Companies are struggling to deal with the unstoppable growth of cyber-attacks as hackers get faster, sneakier and more creative. The bad news is - no company is immune, no matter how big or small you are. Without a proper understanding of zero-day threats, companies have no way of exposing the gaps of overhyped security solutions.
Zero-day exploit leaves NO opportunity for detection. This presentation will highlight critical insights combating zero-day threats.
An in-depth look at:
1. Disruptive Technology and its impact on organizations.
2. Need for a Security Operations Center (SOC) for the 21st century businesses
3. Designing and operating an effective SOC - what it takes to run a successful SOC starting from how we should prepare our minds in terms of approach to the actual implementation and operation.
4. Qualities any SOC Analyst should possess
5. Measuring the success of a SOC - We discuss critical factors to consider when determining the success of a SOC.
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
Cyber Security Awareness Session conducted by Lightracers Consulting, for Management and non-IT employees. In this learning presentation, we will look at - What is Cyber Crime, Types of Cyber crime, What is Cyber Security, Types of Threats, Social Engineering techniques, Identifying legitimate and secure websites, Protection measures, Cyber Law in India followed by a small quiz.
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
Threat Modeling as a structured activity for identifying and managing the objects (such as application) threats.
Threat Modeling – also called Architectural Risk Analysis is an essential step in the development of your application.
Without it, your protection is a shot in the dark
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
An in-depth look at:
1. Disruptive Technology and its impact on organizations.
2. Need for a Security Operations Center (SOC) for the 21st century businesses
3. Designing and operating an effective SOC - what it takes to run a successful SOC starting from how we should prepare our minds in terms of approach to the actual implementation and operation.
4. Qualities any SOC Analyst should possess
5. Measuring the success of a SOC - We discuss critical factors to consider when determining the success of a SOC.
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
Cyber Security Awareness Session conducted by Lightracers Consulting, for Management and non-IT employees. In this learning presentation, we will look at - What is Cyber Crime, Types of Cyber crime, What is Cyber Security, Types of Threats, Social Engineering techniques, Identifying legitimate and secure websites, Protection measures, Cyber Law in India followed by a small quiz.
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
Threat Modeling as a structured activity for identifying and managing the objects (such as application) threats.
Threat Modeling – also called Architectural Risk Analysis is an essential step in the development of your application.
Without it, your protection is a shot in the dark
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
Penetration testing reporting and methodologyRashad Aliyev
This paper covering information about Penetration testing methodology, standards reporting formats and comparing reports. Explained problem of Cyber Security experts when they making penetration tests. How they doing current presentations.
We will focus our work in penetration testing methodology reporting form and detailed information how to compare result and related work information.
Security Operations Center (SOC) Essentials for the SMEAlienVault
Closing the gaps in security controls, systems, people and processes is not an easy feat, particularly for IT practitioners in smaller organizations with limited budgets and few (if any) dedicated security staff. So, what are the essential security capabilities needed to establish a security operations center and start closing those gaps?
Join Javvad Malik of 451 Research and Patrick Bedwell, VP of Product Marketing at AlienVault for this session covering:
*Developments in the threat landscape driving a shift from preventative to detective controls
*Essential security controls needed to defend against modern threats
*Fundamentals for evaluating a security approach that will work for you, not against you
*How a unified approach to security visibility can help you get from install to insight more quickly
Zero Trust, Zero Trust Network, or Zero Trust Architecture refer to security concepts and threat model that no longer assumes that actors, systems or services operating from within the security perimeter should be automatically trusted, and instead must verify anything and everything trying to connect to its systems before granting access.
How To Present Cyber Security To Senior Management Complete DeckSlideTeam
This template is useful in presenting cybersecurity plan to higher authority. Cybersecurity officer will present it to top level management. It will help in determining the roles and responsibilities of senior management and executives who are responsible in handling risks. Firm will also optimize its cybersecurity risk framework. Firm will assess the current concerns that are impeding cybersecurity in terms of increase in cybercrimes, data breach and exposure and amount spent on settlements. It will also analyze firm its current cybersecurity framework. Firm will categorize various risk and will assess them on parameters such as risk likelihood and severity. The IT department will also improve their incident handling mechanism. Cybersecurity contingency plan will be initiated by firm. In this plan, firm will build an alternate site for backup maintenance. Backup site selection will be done by keeping certain parameters into consideration such as cost for implementation, duration, location, etc. The other plan essentials include business impact assessment, vital record maintenance, recovery task list maintenance, etc. The template also includes information regarding the role of personnel in terms of role and responsibilities of line managers, senior managers and executives in risk management. It also includes information related to the role of top management in ensuring effective information security governance. The information regarding the budget required for the cybersecurity plan implementation is also provided with staff training cost. https://bit.ly/3iSww5L
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Frameworks" will help you understand why and how the organizations are using the cybersecurity framework to Identify, Protect and Recover from cyber attacks.
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
This webinar describes how you can manage the risk of privileged accounts being compromised, creating a breach of sensitive data or other assets in your organization, through privileged access management, or PAM. PAM can reduce risks by hardening your environment in ways no other solution can, but is challenging to deploy. This webinar provides an unbiased perspective on PAM capabilities, lessons learned and deployment challenges, distilling the good practices you need to be successful. It covers:
- PAM definitions, core features and specific security and compliance drivers
- The PAM market landscape and major vendors
- How to integrate PAM with identity management, service ticketing and monitoring
- Avoiding availability and performance issues
These are slides from local security chapters meetup, Here I tried to explain the challenges in appsec and complete framework for different life cycle of secure software development cycle
Risk Analysis Of Banking Malware AttacksMarco Morana
Analysis of How Banking Malware Like Zeus Exploit Weakenesses In On-Line Banking Applications and Security Controls. This prezo is a walkthrough the attack scenarion, the attack vectors, the vulnerability exploits and the techniques to model the threats so that countermeasures can be identified
In today’s business environment, organizations have a responsibility to their employees, clients, and customers to ensure the confidentiality, integrity and availability of the critical data that is entrusted to them. Every network is vulnerable to some form of attack. However it is not enough to simply confirm that a technical vulnerability exists and implement countermeasures; it is critical to repeatedly verify that the countermeasures are in place and working properly throughout the secured network. During this webinar, David Hammarberg, Principal, IT Director, and leader of McKonly & Asbury’s Cybersecurity Practice will be joined by Partner, Michael Hoffner and they will lead a discussion on a Cybersecurity Risk Management Program including what it is and how it can prepare your organization for the future.
