Amid privacy concerns and after a decade-long battle, the U.S. Cybersecurity Information Sharing Act (CISA) of 2015 was passed. Critics claim CISA is a surveillance bill in disguise; proponents claim the act provides a needed legal framework for information sharing. Can CISA actually improve cyberdefense without risking privacy? Are there unforeseen roadblocks? What about STIX/TAXII?
(Source: RSA USA 2016-San Francisco)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)WAJAHAT IQBAL
This post contains detailed Mindmap related to Complex subject of Cyber security and address critical components summarized as below:
- Cyber Security standards
- SOC (Security Operation Center)
- Cybersecurity Lifecycle
- Hacker Kill Chain
- Malware (Types,Protection Mechanism)
- Cyber Architecture
- CSC (Critical Security Standards)
- Incident Management
- Network Perimeter best security practices
- Final Case Study
I hope the Technical post is appreciated and liked by Security Consultants and Subject Matter experts on Cybersecurity.Your criticals Inputs are appreciated.Thank you
- Wajahat Iqbal
(Wajahat_Iqbal@Yahoo.com)
SOC presentation- Building a Security Operations CenterMichael Nickle
Presentation I used to give on the topic of using a SIM/SIEM to unify the information stream flowing into the SOC. This piece of collateral was used to help close the largest SIEM deal (Product and services) that my employer achieved with this product line.
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)WAJAHAT IQBAL
This post contains detailed Mindmap related to Complex subject of Cyber security and address critical components summarized as below:
- Cyber Security standards
- SOC (Security Operation Center)
- Cybersecurity Lifecycle
- Hacker Kill Chain
- Malware (Types,Protection Mechanism)
- Cyber Architecture
- CSC (Critical Security Standards)
- Incident Management
- Network Perimeter best security practices
- Final Case Study
I hope the Technical post is appreciated and liked by Security Consultants and Subject Matter experts on Cybersecurity.Your criticals Inputs are appreciated.Thank you
- Wajahat Iqbal
(Wajahat_Iqbal@Yahoo.com)
SOC presentation- Building a Security Operations CenterMichael Nickle
Presentation I used to give on the topic of using a SIM/SIEM to unify the information stream flowing into the SOC. This piece of collateral was used to help close the largest SIEM deal (Product and services) that my employer achieved with this product line.
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...MITRE ATT&CK
From ATT&CKcon 3.0
By Jason Wood and Justin Swisher, CrowdStrike
When it comes to understanding and tracking intrusion tradecraft, security teams must have the tools and processes that allow the mapping of hands-on adversary tradecraft. Doing this enables your team to both understand the adversaries and attacks you currently see and observe how these adversaries and attacks evolve over time. This session will explore how a threat hunting team uses MITRE ATT&CK to understand and categorize adversary activity. The team will demonstrate how threat hunters map ATT&CK TTPs by showcasing a recent interactive intrusion against a Linux endpoint and how the framework allowed for granular tracking of tradecraft and enhanced security operations. They will also take a look into the changes in the Linux activity they have observed over time, using the ATT&CK navigator to compare and contrast technique usage. This session will provide insights into how we use MITRE ATT&CK as a powerful resource to track intrusion tradecraft, identify adversary trends, and prepare for attacks of the future.
Cyber Security Trends
Business Concerns
Cyber Threats
The Solutions
Security Operation Center
requirement
SOC Architecture model
SOC Implementation
SOC & NOC
SOC & CSIRT
SIEM & Correlation
-----------------------------------------------------------
Definition
Gartner defines a SOC as both a team, often operating in shifts around the clock, and a facility dedicated to and organized to prevent, detect, assess and respond to cybersecurity threats and incidents, and to fulfill and assess regulatory compliance. The term "cybersecurity operation center "is often used synonymously for SOC.
A network operations center (NOC) is not a SOC, which focuses on network device management rather than detecting and responding to cybersecurity incidents. Coordination between the two is common, however.
A managed security service is not the same as having a SOC — although a service provider may offer services from a SOC. A managed service is a shared resource and not solely dedicated to a single organization or entity. Similarly, there is no such thing as a managed SOC.
Most of the technologies, processes and best practices that are used in a SOC are not specific to a SOC. Incident response or vulnerability management remain the same, whether delivered from a SOC or not. It is a meta-topic, involving many security domains and disciplines, and depending on the services and functions that are delivered by the SOC.
Services that often reside in a SOC are:
• Cyber security incident response
• Malware analysis
• Forensic analysis
• Threat intelligence analysis
• Risk analytics and attack path modeling
• Countermeasure implementation
• Vulnerability assessment
• Vulnerability analysis
• Penetration testing
• Remediation prioritization and coordination
• Security intelligence collection and fusion
• Security architecture design
• Security consulting
• Security awareness training
• Security audit data collection and distribution
Alternative names for SOC :
Security defense center (SDC)
Security intelligence center
Cyber security center
Threat defense center
security intelligence and operations center (SIOC)
Infrastructure Protection Centre (IPC)
مرکز عملیات امنیت
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
The cyber security profession has successfully established explicit guidance for practitioners to implement effective cyber security programs via the NIST Cyber Security Framework (CSF). The CSF provides both a roadmap and a measuring stick for effective cyber security. Application of the CSF within cyber is nothing new, but the resurgence of Enterprise Security Risk Management and Security Convergence highlight opportunities for expanded application for cyber, physical, and personnel security risks. This NIST CSF can help practitioners build a cross-pollenated understanding of holistic risk.
