Verizon 2014 data breach investigation report and the target breachUlf Mattsson
The landscape of threats to sensitive data is changing. New technologies bring with them new vulnerabilities, and organizations like Target are failing to adapt to the shifts around them.
What’s needed is an approach equal to the persistent, advanced attacks companies face every day. The sooner we start adopting the same proactive thinking hackers are using to get at our data, the better we will be able to protect it.
In this webinar, Protegrity CTO and data security thought leader Ulf Mattsson integrates new information from the Verizon 2014 Data Breach Investigation Report (DBIR) into his analysis on what is driving data breaches today, and how we can prevent them in the future.
KEY TOPICS INCLUDE:
• The changing threat landscape
• The effects of new technologies on breaches
• Analysis of recent breaches, including Target
• Compliance vs. security
• The importance of shifting from reactive to proactive thinking
• Preparing for future attacks with new technology & techniques
The good, the bad and the ugly of the target data breachUlf Mattsson
The landscape of threats to sensitive data is rapidly changing. New technologies bring with them new vulnerabilities, and organizations like Target are failing to react properly to the shifts around them. What's needed is an approach equal to the persistent, advanced attacks companies face every day. The sooner we start adopting the same proactive thinking hackers are using to get at our data, the better we will be able to protect it.
This webinar will cover:
Data security today, the landscape, etc.
Discuss a few recent studies and changing threat landscape
The Target breach and other recent breaches
The effects of new technologies on breaches
Shifting from reactive to proactive thinking
Preparing for future attacks with new techniques
In this report, we breakdown the Target attack to 11 detailed steps, beginning with the initial credential theft of Target’s HVAC contractor to the theft of PII and credit cards. Particular attention is given to those steps, unknown until now, such as how the attackers were able to propagate within the network. Throughout this report we highlight pertinent insights into the Tactics, Techniques and Procedures (TTPs4) of the attackers. Finally, we provide recommendations on the needed security measures for mitigating similar advanced targeted attacks.
I wrote this paper on 2014 as the VP of Research for Aorato
Today, the topic of cybersecurity has moved from IT and the datacenter to the highest levels of the boardroom. Attacks and threats have grown substantially more sophisticated in frequency and severity. Attackers reside within an internal network an average of eight months before they are even detected. In the vast majority of attacks, they compromise user credentials and they are increasingly using legitimate IT tools rather than malware.
You are now working under the assumption of a breach. How do you find the attackers--before they cause damage?
In this Blackhat talk we will discuss the TTPs (Tactics Techniques & Procedures) of advanced attackers and how they manifest themselves over the network. We will give a special attention to the Reconnaissance and Lateral Movement phases of the Cyber Kill Chain and discuss how network monitoring can be employed to mitigate these risks.
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...AlienVault
Ever feel like you spend more time converting security information from one format to another, than actually connecting the dots hidden within it? The Collective Intelligence Framework (CIF) is a data processor for pulling in and normalizing out all these threat intel sources into a single combined dataset. Watch it on-demand http://ow.ly/li8Lf #TTTSec
Threat Intelligence Data Collection & AcquisitionEC-Council
In this slideshare, we’ll discuss threat data collection and methods. To discover more about threat intelligence, visit: www.eccouncil.org/cyber-threat-intelligence
Verizon 2014 data breach investigation report and the target breachUlf Mattsson
The landscape of threats to sensitive data is changing. New technologies bring with them new vulnerabilities, and organizations like Target are failing to adapt to the shifts around them.
What’s needed is an approach equal to the persistent, advanced attacks companies face every day. The sooner we start adopting the same proactive thinking hackers are using to get at our data, the better we will be able to protect it.
In this webinar, Protegrity CTO and data security thought leader Ulf Mattsson integrates new information from the Verizon 2014 Data Breach Investigation Report (DBIR) into his analysis on what is driving data breaches today, and how we can prevent them in the future.
KEY TOPICS INCLUDE:
• The changing threat landscape
• The effects of new technologies on breaches
• Analysis of recent breaches, including Target
• Compliance vs. security
• The importance of shifting from reactive to proactive thinking
• Preparing for future attacks with new technology & techniques
The good, the bad and the ugly of the target data breachUlf Mattsson
The landscape of threats to sensitive data is rapidly changing. New technologies bring with them new vulnerabilities, and organizations like Target are failing to react properly to the shifts around them. What's needed is an approach equal to the persistent, advanced attacks companies face every day. The sooner we start adopting the same proactive thinking hackers are using to get at our data, the better we will be able to protect it.
This webinar will cover:
Data security today, the landscape, etc.
Discuss a few recent studies and changing threat landscape
The Target breach and other recent breaches
The effects of new technologies on breaches
Shifting from reactive to proactive thinking
Preparing for future attacks with new techniques
In this report, we breakdown the Target attack to 11 detailed steps, beginning with the initial credential theft of Target’s HVAC contractor to the theft of PII and credit cards. Particular attention is given to those steps, unknown until now, such as how the attackers were able to propagate within the network. Throughout this report we highlight pertinent insights into the Tactics, Techniques and Procedures (TTPs4) of the attackers. Finally, we provide recommendations on the needed security measures for mitigating similar advanced targeted attacks.
I wrote this paper on 2014 as the VP of Research for Aorato
Today, the topic of cybersecurity has moved from IT and the datacenter to the highest levels of the boardroom. Attacks and threats have grown substantially more sophisticated in frequency and severity. Attackers reside within an internal network an average of eight months before they are even detected. In the vast majority of attacks, they compromise user credentials and they are increasingly using legitimate IT tools rather than malware.