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
The broad list of topics include (but not limited to):
- What is Threat Intelligence?
- Type of Threat Intelligence?
- Intelligence Lifecycle
- Threat Intelligence - Classification & Vendor Landscape
- Threat Intelligence Standards (STIX, TAXII, etc.)
- Open Source Threat Intel Tools
- Incident Response
- Role of Threat Intel in Incident Response
- Bonus Agenda
Being aware of the trends that are expected to shape the digital landscape is an important step in ensuring the security of your data and online assets.
Amongst others, the webinar covers:
• Top Cyber Trends for 2023
• Cyber Insurance
• Prioritization of Cyber Risk
Presenters:
Colleen Lennox
Colleen Lennox is the Founder of Cyber Job Central, a newly formed job board dedicated to Cybersecurity job openings. Colleen has 25+ years in Technical Recruiting and loves to help other find their next great job!
Madhu Maganti
Madhu is a goal-oriented cybersecurity/IT advisory leader with more than 20 years of comprehensive experience leading high-performance teams with a proven track record of continuous improvement toward objectives. He is highly knowledgeable in both technical and business principles and processes.
Madhu specializes in cybersecurity risk assessments, enterprise risk management, regulatory compliance, Sarbanes-Oxley (SOX) compliance and system and organization controls (SOC) reporting.
Date: January 25, 2023
Tags: ISO, ISO/IEC 27032, Cybersecurity Management
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27032
https://pecb.com/article/cybersecurity-risk-assessment
https://pecb.com/article/a-deeper-understanding-of-cybersecurity
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/BAAl_PI9uRc
Extended Detection and Response (XDR)An Overhyped Product Category With Ulti...Raffael Marty
Extended Detection and Response, or XDR for short, is one of the acronyms that are increasingly used by cybersecurity vendors to explain their approach to solving the cyber security problem. We have been spending trillions of dollars on approaches to secure our systems and data, with what success? Cybersecurity is still one of the biggest and most challenging areas that companies, small and large, are dealing with. XDR is another approach driven by security vendors to solve this problem. The challenge is that every vendor defines XDR slightly differently and makes it fit their own “challenge du jour” for marketing and selling their products.
In this presentation we will demystify the XDR acronym and put a working model behind it. Together, we will explore why XDR is a fabulous concept, but also discover that it’s nothing revolutionarily new. With an MSP lens, we will explore what the XDR benefits are for small and medium businesses and what it means to the security strategy of both MSPs and their clients. The audience will leave with a clear understanding of what XDR is, how the technology matters to them, and how XDR will ultimately help them secure their customers and enable trusted commerce.
Adopting A Zero-Trust Model. Google Did It, Can You?Zscaler
Based on 6 years of creating zero trust networks at Google, the BeyondCorp framework has led to the popularization of a new network security model within enterprises, called the software-defined perimeter.
Ransomware webinar may 2016 final version externalZscaler
In the last few years, ransomware has taken the cybercrime world by storm. CryptoWall 3.0, one of the most lucrative and broad-reaching ransomware campaigns, was alone responsible for 406,887 infection attempts and accounted for about $325 million in damages in 2015.1 And, according to the Institute for Critical Infrastructure Technology, ransomware promises to wreak more havoc in 2016.
While individual users were once the preferred target of ransomware, perpetrators have increasingly set their sights on businesses and organizations. And you can bet that with larger targets, the ransom demands will increase accordingly.
Are you prepared for such an attack?
In this presentaiton we will highlight how ransomware can impact your business and why legacy security solutions don’t stand a chance against such threats.
Penetration testing reporting and methodologyRashad Aliyev
This paper covering information about Penetration testing methodology, standards reporting formats and comparing reports. Explained problem of Cyber Security experts when they making penetration tests. How they doing current presentations.
We will focus our work in penetration testing methodology reporting form and detailed information how to compare result and related work information.
Security Operations Center (SOC) Essentials for the SMEAlienVault
Closing the gaps in security controls, systems, people and processes is not an easy feat, particularly for IT practitioners in smaller organizations with limited budgets and few (if any) dedicated security staff. So, what are the essential security capabilities needed to establish a security operations center and start closing those gaps?
Join Javvad Malik of 451 Research and Patrick Bedwell, VP of Product Marketing at AlienVault for this session covering:
*Developments in the threat landscape driving a shift from preventative to detective controls
*Essential security controls needed to defend against modern threats
*Fundamentals for evaluating a security approach that will work for you, not against you
*How a unified approach to security visibility can help you get from install to insight more quickly
Zero Trust, Zero Trust Network, or Zero Trust Architecture refer to security concepts and threat model that no longer assumes that actors, systems or services operating from within the security perimeter should be automatically trusted, and instead must verify anything and everything trying to connect to its systems before granting access.