Main points covered:
• Understand the purpose, value, and application of the NIST CSF in familiar non-technical terms.
• Understand how the Functions and Categories of the NIST CSF (the CSF “Core”) and an organization's “current” and “target” profiles are relevant and valuable in a variety of sectors and environments.
• Understand how an organization’s physical and cyber security resources and stakeholders can align with the NIST CSF as a tool to achieve holistic security risk management.
Presenters:
David Feeney, CPP, PMP has 17 years of security industry experience assisting organizations with risk management matters specific to physical, personnel, and cyber security. He has 9 years of experience with service providers and 8 years of experience within enterprise security organizations. David has worked with industry leaders in the energy, technology, healthcare, and real estate sectors. Areas of specialization include Security Operations Center design and management, Security Systems design and implementation, and Enterprise Risk Management. David holds leadership positions in ASIS International and is also a member of the InfraGard FBI program. David holds Certification Protection Professional (CPP) and Project Management Professional (PMP) certifications.
Andrea LeStarge, MS has over ten years of experience in program management, risk analysis and curriculum development. Being specialized in Homeland Security, Andrea leverages her experience in formerly managing projects to support various Federal Government entities in identifying, detecting and responding to man-made, natural and cyber incidents. She has an established track record in recognizing security gaps and corrective risk mitigation options, while effectively communicating findings to stakeholders, private sector owners and operators, and first-responder personnel within tactical, operational and strategic levels. Overall, Andrea encompasses analytical tradecraft and demonstrates consistent, repeatable and defensible methodologies pertaining to risk and the elements of threat, vulnerability and consequence.
Recorded webinar: https://youtu.be/hxpuYtMQgf0
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
The broad list of topics include (but not limited to):
- What is Threat Intelligence?
- Type of Threat Intelligence?
- Intelligence Lifecycle
- Threat Intelligence - Classification & Vendor Landscape
- Threat Intelligence Standards (STIX, TAXII, etc.)
- Open Source Threat Intel Tools
- Incident Response
- Role of Threat Intel in Incident Response
- Bonus Agenda
This presentation describes penetration testing with a Who, What, Where, When, and How approach. In the presentation, you may discover the common pitfalls of a bad penetration test and you could identify a better one. You should be able to recognize and differentiate both looking at the methods (attitude) and result.
Designated IT security experts in Europe and Asia have been interviewed by RadarServices, the European market leader for managed security services, with regards to future IT security trends and challenges. They shared their views concerning the development of cyber attacks and security technologies until 2025.
This presentation will provide an overview of what a penetration test is, why companies pay for them, and what role they play in most IT security programs. It will also include a brief overview of the common skill sets and tools used by today’s security professionals. Finally, it will offer some basic advice for getting started in penetration testing. This should be interesting to aspiring pentesters trying to gain a better understanding of how penetration testing fits into the larger IT security world.
Additional resources can be found in the blog below:
https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers
More security blogs by the authors can be found @
https://www.netspi.com/blog/
How To Present Cyber Security To Senior Management Complete DeckSlideTeam
This template is useful in presenting cybersecurity plan to higher authority. Cybersecurity officer will present it to top level management. It will help in determining the roles and responsibilities of senior management and executives who are responsible in handling risks. Firm will also optimize its cybersecurity risk framework. Firm will assess the current concerns that are impeding cybersecurity in terms of increase in cybercrimes, data breach and exposure and amount spent on settlements. It will also analyze firm its current cybersecurity framework. Firm will categorize various risk and will assess them on parameters such as risk likelihood and severity. The IT department will also improve their incident handling mechanism. Cybersecurity contingency plan will be initiated by firm. In this plan, firm will build an alternate site for backup maintenance. Backup site selection will be done by keeping certain parameters into consideration such as cost for implementation, duration, location, etc. The other plan essentials include business impact assessment, vital record maintenance, recovery task list maintenance, etc. The template also includes information regarding the role of personnel in terms of role and responsibilities of line managers, senior managers and executives in risk management. It also includes information related to the role of top management in ensuring effective information security governance. The information regarding the budget required for the cybersecurity plan implementation is also provided with staff training cost. https://bit.ly/3iSww5L
Mapping ATT&CK Techniques to ENGAGE ActivitiesMITRE ATT&CK
From ATT&CKcon 3.0
By David Barroso, CounterCraft
When an adversary engages in a specific behavior, they are vulnerable to expose an unintended weakness. By looking at each ATT&CK technique, we can examine the weaknesses revealed and identify an engagement activity or activities to exploit this weakness.
During the presentation we will see some real examples of how we can use different ATT&CK techniques in order to plan different adversary engagement activities.
The Cybersecurity Information Sharing Act (CISA) would spur cyber threat information sharing in smart ways that protect and respect privacy. The bipartisan bill includes compromises from multiple stakeholders.