You are now working under the assumption of a breach. How do you find the attackers--before they cause damage?
In this Blackhat talk we will discuss the TTPs (Tactics Techniques & Procedures) of advanced attackers and how they manifest themselves over the network. We will give a special attention to the Reconnaissance and Lateral Movement phases of the Cyber Kill Chain and discuss how network monitoring can be employed to mitigate these risks.
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...AlienVault
Ever feel like you spend more time converting security information from one format to another, than actually connecting the dots hidden within it? The Collective Intelligence Framework (CIF) is a data processor for pulling in and normalizing out all these threat intel sources into a single combined dataset. Watch it on-demand http://ow.ly/li8Lf #TTTSec
Threat Intelligence Data Collection & AcquisitionEC-Council
In this slideshare, we’ll discuss threat data collection and methods. To discover more about threat intelligence, visit: www.eccouncil.org/cyber-threat-intelligence
As the technical skills and costs associated with the deployment of phishing attacks decrease, we are witnessing an unprecedented level of scams that push the need for better methods to proactively detect phishing threats. In this work, we explored the use of URLs as input for machine learning models applied for phishing site prediction. In this way, we compared a feature-engineering approach followed by a random forest classifier against a novel method based on recurrent neural networks. We determined that the recurrent neural network approach provides an accuracy rate of 98.7% even without the need of manual feature creation, beating by 5% the random forest method. This means it is a scalable and fast-acting proactive detection system that does not require full content analysis.
Originally presented at Angelbeat, learn how hackers gather data about your organization and how you can do the same sort of reconnaissance to eliminate risk before it becomes a breach.
Check out the deck and then get your own free risk scorecard here: https://www.normshield.com/get-risk-scorecard/
3rd Party Cyber Security: Manage your ecosystem!NormShield, Inc.
Your partners, vendors and other key 3rd parties have access to your sensitive networks and data. How confident are you that they're managing their cyber security? This short presentation looks at why you need to view information security as an ecosystem and how you can get intelligence on the big picture.
Indicators of Compromise were meant to solve the failures of signature-based detection tools. Yet today’s array of IOC standards, feeds and products haven’t impeded attackers, and most intel is shared in flat lists of hashes, IPs and strings. This session will explore why IOCs haven’t raised the bar, how to better utilize brittle IOCs and how to use intrinsic network data to craft better IOCs.
(Source: RSA USA 2016-San Francisco)
NormShield Cyber Threat & Vulnerability Orchestration OverviewNormShield, Inc.
NormShield is at the forefront of orchestrated cyber security operations and reporting, a transformative new category that Gartner calls SOAR. The NormShield cloud platform automates finding vulnerabilities, prioritizes them and provides actionable intelligence. A key differentiation is the company’s combination of advanced automation and human intelligence for reliability unparalleled in the industry. NormShield CISOs receive letter-grade risk scorecards. Their teams manage risk, not data. The results are measurable: informed decisions and swift action that reduces risk as never before possible and at an affordable price.
Cyber Threat Intelligence - It's not just about the feedsIain Dickson
Presented at BSides Perth 2019
Synopsis:
Although the practice of collecting and using intelligence has been studied and conducted by governments and the military for centuries, it’s relative application to Cyber Security has only recently been highlighted. This area of infosec has been termed Cyber Threat Intelligence, where the marriage of traditional intelligence techniques and analysis with deep technical understanding within the Cyber domain are used to predict future actions by threats through long term analysis and modelling. This approach is then used to support both proactive and reactive cyber security actions, from incident response to penetration testing. This presentation focuses on threat intelligence from a practical data perspective, moving away from just the commercial concept of threat intelligence feeds (although these form one part of the equation). This presentation will approach threat intelligence from an analysts perspective of what questions needs to be answered to effectively investigate an incident, using the Diamond Model and Cyber Kill Chain as framing devices. These questions will then lead to examples of the data that can be used to answer these questions. Although traditionally data collection has focused on external cyber information, more often than not however, it’s actions outside of those seen within an organisations network, or even outside cyberspace that can provide context to the actions a threat takes. Finally, we provide a number of use cases on which the results of threat intelligence processes can be applied within a Security Operations Centre, including Incident Response as well as traditional Penetration Testing and Red Teaming.
The EU Data Protection Regulation and what it means for your organizationSophos Benelux
Session on what the EU Data Protection Regulation actually means for EU organizations and how you can comply. Presented by Michael Heering at the Online Security Summit Belgium.
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
The broad list of topics include (but not limited to):
- What is Threat Intelligence?
- Type of Threat Intelligence?
- Intelligence Lifecycle
- Threat Intelligence - Classification & Vendor Landscape
- Threat Intelligence Standards (STIX, TAXII, etc.)
- Open Source Threat Intel Tools
- Incident Response
- Role of Threat Intel in Incident Response
- Bonus Agenda
Cyber threat intelligence: maturity and metricsMark Arena
From SANS Cyber Threat Intelligence Summit 2016. What are the characteristics of a mature cyber threat intelligence program, and how do you develop meaningful metrics? Traditionally, intelligence has been about providing decision
support to executives whilst the field of cyber threat intelligence supports this customer, and network defenders, who have different requirements. By using the intelligence cycle, this talk will
seek to help attendees understand how they can identify what a mature intelligence program looks like and the steps to take their program to the next level.
veryone's heard about the Target breach at the end of last year; some of you may have been affected. One way to understand this breach - to borrow a phrase from Deep Throat talking about the Watergate Scandal in "All The President's Men" - is to follow the money.