How To Present Cyber Security To Senior Management Complete DeckSlideTeam
This template is useful in presenting cybersecurity plan to higher authority. Cybersecurity officer will present it to top level management. It will help in determining the roles and responsibilities of senior management and executives who are responsible in handling risks. Firm will also optimize its cybersecurity risk framework. Firm will assess the current concerns that are impeding cybersecurity in terms of increase in cybercrimes, data breach and exposure and amount spent on settlements. It will also analyze firm its current cybersecurity framework. Firm will categorize various risk and will assess them on parameters such as risk likelihood and severity. The IT department will also improve their incident handling mechanism. Cybersecurity contingency plan will be initiated by firm. In this plan, firm will build an alternate site for backup maintenance. Backup site selection will be done by keeping certain parameters into consideration such as cost for implementation, duration, location, etc. The other plan essentials include business impact assessment, vital record maintenance, recovery task list maintenance, etc. The template also includes information regarding the role of personnel in terms of role and responsibilities of line managers, senior managers and executives in risk management. It also includes information related to the role of top management in ensuring effective information security governance. The information regarding the budget required for the cybersecurity plan implementation is also provided with staff training cost. https://bit.ly/3iSww5L
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Frameworks" will help you understand why and how the organizations are using the cybersecurity framework to Identify, Protect and Recover from cyber attacks.
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
This webinar describes how you can manage the risk of privileged accounts being compromised, creating a breach of sensitive data or other assets in your organization, through privileged access management, or PAM. PAM can reduce risks by hardening your environment in ways no other solution can, but is challenging to deploy. This webinar provides an unbiased perspective on PAM capabilities, lessons learned and deployment challenges, distilling the good practices you need to be successful. It covers:
- PAM definitions, core features and specific security and compliance drivers
- The PAM market landscape and major vendors
- How to integrate PAM with identity management, service ticketing and monitoring
- Avoiding availability and performance issues
These are slides from local security chapters meetup, Here I tried to explain the challenges in appsec and complete framework for different life cycle of secure software development cycle
Risk Analysis Of Banking Malware AttacksMarco Morana
Analysis of How Banking Malware Like Zeus Exploit Weakenesses In On-Line Banking Applications and Security Controls. This prezo is a walkthrough the attack scenarion, the attack vectors, the vulnerability exploits and the techniques to model the threats so that countermeasures can be identified
In today’s business environment, organizations have a responsibility to their employees, clients, and customers to ensure the confidentiality, integrity and availability of the critical data that is entrusted to them. Every network is vulnerable to some form of attack. However it is not enough to simply confirm that a technical vulnerability exists and implement countermeasures; it is critical to repeatedly verify that the countermeasures are in place and working properly throughout the secured network. During this webinar, David Hammarberg, Principal, IT Director, and leader of McKonly & Asbury’s Cybersecurity Practice will be joined by Partner, Michael Hoffner and they will lead a discussion on a Cybersecurity Risk Management Program including what it is and how it can prepare your organization for the future.
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
The broad list of topics include (but not limited to):
- What is Threat Intelligence?
- Type of Threat Intelligence?
- Intelligence Lifecycle
- Threat Intelligence - Classification & Vendor Landscape
- Threat Intelligence Standards (STIX, TAXII, etc.)
- Open Source Threat Intel Tools
- Incident Response
- Role of Threat Intel in Incident Response
- Bonus Agenda
Being aware of the trends that are expected to shape the digital landscape is an important step in ensuring the security of your data and online assets.
Amongst others, the webinar covers:
• Top Cyber Trends for 2023
• Cyber Insurance
• Prioritization of Cyber Risk
Presenters:
Colleen Lennox
Colleen Lennox is the Founder of Cyber Job Central, a newly formed job board dedicated to Cybersecurity job openings. Colleen has 25+ years in Technical Recruiting and loves to help other find their next great job!
Madhu Maganti
Madhu is a goal-oriented cybersecurity/IT advisory leader with more than 20 years of comprehensive experience leading high-performance teams with a proven track record of continuous improvement toward objectives. He is highly knowledgeable in both technical and business principles and processes.
Madhu specializes in cybersecurity risk assessments, enterprise risk management, regulatory compliance, Sarbanes-Oxley (SOX) compliance and system and organization controls (SOC) reporting.
Date: January 25, 2023
Tags: ISO, ISO/IEC 27032, Cybersecurity Management
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27032
https://pecb.com/article/cybersecurity-risk-assessment
https://pecb.com/article/a-deeper-understanding-of-cybersecurity
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/BAAl_PI9uRc
Extended Detection and Response (XDR)An Overhyped Product Category With Ulti...Raffael Marty
Extended Detection and Response, or XDR for short, is one of the acronyms that are increasingly used by cybersecurity vendors to explain their approach to solving the cyber security problem. We have been spending trillions of dollars on approaches to secure our systems and data, with what success? Cybersecurity is still one of the biggest and most challenging areas that companies, small and large, are dealing with. XDR is another approach driven by security vendors to solve this problem. The challenge is that every vendor defines XDR slightly differently and makes it fit their own “challenge du jour” for marketing and selling their products.
In this presentation we will demystify the XDR acronym and put a working model behind it. Together, we will explore why XDR is a fabulous concept, but also discover that it’s nothing revolutionarily new. With an MSP lens, we will explore what the XDR benefits are for small and medium businesses and what it means to the security strategy of both MSPs and their clients. The audience will leave with a clear understanding of what XDR is, how the technology matters to them, and how XDR will ultimately help them secure their customers and enable trusted commerce.
Adopting A Zero-Trust Model. Google Did It, Can You?Zscaler
Based on 6 years of creating zero trust networks at Google, the BeyondCorp framework has led to the popularization of a new network security model within enterprises, called the software-defined perimeter.
Ransomware webinar may 2016 final version externalZscaler
In the last few years, ransomware has taken the cybercrime world by storm. CryptoWall 3.0, one of the most lucrative and broad-reaching ransomware campaigns, was alone responsible for 406,887 infection attempts and accounted for about $325 million in damages in 2015.1 And, according to the Institute for Critical Infrastructure Technology, ransomware promises to wreak more havoc in 2016.
