must be adaptive
Security programs must assume failure
Designed to presume failure
Extrusion prevention > Intrusion prevention
23. #RSAC
Risk Management Implies Failure is Acceptable
IRS hack demonstrates availability requires better detection, not
prevention
It can be more cost effective
Better detection = Better protection
Security is about Risk Management not perfect prevention
Detection and reaction mitigate loss that cannot be prevented
Adversary disruption is an acceptable “Security” strategy
Kill Chain Analysis
Goal is exit prevention
25. #RSAC
Proaction
Design program always looking for failures
Determine where failure is likely to occur
Perform threat intelligence to determine likely attackers and
attack vectors
Implement security countermeasures as appropriate
Implement detection
Build the ability to modify protection into your program
27. #RSAC
Protection
27
Understand what you Value
Understand your Threats
What they target
What they value
Likely attack vectors
Determine your vulnerabilities
Prioritize countermeasures based on likely
threats and vulnerabilities
Address security culture
28. #RSAC
Detection
Understand your Kill Chain
Detection Deficit Disorder
Avoid it
Human sensors
Constantly examine the data
Assume critical assets are being stolen
Assume networks are compromised and look
for indications
29. #RSAC
Reaction
Reaction should be anticipated as being a common circumstance
Reaction built into security program and architecture
Determine who’s attacking you
What are their attack methods
Look for additional attacks
Be a hunter
Feedback into Protection
Remember, your goal is exit prevention
Extrusion prevention is more manageable intrusion prevention
30. #RSAC
The Role of Security Culture/Awareness
People have a role in Prevention, Detection, and Reaction
A strong security culture prevents incidents
People should behave appropriately
A strong security culture detects incidents in progress
Snowden’s coworkers should have noticed suspicious activity
Detecting incidents, phishing, etc.
Reaction
Reporting
Taking actions to mitigate incidents before they get too
damaging
31. #RSAC
Conclusions
31
Attackers are successful not because they are advanced or
sophisticated, but because they are adaptive and persistent
Be adaptive and persistent in response
Be proactive
Failure is expected
Failure can be good
Implement Advanced Persistent Security
32. #RSAC
“Apply” Slide
32
Next week you should:
Determine whether you have a “Security” program or a
“Prevention” program
Within 3 months you should:
Reevaluate your awareness program
Determine the protection of your critical data
Analyze your likely threats
Determine if you have Detection Deficit Disorder
Within 6 months you should:
Reevaluate the structure of your overall security program