This webinar will do that. It will detail what we know about the Target breach and how it happened. But it will place particular emphasis on the money trail - not only in terms of how the bad guys turn the data into cash, but also who ends up footing the bill, the role insurance can play, the likelihood of lawsuits, and so on. As such, this webinar represents a powerful opportunity to learn what really goes down as a breach unwinds from a respected professional who has been in the trenches for decades.
Our featured speakers for this webinar will be:
- Ted Julian, Chief Marketing Officer, Co3 Systems
- Mark Rasch, Chief Privacy Officer, SAIC
Qorvis MSLGROUP has created a comprehensive guide to the Trump Administration. This document provides a first look at the people and players behind the most unlikely presidential campaign in American history.
For each person mentioned here, we have included a bio, a photo, and representative institutions and organizations affiliated with that person, so that the reader may better understand the relationships that influence the people who in turn are influencing President Trump.
For real-time updates, follow @Qorvis or reach out to us on Twitter @msl_group.
As the technical skills and costs associated with the deployment of phishing attacks decrease, we are witnessing an unprecedented level of scams that push the need for better methods to proactively detect phishing threats. In this work, we explored the use of URLs as input for machine learning models applied for phishing site prediction. In this way, we compared a feature-engineering approach followed by a random forest classifier against a novel method based on recurrent neural networks. We determined that the recurrent neural network approach provides an accuracy rate of 98.7% even without the need of manual feature creation, beating by 5% the random forest method. This means it is a scalable and fast-acting proactive detection system that does not require full content analysis.
Originally presented at Angelbeat, learn how hackers gather data about your organization and how you can do the same sort of reconnaissance to eliminate risk before it becomes a breach.
Check out the deck and then get your own free risk scorecard here: https://www.normshield.com/get-risk-scorecard/
3rd Party Cyber Security: Manage your ecosystem!NormShield, Inc.
Your partners, vendors and other key 3rd parties have access to your sensitive networks and data. How confident are you that they're managing their cyber security? This short presentation looks at why you need to view information security as an ecosystem and how you can get intelligence on the big picture.
Indicators of Compromise were meant to solve the failures of signature-based detection tools. Yet today’s array of IOC standards, feeds and products haven’t impeded attackers, and most intel is shared in flat lists of hashes, IPs and strings. This session will explore why IOCs haven’t raised the bar, how to better utilize brittle IOCs and how to use intrinsic network data to craft better IOCs.
(Source: RSA USA 2016-San Francisco)
NormShield Cyber Threat & Vulnerability Orchestration OverviewNormShield, Inc.
NormShield is at the forefront of orchestrated cyber security operations and reporting, a transformative new category that Gartner calls SOAR. The NormShield cloud platform automates finding vulnerabilities, prioritizes them and provides actionable intelligence. A key differentiation is the company’s combination of advanced automation and human intelligence for reliability unparalleled in the industry. NormShield CISOs receive letter-grade risk scorecards. Their teams manage risk, not data. The results are measurable: informed decisions and swift action that reduces risk as never before possible and at an affordable price.
Cyber Threat Intelligence - It's not just about the feedsIain Dickson
Presented at BSides Perth 2019
Synopsis:
Although the practice of collecting and using intelligence has been studied and conducted by governments and the military for centuries, it’s relative application to Cyber Security has only recently been highlighted. This area of infosec has been termed Cyber Threat Intelligence, where the marriage of traditional intelligence techniques and analysis with deep technical understanding within the Cyber domain are used to predict future actions by threats through long term analysis and modelling. This approach is then used to support both proactive and reactive cyber security actions, from incident response to penetration testing. This presentation focuses on threat intelligence from a practical data perspective, moving away from just the commercial concept of threat intelligence feeds (although these form one part of the equation). This presentation will approach threat intelligence from an analysts perspective of what questions needs to be answered to effectively investigate an incident, using the Diamond Model and Cyber Kill Chain as framing devices. These questions will then lead to examples of the data that can be used to answer these questions. Although traditionally data collection has focused on external cyber information, more often than not however, it’s actions outside of those seen within an organisations network, or even outside cyberspace that can provide context to the actions a threat takes. Finally, we provide a number of use cases on which the results of threat intelligence processes can be applied within a Security Operations Centre, including Incident Response as well as traditional Penetration Testing and Red Teaming.
The EU Data Protection Regulation and what it means for your organizationSophos Benelux
Session on what the EU Data Protection Regulation actually means for EU organizations and how you can comply. Presented by Michael Heering at the Online Security Summit Belgium.
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
The broad list of topics include (but not limited to):
- What is Threat Intelligence?
- Type of Threat Intelligence?
- Intelligence Lifecycle
- Threat Intelligence - Classification & Vendor Landscape
- Threat Intelligence Standards (STIX, TAXII, etc.)
- Open Source Threat Intel Tools
- Incident Response
- Role of Threat Intel in Incident Response
- Bonus Agenda
Cyber threat intelligence: maturity and metricsMark Arena
From SANS Cyber Threat Intelligence Summit 2016. What are the characteristics of a mature cyber threat intelligence program, and how do you develop meaningful metrics? Traditionally, intelligence has been about providing decision
support to executives whilst the field of cyber threat intelligence supports this customer, and network defenders, who have different requirements. By using the intelligence cycle, this talk will
seek to help attendees understand how they can identify what a mature intelligence program looks like and the steps to take their program to the next level.
veryone's heard about the Target breach at the end of last year; some of you may have been affected. One way to understand this breach - to borrow a phrase from Deep Throat talking about the Watergate Scandal in "All The President's Men" - is to follow the money.