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...MITRE ATT&CK
From ATT&CKcon 3.0
By Jason Wood and Justin Swisher, CrowdStrike
When it comes to understanding and tracking intrusion tradecraft, security teams must have the tools and processes that allow the mapping of hands-on adversary tradecraft. Doing this enables your team to both understand the adversaries and attacks you currently see and observe how these adversaries and attacks evolve over time. This session will explore how a threat hunting team uses MITRE ATT&CK to understand and categorize adversary activity. The team will demonstrate how threat hunters map ATT&CK TTPs by showcasing a recent interactive intrusion against a Linux endpoint and how the framework allowed for granular tracking of tradecraft and enhanced security operations. They will also take a look into the changes in the Linux activity they have observed over time, using the ATT&CK navigator to compare and contrast technique usage. This session will provide insights into how we use MITRE ATT&CK as a powerful resource to track intrusion tradecraft, identify adversary trends, and prepare for attacks of the future.
Cyber Security Trends
Business Concerns
Cyber Threats
The Solutions
Security Operation Center
requirement
SOC Architecture model
SOC Implementation
SOC & NOC
SOC & CSIRT
SIEM & Correlation
-----------------------------------------------------------
Definition
Gartner defines a SOC as both a team, often operating in shifts around the clock, and a facility dedicated to and organized to prevent, detect, assess and respond to cybersecurity threats and incidents, and to fulfill and assess regulatory compliance. The term "cybersecurity operation center "is often used synonymously for SOC.
A network operations center (NOC) is not a SOC, which focuses on network device management rather than detecting and responding to cybersecurity incidents. Coordination between the two is common, however.
A managed security service is not the same as having a SOC — although a service provider may offer services from a SOC. A managed service is a shared resource and not solely dedicated to a single organization or entity. Similarly, there is no such thing as a managed SOC.
Most of the technologies, processes and best practices that are used in a SOC are not specific to a SOC. Incident response or vulnerability management remain the same, whether delivered from a SOC or not. It is a meta-topic, involving many security domains and disciplines, and depending on the services and functions that are delivered by the SOC.
Services that often reside in a SOC are:
• Cyber security incident response
• Malware analysis
• Forensic analysis
• Threat intelligence analysis
• Risk analytics and attack path modeling
• Countermeasure implementation
• Vulnerability assessment
• Vulnerability analysis
• Penetration testing
• Remediation prioritization and coordination
• Security intelligence collection and fusion
• Security architecture design
• Security consulting
• Security awareness training
• Security audit data collection and distribution
Alternative names for SOC :
Security defense center (SDC)
Security intelligence center
Cyber security center
Threat defense center
security intelligence and operations center (SIOC)
Infrastructure Protection Centre (IPC)
مرکز عملیات امنیت
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
The cyber security profession has successfully established explicit guidance for practitioners to implement effective cyber security programs via the NIST Cyber Security Framework (CSF). The CSF provides both a roadmap and a measuring stick for effective cyber security. Application of the CSF within cyber is nothing new, but the resurgence of Enterprise Security Risk Management and Security Convergence highlight opportunities for expanded application for cyber, physical, and personnel security risks. This NIST CSF can help practitioners build a cross-pollenated understanding of holistic risk.
Main points covered:
• Understand the purpose, value, and application of the NIST CSF in familiar non-technical terms.
• Understand how the Functions and Categories of the NIST CSF (the CSF “Core”) and an organization's “current” and “target” profiles are relevant and valuable in a variety of sectors and environments.
• Understand how an organization’s physical and cyber security resources and stakeholders can align with the NIST CSF as a tool to achieve holistic security risk management.
Presenters:
David Feeney, CPP, PMP has 17 years of security industry experience assisting organizations with risk management matters specific to physical, personnel, and cyber security. He has 9 years of experience with service providers and 8 years of experience within enterprise security organizations. David has worked with industry leaders in the energy, technology, healthcare, and real estate sectors. Areas of specialization include Security Operations Center design and management, Security Systems design and implementation, and Enterprise Risk Management. David holds leadership positions in ASIS International and is also a member of the InfraGard FBI program. David holds Certification Protection Professional (CPP) and Project Management Professional (PMP) certifications.
Andrea LeStarge, MS has over ten years of experience in program management, risk analysis and curriculum development. Being specialized in Homeland Security, Andrea leverages her experience in formerly managing projects to support various Federal Government entities in identifying, detecting and responding to man-made, natural and cyber incidents. She has an established track record in recognizing security gaps and corrective risk mitigation options, while effectively communicating findings to stakeholders, private sector owners and operators, and first-responder personnel within tactical, operational and strategic levels. Overall, Andrea encompasses analytical tradecraft and demonstrates consistent, repeatable and defensible methodologies pertaining to risk and the elements of threat, vulnerability and consequence.
Recorded webinar: https://youtu.be/hxpuYtMQgf0
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
The broad list of topics include (but not limited to):
- What is Threat Intelligence?
- Type of Threat Intelligence?
- Intelligence Lifecycle
- Threat Intelligence - Classification & Vendor Landscape
- Threat Intelligence Standards (STIX, TAXII, etc.)
- Open Source Threat Intel Tools
- Incident Response
- Role of Threat Intel in Incident Response
- Bonus Agenda
This presentation describes penetration testing with a Who, What, Where, When, and How approach. In the presentation, you may discover the common pitfalls of a bad penetration test and you could identify a better one. You should be able to recognize and differentiate both looking at the methods (attitude) and result.