While individual users were once the preferred target of ransomware, perpetrators have increasingly set their sights on businesses and organizations. And you can bet that with larger targets, the ransom demands will increase accordingly.
Are you prepared for such an attack?
In this presentaiton we will highlight how ransomware can impact your business and why legacy security solutions don’t stand a chance against such threats.
DDOs Attacks (Distributed Denial of Service
Attacks
DoS Basics
What is Internet?
What resources you access through Internet?
Who uses those resources?
Good vs Bad Users
Denial-of-Service attack
-DoS attack is a malicious attempt by a single person or a group of people to cause the victim, site, or node to deny service to its customers.
-What is (DoS)Attack
An attack that attempts to stop or prevent a legitimate user from accessing a service or system. The attacker will either directly attack the users network or system or the system or service that the users are attempting to access.
-Distributed denial of service attack (DDoS)
This type of attack is distributed among many different systems making it more powerful and harder to shutdown
A zero-day (also known as zero-hour or 0-day) vulnerability is an undisclosed computer-software vulnerability that hackers can exploit to adversely affect computer programs, data, additional computers or a network
As soluções da NetWitness capturam todos os dados que circulam na rede e os contextualizam, filtrando o que pode ser crítico ou não. O usuario pode ver quem está indo aonde e vendo o quê.
Deep Learning based Threat / Intrusion detection systemAffine Analytics
The article is about a Threat/Intrusion Detection System, which could be used to detect such data leaks/breaches & take a preventive action to contain, if not stop the damage due to breach.
This presentation was delivered at the HTCIA Conference by Ondrej Krehel of LIFARS, LLC.
It takes a look at the increasingly more problematic issue of cyberespionage, especially in the financial sector.
Learn what cyber security means for your law firm, your employees, and your bottom line. This presentation will provide a snapshot of the IT Security threats facing law firms today, as well as the knowledge and tools you can use to prevent them.
2014 GRC Conference in West Palm Beach-Moderated by Sonia LunaAviva Spectrum™
Slides from the 2014 GRC Conference Presented by:
Jeff Spivey, CRISC, CPP
Vice President of Strategy, RiskIQ, Inc.
President, Security Risk Management, Inc
Adair Barton, CPA, CISA
Vice President of Internal Audit
Dycom Industries, Inc.
and
David A. Less, CISA, CISM
CIO & SVP
Sunteck, Inc.
Topic #17 IT Security ITSecurityIncidentsA.docxjuliennehar
Topic #17
IT Security
IT Security Incidents: A Worsening Problem
Security of informa:on technology is cri:cal
§ protect confiden+al business data, including customer and
employee data
§ protect against malicious acts of the5 or disrup6on
Security concerns must be balanced against other business needs
(ethical decision regarding IT security):
§ Pursue prosecu6on at all costs or maintain low profile : to avoid
nega6ve publicity!!
§ how much effort and money should be devoted to security?
§ if firm produces SW with security flaws, what ac6ons should it
take?
§ what if security safeguards make life more difficult for
customers and employees: will it result in lost sales and
increased costs?
2
Number of IT Security Incidents Are Increasing
Computer Emergency Response Team Coordina6on Center
(CERT/CC)
§ Established in 1988 at the So5ware Engineering Ins6tute (SEI)
§ SEI: federally funded R&D center at CMU
§ Charged with
§ coordina6ng communica6on among experts during
computer security emergencies
§ helping to prevent future incidents
§ study Internet security vulnerabili6es
§ publish security alerts
§ develop informa6on and training for organiza6ons
3
Increasing Complexity Increases Vulnerability
Compu6ng environment is enormously complex
Con6nues to increase in complexity:
§ networks, computers, OSes
§ apps, Web sites
§ switches, routers, gateways
§ all interconnected and driven by 100s of millions of LoC
(Lines of Code).
Number of possible entry points to a network expands
con6nuously as more devices added,
§ This increases possibility of security breaches
4
Increased Reliance on Commercial SoDware with
Known Vulnerabili:es
Exploit: An a\ack on an informa6on system that takes advantage of a
par6cular system vulnerability. Typically due to poor system design or
implementa6on SW developers quickly create and issue patch:
§ a “fix” to eliminate the problem
§ users are responsible for obtaining and installing patches
-which they can download from the Web
§ delays in installing patches expose users to security breaches
Zero-day aIack: Takes place before a vulnerability is discovered or fixed
U.S. companies rely on commercial so5ware with known vulnerabili6es.
IT orgs con6nue to use installed So5ware “as is” (e.g. IE, RealPlayer, JRE)
§ Since security fixes could make SW harder to use or eliminate
“nice to have features.”
5
Number of Vulnerabili:es Reported to CERT/CC
6
Rate of
discovering
So5ware
vulnerabili6es
Exceeds 10/day
AIack of the Giant Worm
• On November 2, 1988, a worm began to thread its way
through the Internet. Once installed, it mul6plied, clogging
available space, un6l computers ground to a halt. The worm
exploited UNIX holes in sendmail and fingerd. Around 2500
computers were infected.
Within 12 hours, the Computer Systems Research Group at
Berkeley developed ...
Palestra do evento "Cybersecurity: a nova era em resposta a incidentes e auditoria de dados"
Sam Maccherola - VP and General Manager Public Sector Guidance Software Inc.
Brasília, 04 de agosto de 2010
Asegurarme de la Seguridad?, Un Vistazo al Penetration TestingSoftware Guru
Sesión presentada en SG Virtual 11a. edición.
Por: Gilberto Sánchez.
En esta charla veremos ¿qué es el Penetration Testing?, ¿Porque hacerlo?, los tipos de Pen testing que existen, además veremos el pre-ataque, ataque y el post-ataque así como los estándares que existen en la actualidad..