This webinar will do that. It will detail what we know about the Target breach and how it happened. But it will place particular emphasis on the money trail - not only in terms of how the bad guys turn the data into cash, but also who ends up footing the bill, the role insurance can play, the likelihood of lawsuits, and so on. As such, this webinar represents a powerful opportunity to learn what really goes down as a breach unwinds from a respected professional who has been in the trenches for decades.
Our featured speakers for this webinar will be:
- Ted Julian, Chief Marketing Officer, Co3 Systems
- Mark Rasch, Chief Privacy Officer, SAIC
Qorvis MSLGROUP has created a comprehensive guide to the Trump Administration. This document provides a first look at the people and players behind the most unlikely presidential campaign in American history.
For each person mentioned here, we have included a bio, a photo, and representative institutions and organizations affiliated with that person, so that the reader may better understand the relationships that influence the people who in turn are influencing President Trump.
For real-time updates, follow @Qorvis or reach out to us on Twitter @msl_group.
Issue Tracking: How News 'Moves' Through the Mediaevolve24
Target experienced a data breach in late 2013. Within a few minutes of the first blog post, the story spread like wildfire and placed Target in the national spotlight -- and not for a good reason.
This presentation demonstrates how an issue can be tracked by evolve24 to mitigate issues, manage communications and monitor reputation loss.
In the world of cyber security, a single defeat can be extremely costly.Before you create a plan, it’s vital to learn about the anatomy of a data breach – and understand who your attackers are.
In a standard data breach, the type that occurs between 80 to 90 million times per year, there are roughly 6 essential steps, each of which will be outlined below. It’s time for a quick anatomy lesson to strengthen your cyber security program:
Year 2013. will definitely be remembered as year with largest number of data breach incidents. Some incidents are already recognized as synonyms for word breach:
1. Edward Snowden vs. NSA
2. Adobe - 150 million records exposed
3. Target - 110 million records exposed
Moreover, year 2013. had almost double the number of breaches from 2011., totaling amount of 822 million data breaches.
In my presentation, I tried to illustrate and point out most important facts about those breaches.
Hope you'll like it - feel free to share!
Mihajlo Prerad
This PowerPoint examines the corporate structure of Target in a strategic manor. See how it compares to its competitors and why it is one of the leading retailers in today's society.
Understanding Malware Lateral Spread Used in High Value AttacksCyphort
APTs are known to use advanced Techniques, Tactics, and Procedures (TTP), including advanced malware design with protection layers, sandboxing evasion, and lateral movement inside penetrated networks to seek out high value targets. In this webinar, Nick Bilogorskiy of Cyphort Labs will review various lateral movement techniques and methods used by advanced threats in the past. He will look at some APT samples, e.g. Shamoon, in detail to show the specific steps in the lateral movement by the malware. Understanding the lateral movement of APT should help security defenders to better select and implement protection solutions.
Get Smart about Ransomware: Protect Yourself and OrganizationSecurity Innovation
As ransomware threats continue to rise, it's important to understand how to protect yourself and your organization against these cyberattacks and what you should do if you become a victim.
As Ransomware threats continue to rise, it's important to understand how to protect yourself and your organization against these cyber attacks and what you should do if you become a victim.
Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.Cyphort
Secretary Johnson called the attack on Sony Pictures Entertainment “an attack on our freedom of expression and way of life.” In this MMW session, we dissect Destover malware, responsible for more than 100 terabytes of stolen data from Sony Pictures Entertainment.
Added bonus: MMW Watch List of 2014
We will summarize the “most wanted” of the year 2014, including Backoff, the POS malware, and Zberp, the financial Trojan.
EverSec + Cyphort: Big Trends in CybersecurityCyphort
Advanced threats are changing so often it is getting harder and harder to keep up! In addition to new attacks, hackers are reinventing older ones, making it even more difficult to detect. In this webinar, we will discuss at a high-level some of biggest cybersecurity threats happening right now, including:
--The Resurgence of Ransomware - Locky and other new cryptolockers
--Malvertising, oh My! - No website is safe from unknowingly spreading malware to visitors
--I have RATs - How to defend against Remote Access Trojans stealing your data
Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...HackIT Ukraine
Ник расскажет про типичный день антивирусного специалиста в Кремниевой Долине. Про то, как компании борются с хакерскими атаками. Он расскажет свою историю про то, как работал в Фейсбуке, как туда попасть и какой опыт эта компания даёт. Расскажет про Cyphort, и антивирусы нового поколения. И он поделится новыми трендами кибербезопасности.
Companies are struggling to deal with the unstoppable growth of cyber-attacks as hackers get faster, sneakier and more creative. The bad news is - no company is immune, no matter how big or small you are. Without a proper understanding of zero-day threats, companies have no way of exposing the gaps of overhyped security solutions.
Zero-day exploit leaves NO opportunity for detection. This presentation will highlight critical insights combating zero-day threats.
Cyphort Labs presents "Malware's Most Wanted: Ransomware Resurgence: Locky and Other “New Cryptolockers”
Like many viruses, botnets and malware families that we’ve seen over the past decade, hackers continue to find new ways of reinventing old threats. And this is no different for Ransomware.