Designated IT security experts in Europe and Asia have been interviewed by RadarServices, the European market leader for managed security services, with regards to future IT security trends and challenges. They shared their views concerning the development of cyber attacks and security technologies until 2025.
This presentation will provide an overview of what a penetration test is, why companies pay for them, and what role they play in most IT security programs. It will also include a brief overview of the common skill sets and tools used by today’s security professionals. Finally, it will offer some basic advice for getting started in penetration testing. This should be interesting to aspiring pentesters trying to gain a better understanding of how penetration testing fits into the larger IT security world.
Additional resources can be found in the blog below:
https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers
More security blogs by the authors can be found @
https://www.netspi.com/blog/
How To Present Cyber Security To Senior Management Complete DeckSlideTeam
This template is useful in presenting cybersecurity plan to higher authority. Cybersecurity officer will present it to top level management. It will help in determining the roles and responsibilities of senior management and executives who are responsible in handling risks. Firm will also optimize its cybersecurity risk framework. Firm will assess the current concerns that are impeding cybersecurity in terms of increase in cybercrimes, data breach and exposure and amount spent on settlements. It will also analyze firm its current cybersecurity framework. Firm will categorize various risk and will assess them on parameters such as risk likelihood and severity. The IT department will also improve their incident handling mechanism. Cybersecurity contingency plan will be initiated by firm. In this plan, firm will build an alternate site for backup maintenance. Backup site selection will be done by keeping certain parameters into consideration such as cost for implementation, duration, location, etc. The other plan essentials include business impact assessment, vital record maintenance, recovery task list maintenance, etc. The template also includes information regarding the role of personnel in terms of role and responsibilities of line managers, senior managers and executives in risk management. It also includes information related to the role of top management in ensuring effective information security governance. The information regarding the budget required for the cybersecurity plan implementation is also provided with staff training cost. https://bit.ly/3iSww5L
Mapping ATT&CK Techniques to ENGAGE ActivitiesMITRE ATT&CK
From ATT&CKcon 3.0
By David Barroso, CounterCraft
When an adversary engages in a specific behavior, they are vulnerable to expose an unintended weakness. By looking at each ATT&CK technique, we can examine the weaknesses revealed and identify an engagement activity or activities to exploit this weakness.
During the presentation we will see some real examples of how we can use different ATT&CK techniques in order to plan different adversary engagement activities.
The Cybersecurity Information Sharing Act (CISA) would spur cyber threat information sharing in smart ways that protect and respect privacy. The bipartisan bill includes compromises from multiple stakeholders.
Sharing of information is what is winning in the world and it is where things are headed. And this holds true for your careers as well. The world values the sharing of information.
In this presentation the concept of cyber-ethics is defined, some case studies are provided, as well as suggestions for how to teach cyber-ethics to students. It concludes with questions for consideration.
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Priyanka Aash
Targeted attacks need targeted Defense
What protocol should we use for CTI information exchange?
How should we describe our indicators of compromise
Structured threat information expression (STIX)
How we can keep information within our defined trust boundaries?
Where to store IOCs?
Threat Intelligence Feeds Lifecycle
How to measure the CTI process?
A short talk about Information Security, mainly focusing on start-ups and entrepreneurs.
Some basics on what Information Security is, how it can impact your business and some tips on how to mitigate against risk.
This slide provide various details regarding Information security. The Database its Advantage, Regarding DBMS, RDBMS, IS Design conderations. Various Cyber crime Techniques. Element of Information i.e Integrity, Availability , Classification of Threats. Information Security Risk Assessment. Four Stages of Risk Management. NIST Definition. Risk Assessment Methodologies. Security Risk Assessment Approach. Risk Mitigation Options. Categories of controls. Technical Controls etc.
A New Security Paradigm for IoT (Internet of Threats)Priyanka Aash
All facets of computing have changed since the 1950s, except the security posture of our systems; nowhere is this more the case than in mobile and IoT. Some of our security foundations are outdated: chief among them “static” security, which assumes the threat landscape is static and predetermined. This session will describe the old static security paradigm and the new one: analytics-driven security.
(Source: RSA USA 2016-San Francisco)
Introduction and a Look at Security TrendsPriyanka Aash
The security industry has significantly changed over the last 25 years, as reflected in the content at RSA Conference. This introductory session will look at some of the major shifts, the economics that are driving the shifts, and the trends that are shaping current and future directions.
(Source: RSA USA 2016-San Francisco)
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
https://www.brighttalk.com/webcast/14723/234829?utm_source=Compliance+Engineering&utm_medium=brighttalk&utm_campaign=234829 :
With cyber attacks on the rise, securing your data is more imperative than ever. In future, organizations will face severe penalties if their data isn’t robustly secured. This will have a far reaching impact for how businesses deal with security in terms of managing their cyber risk.
Join this presentation to learn the cyber security controls prescribed by regulation, how this impacts compliance, and how cyber risk management helps CISOs understand the degree these controls are in place and where to prioritize their cyber dollars and ensure they are not at risk for fines.