You have spent a ton of money on your security infrastructure. But how do you string all those things together so you can achieve your goals of reducing time to response, detecting, preventing threats. And most importantly, having your security team serve your business and mission. Learn how to organize your security resources to get the best benefit. See a live demonstration of operationalizing those resources so your security teams can do more for your organization.
With the majority of everyday work handled over the internet, it no longer makes sense to backhaul traffic to centralized data centers—the MPLS costs are too high and the bandwidth too scarce. You need a new approach to networking and security.
It’s 2019 and your users are working from anywhere but the office, enterprise applications have migrated to the cloud or hybrid environment, and VPN is no longer the answer to private application access in this new world of user-to-app connectivity.
As security professionals, how can we be sure that we’re ready for 2019? After the last few years, when our practices and conventions have been tested again and again, it’s a little daunting to consider what may face us in the year ahead. Will attackers set their sights on cloud apps? Will hackers join forces with organized crime? Will governments look to the private sector to deal with the skills gap? What will happen to cybersecurity budgets? Join us to get answers to these questions and more.
Three ways-zero-trust-security-redefines-partner-access-chZscaler
One of the toughest IT challenges has been figuring out how to allow users to bring their own devices to work while maintaining the security of internal apps. It becomes even more complicated when a good chunk of users are partners, contractors, and other third parties—those who present a disproportionately high security risk.
IT teams have begun to leverage a zero trust security strategy that enables third parties and users on unmanaged devices to securely access internal apps. But can such access be accomplished without placing users on the network and without a mobile client?
With over 10,000 users and 900 locations across 22 countries, Kelly Services exemplifies the diversified multinational organization. But as Kelly Services looked to standardize on Office 365, it became apparent that full application support across the Office 365 suite would require a complete network transformation, from a legacy hub-and-spoke network to a modern direct-to-cloud architecture.
Join this session to hear first-hand how Kelly Services was able to drive down MPLS and networking costs, deliver a fast Office 365 application experience to users around the globe, and fundamentally transform its network infrastructure.
According to Harvard Business Review, there have been more than 50,000 mergers, acquisitions, and divestitures worldwide in each of the past three years, and 2018 shows no signs of abating. While each M&A is unique, for IT, they all tell a similar, excruciating story: IT scrambles to figure out the fastest way to keep services running in order to minimize disruption and maximize ROI for the business.
Get an office 365 expereience your users will love v8.1Zscaler
Whether you’re looking to deploy Office 365 on your network, or you’ve already begun the migration, there’s one measurement of success that is paramount: user experience. With multiple apps and services, including latency-sensitive applications like Skype, it’s critical to optimize your network for the fastest O365 experience. Microsoft recommends accessing Office 365 directly via the internet, but many companies don’t have the proper network setup. It’s no surprise, then, that Office 365 deployments frequently don’t go as planned.
Three ways-zero-trust-security-redefines-partner-access-v8Zscaler
One of the toughest IT challenges has been figuring out how to allow users to bring their own devices to work while maintaining the security of internal apps. It becomes even more complicated when a good chunk of users are partners, contractors, and other third parties—those who present a disproportionately high security risk.
Schneider electric powers security transformation with one simple app copyZscaler
When Schneider Electric decided to undergo a digital transformation initiative, they knew their approach to security would also need to transform. As their apps moved to the cloud and their users left the network, the Schneider team needed a way to deliver consistent security controls across a globally dispersed workforce of 140,000 users.
Three Key Steps for Moving Your Branches to the CloudZscaler
Is backhauling traffic the most efficient way to route traffic when your workloads move to the cloud? The migration of applications from the data center to the cloud calls for a new approach to networking and security. But, keeping up with application demands and user expectations can be a struggle. Explore the challenges and benefits of establishing secure local breakouts from someone who has done it.
The era of cloud and mobility has changed the way we work and transformed the internet into the transport network for most enterprises. Even so, many continue to rely on security technologies designed for the old world, when users and data were on the network and applications were housed in the data center.
ESG believes that the challenge of using legacy security methods in the cloud era will be a key catalysts for the adoption of a new user- and application-centric approach known as zero trust security. The zero trust model is enabled by the software-defined perimeter (SDP), delivering secure anywhere access to internal applications without the use of VPN technology.
Today’s threat landscape has triggered an explosion of new security solutions all promising to identify threats and reduce risk. Yet, with all these new approaches, breaches continue to rise as organizations struggle to use their security controls effectively and quickly respond to threats.
Moving from appliances to cloud security with phoenix children's hospitalZscaler
Applying consistent and robust security controls across your remote workforce hasn’t gotten any easier. The complexity brought about by mobile devices, cloud apps, untrusted networks, and more are compounded by the inspection demands of SSL traffic and the performance limitations of security appliances
Ready to deploy Office 365? If you think it’s going to be easy enough, you may want to think again. Microsoft Office 365 was designed to be accessed directly via the internet, and most companies simply don’t have the appropriate network setup.
Faster, simpler, more secure remote access to apps in awsZscaler
Although 60% of enterprises now run apps on AWS, the user experience for remote users is typically slow as most traffic is still tunneled through their data center breaking the cloud experience.
Moving the crown jewels to the cloud requires a trusted cloud provider. This is why almost 40% of enterprises choose to run internal applications on Azure, which was designed to deliver more choice, scalability, and speed. However, this also extends the security perimeter to the Internet - rendering network-centric security methods obsolete.