Ransomware has come a long way from non-encrypting lockscreen FBI scare warnings like Reveton. In 2016 alone, there have been new ransomware families popping up and we expect that to only pick up steam over the summer.
In this edition of MMW, Nick Bilogorskiy, Senior Director of Threat Operations at Cyphort, will discuss:
Locky, the new “it” ransomware and how it works
A deep dive into a new family of ransom locker discovered by Cyphort Labs in March, that uses TOR Hidden Service
Other new ransomware families and why it’s becoming the preferred monetization method for attackers
Ransomware is a PC or Mac-based malicious piece of software that encrypts a user or company’s files and forces them to pay a fee to the hacker in order to regain access to their own files.
Not only can ransomware encrypt the files on your computer; the software is smart enough to travel across your network and encrypt any files located on shared network drives. This can lead to a catastrophic situation whereby one infected user can bring an entire company to a halt.
PoS Malware and Other Threats to the Retail IndustryInvincea, Inc.
This presentation covers:
- Why today’s Retail POS systems are at risk
- How using relatively simple techniques, cyber criminals get onto retailer networks and POS machines
- How POS malware works in capturing credit card data
- How antiquated security architectures and technology put retailers and customers at risk
- How good security architecture and advanced threat protection tools can defeat these attacks before data is breached.
- How to recognize outdated vulnerable POS endpoints that might expose you to credit card fraud
Dr. Fengmin Gong, Co-Founder and Chief Strategy Officer, presents why an ecosystem-based approach is necessary to defend against modern malware threats. Discussion continues with what it takes to implement cybersecurity using this approach. He also presents a number of use cases where multi-vendor products interacting in a security ecosystem provide the most effective protection for enterprises.
company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
What a dramatic cyber soap opera we've witnessed with the Alpha ransomware group, also known by their edgy alias, BlackCat. It's like a game of digital whack-a-mole, with the FBI and friends swinging the mallet of justice and the ransomware rascals popping up with a cheeky "unseized" banner as if they're playing a high-stakes game of capture the flag.
The FBI's initial victory lap was cut short when AlphV's site reemerged, now mysteriously devoid of any incriminating victim lists.
Will the FBI finally pin the cyber tail on the Black Cat, or will these digital desperados slip away once more? Stay tuned for the next episode of "Feds vs. Felons: The Cyber Chronicles."
-------
This document presents a analysis of the Alpha ransomware site, associated with the ransomware group also known as BlackCat. The analysis covers the ransomware technical details, including its encryption mechanisms, initial access vectors, lateral movement techniques, and data exfiltration methods.
The insights gained from this analysis are important for cybersecurity practitioners, IT professionals, and policymakers. Understanding the intricacies of AlphV/BlackCat ransomware enables the development of more effective defense mechanisms, enhances incident response strategies.
Recently a ransomware variant titled “WannaCry” has infected thousands of unpatched endpoints worldwide.This quick presentation will provide a synopsis of what this threat might mean for end users and what actions can be taken in response to this new information.
Demo how to detect ransomware with alien vault usm_ggAlienVault
By now you've probably heard about new ransomware threats like CryptoWall, which encrypts your data and demands payment to unlock it. These threats are delivered via malicious email attachments or websites, and once CryptoWall executes and connects to an external command and control server, it starts to encrypt files throughout your network. Therefore, spotting infections quickly can limit the damage.
Don’t fall victim to ransomware!
AlienVault USM uses several built-in security controls working in unison to detect ransomware like CryptoWall, usually as soon as it attempts to connect to the hackers’ command and control server. How does it all work? Join us for a live demo that will show how AlienVault USM detects these threats quickly, saving you valuable clean up time by limiting the damage from the attack.
You'll learn:
How AlienVault USM detects communications with the command and control server
How the behavior is correlated with other signs of trouble to alert you of the threat
Immediate steps you need to take to stop the threat and limit the damage
Ransomware has become one of the most widespread and damaging threats that internet users face. Since the infamous CryptoLocker first appeared in 2013, we’ve seen a new era of file-encrypting ransomware variants delivered through spam messages and Exploit Kits, extorting money from home users and businesses alike.
Similar to Data breach at Target, demystified. (20)
MMW June 2016: The Rise and Fall of Angler Cyphort
We have talked about the recent ransomware resurgence and now Cyphort Labs wants to spend some timer on one of the most effective methods of delivering ransomware and that is exploit kits.
In this edition of MMW, Nick Bilogorskiy, Senior Director of Threat Operations at Cyphort, will cover:
The evolution of exploit kits such as Angler, Nuclear, Rig and Neutrino
Show real examples of drive-by exploits in popular websites discovered in our crawler
Examine the relationship between exploits, kits and payload
Most notable apt_ attacks_of_2015_and_2016 predictionsCyphort
This season is the time to consider the year in review and the year to come. Nick will review the biggest malware attacks and breaches of the year, including OPM breach, Apple App store malware, Ashley Madison and Hacking Team. Then it’s on to the future as Nick unveils his security predictions for 2016.
In this Malware's Most Wanted, Cyphort Lab's Marion Marschalek will shed light on malware self-protection. The audience will get an overview of how malware evasion evolved over the years and how malware defense evolved with it, or vice versa as it occasionally happens in the digital arms race. The various observed anti-analysis tricks will be put in relation to the respective counter measures in order to showcase challenges of modern day security products.
Marion recently won a speaking contest at Komintern Sect in Stockholm.