Viewers will learn:
- The latest cybercrime trends and targets
- Trends in board involvement in cybersecurity
- How to effectively manage the full range of enterprise risks
- How to protect against ransomware
- Visibility into third party risk
- Data security metrics
Cyber Risk Management in 2017 - Challenges & RecommendationsUlf Mattsson
With cyber attacks on the rise, securing your data is more imperative than ever. In future, organizations will face severe penalties if their data isn’t robustly secured. This will have a far reaching impact for how businesses deal with security in terms of managing their cyber risk.
Join this presentation to learn the cyber security controls prescribed by regulation, how this impacts compliance, and how cyber risk management helps CISOs understand the degree these controls are in place and where to prioritize their cyber dollars and ensure they are not at risk for fines.
Viewers will learn:
- The latest cybercrime trends and targets
- Trends in board involvement in cybersecurity
- How to effectively manage the full range of enterprise risks
- How to protect against ransomware
- Visibility into third party risk
- Data security metrics
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, DohaSyed Peer
“Securing the Critical Infrastructure Networks Effectively” - Is OT the Weakest Link in Securing the Critical Infrastructure?
Cyber Attacks has consistently ranked among the top threats faced by businesses. Cyber Security as a subject that has now reached boardroom agendas. There have been proposals to link Cyber Security to CEO performance and pays. The point only underlines the critical nature and importance of Cyber Security to Businesses.
In an OT environment, the threat is amplified much more because it can have ramifications that impact human lives and their safety.
Who is the next target proactive approaches to data securityUlf Mattsson
The landscape of threats to sensitive data is changing. New technologies bring with them new vulnerabilities, and organizations like Target are failing to react properly to the shifts around them. What's needed is an approach equal to the persistent, advanced attacks companies face every day. The sooner we start adopting the same proactive thinking hackers are using to get at our data, the better we will be able to protect it.
The advent of AI is revolutionizing both the world and cybersecurity, yet significant challenges remain. The Cyber Express has consulted with leading industry experts to uncover insights that will illuminate the AI transformation.
The latest issue of The Cyber Express explores the role of AI in securing digital assets, followed by its benefits and challenges. Stay ahead on this important topic and don’t miss out on valuable insights. https://thecyberexpress.com/
An important part of RSAC 2020 focused on Business-Critical Application Security and we're seeing a transformational shift in technology. The enterprise architecture we used to know is changing. Cloud application development is accelerating and diversifying where many organizations have virtual machines, containers, and now serverless applications running in the cloud, transforming code into infrastructure. Microservices make a lot of sense for scale and development agility, but if everything is talking to everything else via APIs, it’s likely that there are many (and I mean many) application vulnerabilities. Additionally, API security is new, so processes are likely immature, and API security sits somewhere between application developers, DevOps, and cybersecurity, leading to organizational and skills challenges. We will organize this chaos from RSAC and discuss Security in The API Ecosystem.
Security is morphing to a hybrid model for distributed policy enforcement across cloud-based environments. At the same time, organizations want central policy management for the whole environment.
You will learn more about what I found interesting at RSAC:
1. “Emerging Privacy Issues”
2. “The Human Factor”
3. “Cloud Security”
4. “Advancements in Machine Learning”
5. “Security in App Development”
6. “Trends from the Innovation Sandbox”
7. “New Standards and Regulations”
8. “Security for The API Economy”
A new generation of Internet startups is focused on converting malware infections into revenue. Who are these new CEOs, what can we learn from their business models? No longer in the shadows of the dark web, they are businessmen scaling operations and driving revenue. This session will discuss how malware is being monetized as a sustainable business, showing a realistic picture of what we’re up against.
(Source :RSA Conference USA 2017)
The Next Great Challenge for CISOs
I am honored to be recognized! Cybersecurity is truly a team effort at a strategic level, either we all work together or the threats will tear us down piecemeal! Every person, no matter their role, can play an important part in making digital technology trustworthy and keeping the Internet secure, private, and safe.
What i learned at issa international summit 2019Ulf Mattsson
This session will discuss what attendees learned at The ISSA International Summit 2019, held on October 1-2 at in Irving/Dallas, TX.
Learn from one of the presenters at this conference and what cybersecurity professionals got to share and learn from the leaders in the industry.
Over the last 30 years ISSA international has grown into the global community of choice for international cybersecurity professionals. With over 100 domestic and international chapters, members have world wide support with daily cyber threats that are becoming increasingly intricate and difficult to prevent, detect, and re-mediate.
UNCOVER DATA SECURITY BLIND SPOTS IN YOUR CLOUD, BIG DATA & DEVOPS ENVIRONMENTUlf Mattsson
UNCOVER DATA SECURITY BLIND SPOTS IN YOUR CLOUD, BIG DATA & DEVOPS ENVIRONMENT
LEARNING OUTCOMES FROM PRESENTATION:
• Current trends in Cyber attacks
• FFIEC Cyber Assessment Toolkit
• NIST Cybersecurity Framework principles
• Security Metrics
• Oversight of third parties
• How to measure cybersecurity preparedness
• Automated approaches to integrate Security into DevOps
Overview of Hot Technologies that are tearing up the security ecosystem. Cyber security experts now have to ‘Move their Cheese’ and deal with threats created by the Cloud, the Internet of Things, mobile/wireless and wearable technology.