Ready to deploy Office 365? If you think it’s going to be easy enough, you may want to think again. Microsoft Office 365 was designed to be accessed directly via the internet, and most companies simply don’t have the appropriate network setup. It’s no surprise, then, that deploying Office 365 without proper guidance can delay deployments and cause a terrible user experience
According to Google, almost 80 percent of websites loaded in Chrome are over HTTPS, and Zscaler ThreatLabZ research shows that more than 50 percent of malware now hides in SSL/TLS-encrypted traffic. The problem is that many organizations don’t have the budget to fully inspect encrypted traffic, so SSL becomes a blindspot and IT is faced with a major compromise. Meanwhile, hackers are getting more and more creative in how they deliver malware in SSL/TLS, which creates new inspection challenges.
Adopting an SD-WAN solution is the best option that network organizations have to respond to a range of requirements such as lowering cost, increasing availability and providing high quality user experiences. However, network organizations are also under pressure to deliver best-of-breed security and in virtually all instances, adopting an SD-WAN solution results in implementing Direct Internet Access (DIA) which is challenging to secure using security appliances.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
2. Defining the “zero-day” (software) threat
The term “zero-day” refers to the number of days that the
software vendor has known about the hole - ZERO.
A security hole in software that
is not yet known to the
software maker or to
Information Security vendors
NO PATCH – NO SIGNATURE
Code that attackers use to take
advantage of a zero-day
vulnerability to compromise a
system for their benefit
DROP - CONTROL - DISABLE
Zero-day vulnerability Zero-day exploit
3. Zero-Day Vulnerability Lifecycle
Lifecycle of a zero-day vulnerability
New vulnerability
discovered “in the wild”
Someone informs the vendor
about the vulnerability
You install patches
and update
signatures
Public is aware of the riskPublic unaware of risk
You are safe…You are vulnerable…
Patch Gap
Most Vulnerable
Vendor releases security
patches to the public,
CVE posted
4. Kill chain analysis of an advanced threat
1
Reconnaissance
Harvesting email and IP addresses,
Surveying defenses
2
Weaponization
Coupling exploit with attack
Infrastructure - deliverable payload
3
Delivery
Delivering weaponized bundle
to the victim via email, web
– drive-by-download
5
Installation
Installing malware on the asset
6
Command & Control (C2)
Command channel for remote
manipulation of victim’s system
or additional malware downloads
7
Action on Objectives
Lateral movement, data
exfiltration, disruption, etc.
4
Exploitation
Exploiting a vulnerability to
execute code on victim’s system
• Zero-day vulnerabilities
• Unpatched vulnerabilities
5. Example of a zero-day vulnerability
‣ Acrobat Reader - CVE-2014-0512 : Adobe Reader 11.0.06 allows attackers to bypass a PDF sandbox protection
mechanism via unspecified vectors
‣ Internet Explorer 9 through 11 Exploit - CVE-2016-0072 Microsoft Internet Explorer 9 through 11 allows
remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web
site, aka "Internet Explorer Memory Corruption Vulnerability,”
‣ Microsoft Server Service Vulnerability - allowed remote code execution if an affected system received a
specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an
attacker could exploit this vulnerability without authentication to run arbitrary code
‣ Wordpress Cross-Site Scripting Vulnerability - allows attackers to execute arbitrary code or cause a denial of
service (memory corruption)
‣ Operation Snowman Exploit - targets IE 10 with Adobe Flash, the vulnerability allows the attacker to modify
one byte of memory at an arbitrary address
‣ Microsoft Office - CVE-2016-0052: allow remote attackers to execute arbitrary code via a crafted Office
document, aka "Microsoft Office Memory Corruption Vulnerability,"
6. Sophisticated breaches can go undetected for a long time
Data breaches tend to continue for
months and even years
18 Days
106 Days
180 Days
246 Days
266 Days
7. US Office of Personnel Management (OPM) Data Breach - Timeline
2014 2015Jul Aug Sep Oct Nov Dec Jan
Initial OPM breach
OPM investigates a breach of its computer networks dating back to July
2014. Authorities trace the intrusion to China.
Inspector General Report
A report by OPM’s Office of the Inspector General on the agency’s
compliance with Federal Information Security Management Act
finds “significant” deficiencies in the department’s IT security.
KeyPoint
Initial Detection
Feb Mar Apr May Jun
KeyPoint, a company that took over background checks for USIS, suffers breach.
OPM states that there is “no conclusive evidence to confirm sensitive information
was removed from the system.”
OPM became aware of an intrusion affecting its systems and data in April 2015 and launched
an investigation with its agency partners, the Department of Homeland Security (DHS) and
the Federal Bureau of Investigation (FBI).
Subsequent Detection
OPM became aware of the potential compromise of data related to
personnel records for current and former Federal employees
Public Disclosure
8. US OPM Sensitive Personal Information (SPI) Data Breach
‣ Who was affected?
• “Current, former, and prospective Federal government employees, and those for whom a Federal
background investigation was conducted”
• Original est. – 4.2M records, adjusted to 18M
‣ What was stolen?
• “Name, SSN, date and place of birth and current and former addresses...
could include the type of information you would typically find in a personnel file, such as job assignme
nts, training records
‣ Head scratcher
• "If there is anyone to blame, it is the perpetrators," OPM Director Katherine Archuleta told members of
a Senate panel
9. Black
market
White
market
Gray
market
Zero-day vulnerabilities = $$$ in the marketplaces
• Cybercrime Organizations
• Buy and sell exploit code
• Goal: break into systems, steal data
• Vendor bug bounty programs
• Buy and sell vulnerability info
• Goal: fix security holes
• Military and intelligence agencies
• Buy zero-day exploits and vulnerability info
• Goal: surveillance and offensive ops
10. The market for zero-day exploits
Forbes: Price List for Zero-Day Exploits – Government Agencies
Gray
market
Black
market
White
market
11. Zero Day Disclosure - “Rain Forest Puppy” policy
• Ethical hackers and researchers often follow the
policy and give the vendor five working days to
respond
• The reporter should help the vendor reproduce the
bug
• The reporter should delay notifying the general
community about the bug if the vendor provides
feasible reasons for doing so
• When issuing an alert or fix, the vendor should give
the reporter proper credits about reporting the bug
• If the vendor fails to contact the reporter in those five
days, the recommendation is to disclose
13. Data Breach Trends
• Data breaches are on the rise
• 2014-15 saw a significant jump of
breaches in the retail and
healthcare sectors
• Breach disclosure laws have
contributed to greater exposure
in the mainstream press
• There were more identity breach
victims, but less money was
directly stolen
Source:
http://www.informationisbeautiful.net/visualizations/
worlds-biggest-data-breaches-hacks/
14. SecurityAttackersEnterprises Attacks
2006
2016
Why are Advanced Threats so hard to stop?