Machine learning is a powerful tool with many well-suited applications for malware detection, classification, and risk quantification. Despite its reputation as a "black box" component to an enterprise security solution, designing a robust machine learning model for malware detection is an involved process: its success hinges on understanding the problem you're trying to solve, the underlying data you utilize, and most importantly, its limitations.
In this Malware Most Wanted session, we analyze working models discuss the strengths, pitfalls, and high-level trade-offs of using machine learning for successful malware detection.
Nick Bilogorskiy presentation on Ransomware, Cryptolocker and Cryptowall at Rochester Security Summit 2015.
Fake Antivirus
History of Ransomware
Cryptolocker
Cryptowall
Conclusions
In the digital age, one of the most effective ways to gather data and information about a potential enemy state is by infiltrating their ranks with malware. This webinar takes a deep drive into advanced persistent threat attacks performed by nation states. We will discuss various actors, government sponsored hackers, such as Duke, Bear, and Panda. Then we will look at malware created, like Regin, Elise, Flame, Equation Group, Babar, OnionDuke, and Dark Hotel.
NIST Cybersecurity Framework is a good starting point for many enterprises to harden their security posture against advanced threats. In this webinar, we will share the major take-aways from the framework. More importantly, we will explain the 5 critical factors in implementing cybersecurity defense, and how to handle them with best practice.
Malware writers are well aware of sandboxing, a popular way to detect brand new unknown malware by its behavior, and make code that infects the intended victim but has no malicious behavior in a sandbox. This MMW webinar demos specific ways how malware detects and hides from sandboxes including environmental check, stalling code, sleeps, hook detection and click triggers.
Malware writers are well aware of sandboxing, a popular way to detect brand new unknown malware by its behavior, and make code that infects the intended victim but has no malicious behavior in a sandbox. This MMW webinar demos specific ways how malware detects and hides from sandboxes including environmental check, stalling code, sleeps, hook detection and click triggers.
Malware writers are well aware of sandboxing, a popular way to detect brand new unknown malware by its behavior, and make code that infects the intended victim but has no malicious behavior in a sandbox. This MMW webinar demos specific ways how malware detects and hides from sandboxes including environmental check, stalling code, sleeps, hook detection and click triggers.
Malware authors are beginning to target Mac OS X in larger numbers. As malware and phishing attacks become targeted, more sophisticated, and easier to carry out. Mac users can no longer rely on hackers to ignore the smaller OS X market share. In this webinar Cyphort Labs will explain the trends on Mac malware and present statistics on Mac malware we gathered in the wild and interpret the numbers.
Malware's Most Wanted: The Many Faces of MalwareCyphort
There has been extensive research done on malware code structures and system behaviors, often times hidden from unsuspecting eyes. Screen shots of malware execution have been shared in the passing, but were rarely the focus. It will be remiss if we did not pay enough attention to what malware looks like in their victims’ face.
Nick Bilogorskiy, Director of Security Research at Cyphort has studied a representative set of malware samples, including Adware and PUPs (potentially unwanted programs) and shares the screenshots from the perspective of how they interact with users, and how they can be helpful in identifying such malware.
Malware's Most Wanted: Linux and Internet of Things MalwareCyphort
Marion Marschalek speaks about Linux and Internet of things Malware.
Occasionally we see samples coming out of our pipe which do not fit with the stream of malware, such as clickjackers, banking Trojans and spybots. These exotic creatures are dedicated to target platforms other than the Windows operating system. While they make up for a significantly smaller portion than the load of Windows malware, Cyphort labs has registered a rise in Linux and Internet of Things Malware (IoT) malware. A number of different families has been seen. But what is their level of sophistication and the associated risk? This webinar provides an overview of Linux and IoT malware that Cyphort labs has spotted in the wild and gives an insight into the development of these threats and the direction they are taking.
Banking or Financial Trojans are already notorious because they have been around for a while, and they count both consumers and financial institutions among their victims. To help better defend against this class of malware, we share analyses of some recent families of financial Trojans. Nick Bilogorskiy, Cyphort's Director of Security Research, looks at the specific characteristics associated with a financial Trojan in terms of distribution channel, armoring behavior, attack payload, actors, etc in this presentation.
Malware's Most Wanted: Malvertising Attacks on Huffingtonpost, Yahoo, AOLCyphort
Malvertising Attacks on Huffingtonpost, Yahoo, AOL
Cyphort Labs has reported an uptick in drive-by-infection through malvertising in 2014 and sounded alarms for the web property owners regarding this emerging trend. We believe that this trend presents a significant cybersecurity challenge in 2015. In this session, we will discuss this increasing trend of drive-by attacks by dissecting examples of recent web infections, as well as share observed, sophisticated behavior of modern exploit pack and the challenges for research and discovery. As we present exploit kit information, trends and statistics from research derived from our Cyphort Crawler, you will gain an awareness and an understanding of these malvertising threats to better protect your site visitors from malware infection.
Cyphort Labs has come across a sophisticated malware sample, dubbed Evil Bunny, which tricks sandboxes and shows rather uncommon deception traits to evade detection. Marion Marschalek, Security Researcher of Cyphort Labs, will dissect this evil, yet fascinating, malware called EvilBunny Malware Dropper. We will examine how it attempts to evade detection from AV and sandboxing, how it drops the payload, and how it persists and deletes itself.
Marion Marschalek's CyberCamp Madrid talk focuses on personal obstacles when entering the really technical fields and the innovation gap in infosec, which offers so many opportunities for youngsters.