The good, the bad and the ugly of the target data breachUlf Mattsson
The landscape of threats to sensitive data is rapidly changing. New technologies bring with them new vulnerabilities, and organizations like Target are failing to react properly to the shifts around them. What's needed is an approach equal to the persistent, advanced attacks companies face every day. The sooner we start adopting the same proactive thinking hackers are using to get at our data, the better we will be able to protect it.
This webinar will cover:
Data security today, the landscape, etc.
Discuss a few recent studies and changing threat landscape
The Target breach and other recent breaches
The effects of new technologies on breaches
Shifting from reactive to proactive thinking
Preparing for future attacks with new techniques
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
Key Discussion Pointers:
1. Introduction to Data Privacy
- What is data privacy
- Privacy laws around the globe
- DPDPA Journey
2. Understanding the New Indian DPDPA 2023
- Objectives
- Principles of DPDPA
- Applicability
- Rights & Duties of Individuals
- Principals
- Legal implications/penalties
3. A practical approach to DPDPA compliance
- Personal data Inventory
- DPIA
- Risk treatment
It covers popular IaaS/PaaS attack vectors, list them, and map to other relevant projects such as STRIDE & MITRE. Security professionals can better understand what are the common attack vectors that are utilized in attacks, examples for previous events, and where they should focus their controls and security efforts.
Discuss Security Incidents & Business Use Case, Understanding Web 3 Pros
and Web 3 Cons. Prevention mechanism and how to make sure that it doesn’t happen to you?
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
Round Table Discussion On "Emerging New Threats And Top CISO Priorities In 2022"_ Bangalore
Date - 28 September, 2022. Decision Makers of different organizations joined this discussion and spoke on New Threats & Top CISO Priorities
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
Cloud Security Groups are the firewalls of the cloud. They are built-in and provide basic access control functionality as part of the shared responsibility model. However, Cloud Security Groups do not provide the same protection or functionality that enterprises have come to expect with on-premises deployments. In this talk we will discuss the top cloud risks in 2020, why perimeters are a concept of the past and how in the world of no perimitiers do Cloud Security groups, the "Cloud FIrewalls", fit it. We will practically explore Cloud Security Group limitations across different cloud setups from a single vNet to multi-cloud
Most organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems. However, once the policies are signed by senior leadership and distributed throughout the organization, significant cybersecurity governance challenges remain. In this workshop I will explain the transforming organizational security to strengthen defenses and integrate cybersecurity with the overall approach toward security governance, risk management and compliance.
The Internet is home to seemingly infinite amounts of confidential and personal information. As a result of this mass storage of information, the system needs to be constantly updated and enforced to prevent hackers from retrieving such valuable and sensitive data. This increasing number of cyber-attacks has led to an increasing importance of Ethical Hacking. So Ethical hackers' job is to scan vulnerabilities and to find potential threats on a computer or networks. An ethical hacker finds the weakness or loopholes in a computer, web applications or network and reports them to the organization. It requires a thorough knowledge of Networks, web servers, computer viruses, SQL (Structured Query Language), cryptography, penetration testing, Attacks etc. In this session, you will learn all about ethical hacking. You will understand the what ethical hacking, Cyber- attacks, Tools and some hands-on demos. This session will also guide you with the various ethical hacking certifications available today.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
STIX, TAXII, CISA: Impact of the Cybersecurity Information Sharing Act of 2015
1. SESSION ID:
#RSAC
Mark Davidson
STIX, TAXII, CISA:
The impact of the US
Cybersecurity Information
Sharing Act of 2015
AIR-F01
Director of Software Development
Soltra
Bret Jordan CISSP
Director of Security Architecture
Blue Coat Systems
2. #RSAC
Today we will answer
2
What is CISA?
Will CISA improve cyber information sharing?
Does CISA enable spying?
How can we improve threat sharing?
How can STIX and TAXII help?
4. #RSAC
CISA at a glance
4
Started as CISPA in November 2011
Passed in December 2015
Claims to enhance information sharing
Widely criticized for enabling spying
Is not going away any time soon
Lets look at a few headlines to see what do people have said
8. #RSAC
Headlines – cont.
8
CISA: No Safe Harbor
The US legislature has encouraged
American companies to share threat
intelligence with the government by
absolving them of some of the data
privacy liability concerns that stilled
their tongues in the past.
Yet, the federal government can do
nothing to absolve companies of
their duties to European data privacy
regulations.
11. #RSAC
Headlines – cont.
11
Best summary we found
CISA addresses the manner in which the federal government
and non-federal entities may share information about cyber
threats and the defensive measures they may take to combat
those threats.
12. #RSAC
Why do people not like CISA?
12
Spying bill in disguise and a threat to personal privacy
Broad immunity clauses and vague definitions
Aggressive spying authorities
Would not have helped the recent breaches
It allows vast amounts of PII data to be shared with the gov’t
13. #RSAC
Questions we should be asking
13
Why was CISA implemented in the first place?
Can CISA improve operational cyber security?
What are the real privacy issues with CISA?
Does CISA actually enable spying and force companies to share?
What personal information is actually contained in CTI?
Is CISA the magic solution? Or are there other roadblocks?
14. #RSAC
CISA conclusions
14
Helps information sharing a little
Does not solve everything
Will not make organizations instantly safe from cyber attacks
Represents one piece of the cyber security puzzle
Spying claims have not been disproven
Heavy on sensationalism light on action
Does not require organizations to participate or share anything
16. #RSAC
What is information sharing?