Enterprise security has failed to keep pace with the evolving threat landscape
Sedentary Workforce
PCs and laptops
Corporate network
VPN connectivity required for
remote employees
Corp. owned devices
Dynamic Workforce
Smartphones and tablets
Working from free wifi
networks and 3G/4G
connections
BYOD
Rogue Individuals
Motivated by the challenge
No financial gain
Organized Criminals
Well funded
Highly skilled
Criminal organizations
Financial/political gain
Loud and Noisy
Server side vulnerabilities
Attacks were obvious and a
brief duration
Damage could be costly but
easy to clean up
Quiet and stealthy
Exploiting client-side vulns
and social engineering
Leveraging end users as a
catalyst
Goal - data exfiltration
• URL filtering
• Anti-virus
• URL filtering
• Anti-virus
15. Attacks are deeper and more sophisticated than ever before
Loading Stage
Spam & phishing e-mail
Social Networking sites
SEO poisoning
Compromised websites
Malvertising on legitimate sites
Landing Stage
Identification of client side
technologies
O/S, browser and plugins versions
installed
Determine effectiveness of payloads
Often requires no user intervention
Malware Payload Delivery
Anti-VM and Anti-Analysis features
Detection of known antivirus drivers
Multiple levels of highly obfuscated
JavaScript code
Dynamic construction of exploit
payload URLs only when a
vulnerability is found
Short lived exploit payload URLs often
restricted to one visit per IP address
Obfuscated and repackaged
exploit/malware payloads
16. 17,412 new advanced threats detected by Zscaler behavioral
analysis in just 30 days (Jan 2016)
Over 750 billion transactions in one
month
• 2 billion+ threats blocked
• 1,199,188 suspicious objects extracted
from traffic and sent to sandboxes
• 17,412 new advanced threats detected
and blocked for all cloud users
simultaneously
17. Not playing nice in the sandbox
0 5000 10000 15000 20000 25000 30000 35000 40000 45000 50000
Executes massive amount of sleeps in a loop
Dropped PE files which have not been started or loaded
Contains long sleeps
Uploads sensitive system information
Checks for kernel debuggers
Reads the hosts file
Enables driver privileges
Queries the volume information
Checks free space
Looks for software installed
Contains strings which match to known bank URLs
Requests potentially dangerous permissions
Uses a known web browser user agent for HTTP communication
Creates mutexes
Executes native commands
Tries to load missing DLLs
Kills processes
Tries to detect sandboxes and other dynamic analysis tools
Top Malware Behaviors Monitored in Sandbox
18. Case Study: Chinese APT Group Emissary Panda
Chinese APT group “Emissary Panda”, known for
stealing Intellectual Property data from target
companies
Attacks seen on Zscaler Cloud
• Investigation started with ABA block on content
from a compromised Government site (watering
hole)
• Attack Chain shows use of Hacking Team’s leaked 0-
day exploits
• Installs a SSL based Remote Access Trojan (RAT)
upon success
Multiple Industries Targeted
• Energy & Construction
• Financial Services Firm
• Pharmaceutical
More at – research.zscaler.com (Aug ‘15)
210.209.89.162
/rs/ie.html
210.209.89.162
/rs/swfobject.js
210.209.89.162
/rs/out.swf
210.209.89.162
/rs/svchost.exe
reis.railnet.gov.in/
APT attack infrastructure
Compromised
site
19. Case Study: CryptoWall
• Version 3.0 first observed June 2015, version 4.0 Nov 2015
• Binary digitally signed (MDG Advertising)
• Uses strong encryption to encrypt all files on HDD,
attached devices and network shares
• Imagine a domain admin getting infected…
• CryptoWall features:
• Asymmetric (public-key) encryption to encrypt user
documents, making recovery infeasible
• Ransom starts at U$500 and increases over time
• One file will be decrypted for free…
• Ransom collected in bitcoins or as pre-paid cash
vouchers / cards
• Usage of anonymizing networks like Tor & i2p
• New versions even have chat-based support!
21. How good are my defenses?
Current security controls are not working
93% of organizations had infected computers
communicating with C&C servers
of malware coming in the network was unknown
to antivirus vendors52%
79% of organizations were experiencing data
exfiltration
Source: KPMG enterprise security, August 2014
22. Think encryption is going to keep you safe?
‣ SSL traffic is becoming pervasive, but most
organizations are blind to it
• 40% percent of Internet traffic is now encrypted
with SSL, growing to more than 50% in 2016
‣ The most sophisticated threats are using SSL
• 16% of all traffic blocked uses SSL
• 54% of advanced threats use SSL
‣ If your policies do not include SSL inspection,
all your security tools are half-blind
SSL traffic on
enterprise
networks is
growing rapidly &
creating security
blind spots
23. Strategies based on alerting are doomed to failure
‣ Alerting allows infections to happen –
with no guarantee you’ll notice them
‣ Alerting based strategies lead to SOC
overload – which of the 1,000 alerts do
you pay attention to?