Malware's Most Wanted: How to tell BADware from adwareCyphort
How do you effectively deal with the ever-increasing amount of adware? Adware is annoying, but not all are created equal. At this MMW we look at growing landscape of adware and malware. We will discuss tools to give you behavior insights and ways to reveal the context of adware as it relates to your business.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Welocme to ViralQR, your best QR code generator.ViralQR
Welcome to ViralQR, your best QR code generator available on the market!
At ViralQR, we design static and dynamic QR codes. Our mission is to make business operations easier and customer engagement more powerful through the use of QR technology. Be it a small-scale business or a huge enterprise, our easy-to-use platform provides multiple choices that can be tailored according to your company's branding and marketing strategies.
Our Vision
We are here to make the process of creating QR codes easy and smooth, thus enhancing customer interaction and making business more fluid. We very strongly believe in the ability of QR codes to change the world for businesses in their interaction with customers and are set on making that technology accessible and usable far and wide.
Our Achievements
Ever since its inception, we have successfully served many clients by offering QR codes in their marketing, service delivery, and collection of feedback across various industries. Our platform has been recognized for its ease of use and amazing features, which helped a business to make QR codes.
Our Services
At ViralQR, here is a comprehensive suite of services that caters to your very needs:
Static QR Codes: Create free static QR codes. These QR codes are able to store significant information such as URLs, vCards, plain text, emails and SMS, Wi-Fi credentials, and Bitcoin addresses.
Dynamic QR codes: These also have all the advanced features but are subscription-based. They can directly link to PDF files, images, micro-landing pages, social accounts, review forms, business pages, and applications. In addition, they can be branded with CTAs, frames, patterns, colors, and logos to enhance your branding.
Pricing and Packages
Additionally, there is a 14-day free offer to ViralQR, which is an exceptional opportunity for new users to take a feel of this platform. One can easily subscribe from there and experience the full dynamic of using QR codes. The subscription plans are not only meant for business; they are priced very flexibly so that literally every business could afford to benefit from our service.
Why choose us?
ViralQR will provide services for marketing, advertising, catering, retail, and the like. The QR codes can be posted on fliers, packaging, merchandise, and banners, as well as to substitute for cash and cards in a restaurant or coffee shop. With QR codes integrated into your business, improve customer engagement and streamline operations.
Comprehensive Analytics
Subscribers of ViralQR receive detailed analytics and tracking tools in light of having a view of the core values of QR code performance. Our analytics dashboard shows aggregate views and unique views, as well as detailed information about each impression, including time, device, browser, and estimated location by city and country.
So, thank you for choosing ViralQR; we have an offer of nothing but the best in terms of QR code services to meet business diversity!
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
3. Your
speakers
today
3
Nick
Bilogorskiy
Director
of
Security
Research
Anthony
James
VP
of
Marke5ng
and
Products
4. Agenda
o Inside
Cyphort
Labs
o Target®
breach
overview
and
1meline
o Dissec1ng
the
malware
o Lessons
learned
o Wrap-‐up
and
Q&A
o Sign-‐up
to
receive
your
free
t-‐shirt
4
Cyphort
Labs
T-‐shirt
5. We
work
with
the
security
ecosystem
•••••
Contribute
to
and
learn
from
malware
KB
We
enhance
malware
detec1on
accuracy
•••••
False
posi1ves/nega1ves
•••••
Deep-‐dive
research
Global
malware
research
team
•••••
24X7
monitoring
for
malware
events
About
Cyphort
Labs
5
6. Cyphort
Labs
Stats
6
50
million
files
analyzed
daily
10,000+
malware
samples
received
daily
Signatures
are
created
for
all
malware
7. A
day
in
life
of
a
malware
researcher
7
Help
Customers
Advise
Cyphort
Security
Team
Share
Threat
Intelligence
Security
News
Research
Review
Cyphort
Reports
Reverse
Engineer
Samples
8. Target
Breach
Introduc1on
8
What
The…
Happened?
o Data
breach
at
Target
Stores
o Affected
110
million
credit
cards
o Data
sold
in
underground
market
Catastrophic
Impact
o Cost
to
Target
~$420
Million
o CIO
resignaIon
o Massive
security
overhaul
at
Target
9. How
Did
The
Breach
Happen?
o U1lity
contractor’s
Target
creden1als
compromised
o Hackers
accessed
the
Target
network
o Uploaded
malware
to
a
few
POS
systems
o Tested
malware
efficacy
and
uploaded
to
the
majority
of
POS
systems
o Data
drop
loca1ons
across
the
world
9
Login
from
the
HVAC
contractor
Target’s
POS
updater
server
Target’s
internal
server
with
fileshare
Credit
card
info
transfer
to
internal
fileshare
Card
info
infiltra1on
using
FTP
to
external
drop
loca1on
Point
of
sale
network
Compromised
drop
loca1ons
10. Poll
ques1on
How
do
you
think
the
HVAC
contractor’s
creden1al’s
were
compromised?
A) Phishing
B) Keylogger
malware
C) Password
them
11. Target:
The
Breach
Timeline
11
Nov.
27
-‐
Dec.
15
2013
Dec
.
18-‐19
2013
Dec.
18
2013
Dec.
27
2013
Jan.
10
2014
Feb.
6
2014
Mar.