16
We believe that everyone gets the general idea
Fundamentally, we need an ecosystem where actionable CTI is
shared automatically across verticals and public / private sectors in
near real-time to address the ever increasing cyber threat landscape
What are the benefits?
17. #RSAC
Why should you share CTI?
17
Gain proactive defense
Reduce your long-term risk
Potentially lower your cyber insurance premiums
Enable herd immunity
Improve your operational understanding of the threats
18. #RSAC
The history of CTI is colorful
18
Over the years the security community and various vendors have
proposed several solution to this problem with mixed levels of
success, those proposed solutions, to name a few, are:
IODEF (2007), CIF (2009), VERIS (2010)
OpenIOC (2011), MILE (2011)
OTX (2012), OpenTPX (2015)
ThreatExchange (2015)
CybOX (2012), STIX (2013), TAXII (2013)
19. #RSAC
The history of CTI is colorful – cont.
19
Despite the competition and various attempts at threat sharing,
STIX, TAXII, and CybOX have quickly gained world-wide support
from an international community of financial services, CERTS,
vendors, governments, industrial control systems, and
enterprise users
20. #RSAC
Threat sharing happens today
20
It is important to note that cyber threat sharing has been going
on for some time, long before CISA
ISACs, ISAOs, eco-systems, opensource, and commercial offerings
The problem is, the way sharing has been done to date
Generally unstructured data
Ad-hoc manual communications such as email / IM / IRC / paper
Some automated tools along with DIY solutions
21. #RSAC
Future of CTI
21
Simplicity and ease of use
To help this, STIX, TAXII, and CybOX are moving to JSON
STIX 2.0 is explicitly graph based
TAXII 2.0 is native web
CTI is working towards plug-n-play interoperability
Real-time communication of indicators and sightings across
products, organizations, and eco-systems
22. #RSAC
The problems STIX solves
22
How to describe the threat?
How to spot the indicator?
Where was this seen?
What exactly were they doing an how?
What are they looking to exploit?
Why were they doing it?
Who is responsible for this threat?
What can I do about it?
23. #RSAC
Anatomy of threat intelligence
23
Cyber Observables
Identifies the specific patterns observed (either static or dynamic)
Examples
An incoming network connection from a particular IP address
Email subject line, MD5 / SHA1 hash of a file
MD5 hash…
Email-Subject: “Follow-up”
24. #RSAC
Anatomy of threat intelligence – cont.
24
Indicators
Identifies contextual information about observables
Examples
Traffic seen from a range of IP addresses it indicates a DDoS attack
File seen with a SHA256 hash it indicates the presence of Poison Ivy
MD5 hash…
Email-Subject: “Follow-up”
Indicator-985
Indicator-9742
25. #RSAC
Anatomy of threat intelligence – cont.
25
Exploit Targets
Identify vulnerabilities or weaknesses that may be targeted and
exploited by the TTP of a Threat Actor
Examples
A particular DB configuration leads to a vulnerability in the product
MD5 hash…
Email-Subject: “Follow-up”
Indicator-985
Indicator-9742Bank Executives
26. #RSAC
Anatomy of threat intelligence – cont.
26
TTPs (Tactics, Techniques, and Procedures)
The behaviors or modus operandi of cyber adversaries (e.g. what
they use, how they do it, and who do they target)
Examples
These particular IP address are used for their C2 infrastructure
MD5 hash…
Email-Subject: “Follow-up”
Indicator-985
Indicator-9742Bank ExecutivesBackdoor
Tool Kit v1
27. #RSAC
Anatomy of threat intelligence – cont.
27
Threat Actors
Identifies the characterizations of malicious actors (or adversaries)
representing a threat, based on previously observed behavior
Examples
Threat Actor is also known as Comment Crew and Shady Rat
MD5 hash…
Email-Subject: “Follow-up”
Indicator-985
Indicator-9742Bank ExecutivesBackdoor
Tool Kit v1
“Bad Guy”
Observed TTP
28. #RSAC
Anatomy of threat intelligence – cont.
28
Campaigns
Is the perceived instances of the Threat Actors pursuing specific
targets
Examples
Particular Threat Actors with ties to organized crime targeting banks
MD5 hash…
Email-Subject: “Follow-up”
Indicator-985
Indicator-9742Bank ExecutivesBackdoor
Tool Kit v1
“Bad Guy”
ObservedTTP
“BankJob23”
Related To
29. #RSAC
Anatomy of threat intelligence – cont.
29
Incidents
These are the specific security events affecting an organization
along with information discovered during the incident response
Examples
A John’s laptop was found on 2/10/16 to be infected with Zeus.
MD5 hash…
Email-Subject: “Follow-up”
Indicator-985
Indicator-9742Bank ExecutivesBackdoor
Tool Kit v1
“Bad Guy”
ObservedTTP
“BankJob23”
Related ToRelated To
CERT-2015-01…
30. #RSAC
Anatomy of threat intelligence – cont.
30
Course of Actions
Enumerate actions to address or mitigate the impact of an Incident
Examples
Block outgoing network traffic to 218.77.79.34
Remove malicious files, registry keys, and reboot the system
MD5 hash…
Email-Subject: “Follow-up”
Indicator-985
Indicator-9742Bank ExecutivesBackdoor
Tool Kit v1
“Bad Guy”
ObservedTTP
“BankJob23”
Related ToRelated To
CERT-2015-01…
Clean Up Process 1
31. #RSAC
Do Indicators contains PII?