‣ All threats and violations must be
automatically blocked
Missed Alarms and 40 Million Stolen Credit
Card Numbers: How Target Blew It
Alert Fatigue
24. Kill chain analysis of an advanced threat
Malicious websites can be
blocked – “sometimes”
Identify and block outbound
data exfiltration
Behavioral Analysis can detect
malicious behavior
By definition, can’t identify
zero-day vulnerability
Identify and block outbound
CnC communications
1
Reconnaissance
Harvesting email and IP addresses,
Surveying defenses
2
Weaponization
Coupling exploit with attack
Infrastructure - deliverable payload
3
Delivery
Delivering weaponized bundle
to the victim via email, web
– drive-by-download
5
Installation
Installing malware on the asset
6
Command & Control (C2)
Command channel for remote
manipulation of victim’s system
or additional malware downloads
7
Action on Objectives
Lateral movement, data
exfiltration, disruption, etc.
4
Exploitation
Exploiting a vulnerability to
execute code on victim’s system
25. Best practices for stopping APTs in Internet traffic
Defense in depth
Inline Antivirus & Anti-spyware
Deep Content Inspection
Browser and Plugin Vulnerabilities
Page-Level Risk Analysis
Block Malicious URLs and Files
Sandboxing
Botnet calls, malicious URLs,
data exfiltration, SSL, etc.
OUTBOUND TRAFFICINBOUND TRAFFIC
Viruses, APTs, Adware, Spyware,
Malicious Javascript, Exploits,
Malformed Files, XSS, etc
Known Threats
Unknown ThreatsZero-day threats
26. Zscaler Advanced Threat Protection
Protect – stop infections from happening
‣ Always in-line – can always block
‣ Multiple layers of security with automated in-
line SSL inspection
‣ Behavioral analysis for zero day files
‣ File quarantine - first global victim is protected
‣ Instant cloud-wide blocking of new threats
‣ Lock down all ports & protocols with built-in
NG firewall
27. Zscaler Advanced Threat Protection
Detect – identify compromised devices
‣ Monitor infection trends
‣ Isolate infected machines
‣ Identify types of attacks
‣ Track users with risky
behavior
‣ Show value of the solution to
the CxO
28. Zscaler Advanced Threat Protection
Remediate – minimize impact and heal
‣ Stop data exfiltration attempts,
including over SSL
‣ Lock down unauthorized ports and
protocols
‣ Block botnet CnC communications
‣ Complete visibility, even to cloud
applications
‣ Easy to use, detailed forensics
‣ Correlation across users /devices /
locations
29. How Zscaler sandboxing works
Block or Allow “known” files:
• Malware identified by AV, threat database,
or static analysis
• Benign files identified by whitelist or file
type
Unknown files go through Behavioral
Analysis :
• “Detonate” in a virtual sandbox
• Capture and analyze behavior
• Identify malware vs benign
• Update threat database
• Automatically block malware
• Automatically pass benign files
30. Zscaler APT Protection Key Highlights:
Behavioral Analysis Report
Quarantine – ensures no one gets infected with
zero day attack
Forensics analysis with key features to make
remediation easy:
• Screen captures during malware execution
• Packet captures for detailed analysis
• Detection evading techniques used
• Memory and process analysis
• Networking level activity
32. Backhaul traffic through the data center
Slow,
complex, &
expensive
Mobile HQ Remote Offices
Too many
gateways to buy,
deploy & manage
Build a perimeter around every office
HQ Remote Offices
Security appliances: two challenging choices
33. Exploits APTMalware
Public Cloud
SaaS
Private Cloud
Botnets
Real-time global visibility
(threats, apps, users)
Single policy definition
point (context)
Mobile Employee
HQ
Remote Offices
Full inline inspection (SSL)
All ports, all protocols
Off Network
PAC / Mobile Agent
On Network
GRE/IPSEC
Traffic forwarding
Two use cases:
Zscaler: putting a perimeter around the Internet
So you don’t need to put a perimeter around every office and every device
34. Web security Advanced
threat
protection
Cloud app
visibility &
control
Cloud
Firewall
Bandwidth
Controls
Data loss
prevention
Context-aware policies Global real-time analytics SSL inspection Threat Correlation
Multi-tenant distributed carrier-grade cloud (Peering relationships)
Zscaler cloud security platform
Cloud
Sandbox
Purpose-built, integrated services consolidate and simplify the appliance mess
35. Industry analysts agree…
“…on-premises web content security
can’t protect digital business…”
“…largest global cloud footprint with
more than 100 enforcement nodes…”
36. Zscaler delivers value to all stakeholders
CISO: BETTER SECURITY
Scan and score every byte (SSL)
Always up-to-date
Correlation of threat prevention techniques
Consistent policies globally
Full audit controls- every user, device, & app in all
locations
CIO/CTO: SIMPLIFICATION
No patch management or EOS issues
No shipping, staging, updating
Checkbox to enable new features
No maintenance windows
Elastic scale
CFO: FASTER ROI
Minimize CAPEX investment – no
boxes to purchase
Reduce OPEX – no boxes to maintain
END USER: IMPROVED EXPERIENCE
Faster response times
Localized Internet content
Single admin console
Real-time global reports
Performance SLA
37. Consider Three Users…
• We must seek security solutions that ensure consistent policy,
protection and visibility, regardless of device or location.
• Cloud provides the opportunity to level the playing field.
Office Coffee Shop Airport
Device PC / Laptop Laptop Tablet/
smartphone
Protection IDS, IPS, FW,
SWG, DLP, etc.
Host based AV
and firewall
Nothing
Visibility Location based
reporting
Nothing Nothing
38. Next Steps
37
Free Security Health Check
Risk free evaluation of your security infrastructure
Go to: http://www.zscaler.com/securitypreview
Live Product Demos
Register here: https://www.zscaler.com/productdemos