5
2014
Target
reports
70
M
addi1onal
accounts
compromised
Reported
that
HVAC
vendor’s
creden1als
involved
Target
CIO
resigns
Reported
that
encryp1on
PIN
number
also
stolen
Target
admits
the
breach
Reports
of
several
retailers
POS
affected
Data
breach
at
Target;
Millions
of
accounts
exposed
12. What
is
BlackPOS/Potato?
o Malware
is
a
modified
version
of
BlackPos
or
Kaptoxa
(Russian
for
Potato).
It
runs
on
point
of
sale
terminals
and
scans
memory
for
credit
card
data.
o First
samples
of
this
malware
date
back
to
Jan
2013
and
were
coded
by
Rinat
Shibaev
aka
“ree4”,
aka
“An1Killer”
from
Russia.
o Malware
was
sold
by
An1killer
on
hacker
forum.
However
An1killer
is
not
directly
involved
in
the
Target
breach.
12
Malware
on
sale
ree4
13. Who
wrote
BlackPOS/Potato?
o The
suspect
in
the
breach
is
a
person
called
“Rescator”
aka
“Hel”.
He
is
part
of
a
larger
hacker
network
called
“Lampeduza
Republic”
o Rescator
sold
the
stolen
Target
card
info
in
bulk
in
underground
markets
at
a
price
of
$20-‐45
per
card.
o Brian
Krebs
named
Andrey
Hodirevski
from
Ukraine
as
Rescator.
13
Hel
14. Malware
Workflow
14
1.
Infect
System
o Adds
to
autostart
via
service
o Download
and
run
memory
scraper
2.
Steal
Info
o Use
memory
scraping
to
find
credit
card
data
o Output
to
a
file
locally
o Send
the
dump
file
to
exfiltra1on
server
via
SMB
3.
Exfiltrate
Info
o Periodically
scan
winxml.dll
for
updates
o Upload
informa1on
to
the
FTP
server
15. Dissec1ng
the
malware
15
o This
malware
had
2
modules:
o Mmon
module
–
is
used
for
scanning
the
memory
of
the
POS
machine
,
extract
credit
card
numbers
and
dump
them
to
a
file,
then
send
them
to
another
compromised
system
inside
Target’s
network
via
network
share
o Bladelogic
Uploader
module
–
is
used
to
upload
those
dumps
into
an
mp
server.
17. Dissec1ng
the
malware
o Mmon
module
will
specifically
look
for
a
process
named
“pos.exe”
which
is
the
process
name
of
Target
applica1on.
It
will
walk
through
the
memory
of
the
said
process
and
save
the
dumps
into
a
file
%system%
winxml.dll
o It
also
creates
a
thread
that
will
upload
the
stolen
informa1on
to
another
compromised
system
within
Target’s
network
using
a
network
share
with
the
following
creden1als:
o hostname:
10.116.240.31
o username:
wcopscli3acsBest1_user
o password:
BackupU$r
o Amerwards,
it
deletes
the
mapping
of
the
drive
to
avoid
detecIon.
17
18. Dissec1ng
the
malware
o Bladelogic
uploader
-‐
Register
itself
as
a
service
named
“bladelogic”
o Bladelogic
name
is
used
for
obfuscaIon
here,
it
implies
connec1on
with
BMC
Bladelogic
-‐
a
data
center
automa1on
somware
o Uploads
the
stolen
informa1on
to
an
mp
server
in
Los
Angeles:
o Server:
199.188.204.182.
o username:
digitalw
o password:
Crysis1089
18
19. Dissec1ng
the
malware
o Both
the
mmon
module
and
the
uploader
were
coded
to
only
exfiltrate
card
data
between
the
hours
of
10
AM
and
5
PM.
o The
awackers
wanted
their
exfiltra1on
to
look
like
normal
every
day
network
traffic.
They
tried
to
avoid
detec1on
by
blending
it
with
the
noise
of
the
high
ac1vity
1me
of
day.
19
20. Dissec1ng
the
malware
o Both
of
the
modules
of
malware
used
in
this
awack
were
not
caught
by
an1-‐virus.
These
tools
were
custom
wriwen
to
avoid
signature
detec1on.
o Awackers
downloaded
the
data
from
the
Los
Angeles
FTP
server
into
their
virtual
private
server
located
in
Russia
over
the
period
of
2
weeks.
o This
awack
was
complex.
It
demonstrates
how
determined
awackers
can
maneuver
around
security
controls
to
gain
access
to
what
they
want.
20
21. Key
lessons
from
the
breach
-‐
1
o It
is
not
sufficient
to
monitor
the
egress
point
for
threats
o Need
to
go
deep
and
wide
in
the
network
21
22. Poll
ques1on
Target
admiwed
they
ignored
the
alert
from
their
network
security
device.
What
do
you
think
the
reason
for
that
was?
A) Alert
overload
from
various
security
devices
B) No
common
understanding
of
risk
across
the
teams
C) Negligence
23. Key
lessons
from
the
breach
-‐
2
o More
alerts
don’t
necessarily
contribute
to
enhanced
security
o Automate
correla1on
of
alerts
and
local
context
to
assign
risk
ranking
o Have
SLAs
in
place
for
taking
ac1on
on
threats
above
risk
threshold
23
24. Key
lessons
from
the
breach
-‐
3
o All
networks,
assets
and
users
are
not
equal
o Segment
and
categorize
o Networks
o Users
o Assets
o Priori1ze
ac1on
based
on
overall
risk
24
25. Q
and
A
25
o Informa1on
sharing
and
advanced
threats
resources
o Blogs
on
latest
threats
and
findings
o Tools
for
iden1fying
malware