31
People typically think NO (hashes, IPs, URLs, Registry Keys, etc)
BUT…
Exfiltrated data can contain PII
Attack data can contain PII
Log data can contain PII
… It can, so be careful !!
33. #RSAC
TAXII
33
TAXII is an open protocol for the communication of cyber threat
information. Focusing on simplicity and scalability, TAXII enables
authenticated and secure communication of cyber threat
information across products and organizations.
TAXII 2.0 is a REST based JSON solution over HTTPS
This should make things easier for developers to implement and
vendors to incorporate
34. #RSAC
What will TAXII do for us?
34
Enables the good citizen philosophy of “see something, say
something”
Enables plug and play interoperability
Enables two fundamental ways of communicating threat
intelligence
Lets look at these…
37. #RSAC
TAXII scenario
37
The following workflow / scenario encompasses 4 common use
cases for TAXII based channels
Internal to internal device communication
Analyst to analyst communication inside of the network
Organization to organization CTI / indicator publishing
Analyst to external analyst work group (circle of interest/trust)
sharing
46. #RSAC
Conclusions
46
If we missed a key interaction, please come see us after this talk
This scenario illustrates 4 interesting ways TAXII 2.0 channels could be
used by an organization to improve their cyber defenses
TAXII will enable organizations to communicate threat intelligence in
automated ways by using both traditional request / response and
channel based publish / subscribe
STIX offers a rich ontology for descripting and documenting cyber
intelligence
48. #RSAC
Roadblocks to success
48
Divergent processes
Your legal team
Privacy concerns
Inadequate technology
Information handling issues
Threat sharing solution space NOT YET SOLVED!
49. #RSAC
Divergent processes
49
Nascent sharing ecosystems
Everyone is talking about it, but few are doing it
Hard to get started due to different maturity levels
Lack of robust products and solutions
Trusting, vetting and deploying CTI
People think about sharing the wrong way
It is not symmetric (e.g., Indicator for Indicator)
It is more than just lists of IPs, URLs, and file hashes
50. #RSAC
Your legal team
50
Your general council will try to say NO!
Blind to the benefits of using or sharing CTI
Competition at the C-Level vs cooperation at the cyber level
What protections are in place
IPR / PII / Reputation concerns
Liability (this is where CISA could help)
Withholding disclosure until research is done
51. #RSAC
Privacy concerns
51
What privacy information is included in the data
Who has access to the raw data
What will this mean for safe harbor
What happens if you send it by accident?
How can you stay in compliance and anonymize the data
Who will be responsible for scrubbing the data?
Can you trust that?
52. #RSAC
Inadequate technology
52
Lack of interoperable commercial solutions
“Last mile” integration with network devices still forthcoming
Maturing standards, so many to choose from
Data Quality
Not all CTI is created equal
In fact, not all CTI will be valid for your organization
53. #RSAC
Information handling issues
53
Over sharing creates noise especially with duplicated data while
under-sharing reduces effectiveness
Struggle with protecting the innocent and getting enough
information to catch the bad guys
Complex sharing policies might not be honored
What happens if the bad guys get access to the data or worse,
poison the data
54. #RSAC
Successful sharing groups have had
54
High levels of maturity
Similar processes and procedures
Shared context within their eco-system
Legal teams that understand the benefits and risk of CTI
Pre-defined PII policies
Understand how to use technology to meet their needs
56. #RSAC
Conclusions
56
Threat sharing is moving to a better place
CISA
Will probably not impact your day job
Might improve CTI sharing by removing some legal obstacles
Will help STIX and TAXII as DHS implements CISA using STIX/TAXII
Like all things has the potential of being misused
57. #RSAC
Apply what you learned today
57
Next week you should
Visit the stixproject.github.io and get involved
Get ahead of the curve: Establish positive and educational
relationships with legal and the C-suite and do this BEFORE you need
something form them
Learn the basics of STIX: Observables, Indicators, and TTPs
Identify key stakeholders in your organization that can help you
build a CTI sharing program
58. #RSAC
Apply what you learned today – cont.
58
In the first three months following this presentation you should
Identify LOCAL companies to cooperate with
Meeting in person == good!
Work with Legal/C-suite to gain approval to cooperate and share CTI
Identify how STIX/TAXII can help you get better at info sharing
Identify integration gaps and start hammering on your vendors
Don’t underestimate the value of “when we make our next
purchasing decision for $category; we are really looking for $feature”
59. #RSAC
Apply what you learned today – cont.
59
Within six months you should
Integrate threat intelligence in to your security playbook
Require STIX and TAXII compliance on all RFIs and RFPs
Be meeting regularly with peers from local companies
Deploy a CTI sharing strategy within that ecosystem
Think outside the box! “trade indicators for sightings”
60. SESSION ID:
#RSAC
Mark Davidson
STIX, TAXII, CISA:
The impact of the US
Cybersecurity Information
Sharing Act of 2015
AIR-F01
Director of Software Development
Soltra
Bret Jordan CISSP
Director of Security Architecture
Blue Coat Systems