SlideShare a Scribd company logo

The Year the Internet Fell Apart

IBM Security
IBM Security
Technology
1 of 21
Download to read offline
© 2015 IBM Corporation 2014 The Year the Internet Fell Apart
© 2015 IBM Corporation The Year the Internet Fell Apart John Kuhn Senior Threat Researcher IBM Security
Records Lost Per Industry Retail/Merchant Medical Providers Government and Military Educational Institutions Financial Services Other Nonprofit Organizations Breaches Per Industry Other Financial and Insurance Services Retail/Merchant Government and Military Medical Providers Educational Institutions Nonprofit Organizations 0 50000000 10000000 15000000 20000000 25000000 30000000 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 Total Records Lost Per Year Good News First…. 2 0 100 200 300 400 500 600 700 800 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 Number of Breaches Per year Records Lost Per Industry Retail/Merchant Medical Providers Government and Military Educational Institutions Financial and Insurance Services Other Nonprofit Organizations Data: http://www.privacyrights.org/data-breach
HeartBleed – Summary of Impact • CVE-2014-0160 - OpenSSL • Improper handling of Heartbeat extension packets resulting in potential dataloss. • The bug was introduced December 31, 2011 • Discovered on March 21, 2014 and made public on April 4th • IBM Managed Security Services Statistics 2014 • Over 4 Million detected attacks • Affected all industries • Raised the Alertcon to level 2 3 Logo: Heartblead.com
0 50000 100000 150000 200000 250000 300000 350000 4/10/2014 4/14/2014 4/18/2014 4/22/2014 4/26/2014 4/30/2014 5/4/2014 5/8/2014 5/12/2014 5/16/2014 5/20/2014 5/24/2014 5/28/2014 6/1/2014 6/5/2014 6/9/2014 6/13/2014 6/17/2014 6/21/2014 6/25/2014 6/29/2014 7/3/2014 7/7/2014 7/11/2014 7/15/2014 7/19/2014 7/23/2014 7/27/2014 7/31/2014 8/4/2014 8/8/2014 8/12/2014 8/16/2014 8/20/2014 8/24/2014 8/28/2014 9/1/2014 9/5/2014 9/9/2014 9/13/2014 9/17/2014 9/21/2014 9/25/2014 9/29/2014 10/3/2014 10/7/2014 10/11/2014 10/15/2014 10/19/2014 10/23/2014 10/27/2014 10/31/2014 11/4/2014 11/8/2014 11/12/2014 11/16/2014 11/20/2014 11/24/2014 11/28/2014 12/2/2014 12/6/2014 12/10/2014 12/14/2014 12/18/2014 12/22/2014 12/26/2014 12/30/2014 HeartBleed Top 5 Targets United States Japan France Australia Canada Top 5 Attackers United States Switzerland Netherlands Ukraine Japan HeartBleed By The Numbers 4
ShellShock – Summary of Impact • CVE-2014-7169 – Bash Shell • Improper handling environment variables resulting in remote command execution. • The bug was introduced September, 1989 • Discovered on September 9, 2014 and made public on September 24 • IBM Managed Security Services Statistics 2014 • Over 14 Million detected attacks • Affected all industries • Raised the Alertcon to level 3 5 Logo: Symantec.com
0 200000 400000 600000 800000 1000000 1200000 9/26/2014 9/28/2014 9/30/2014 10/2/2014 10/4/2014 10/6/2014 10/8/2014 10/10/2014 10/12/2014 10/14/2014 10/16/2014 10/18/2014 10/20/2014 10/22/2014 10/24/2014 10/26/2014 10/28/2014 10/30/2014 11/1/2014 11/3/2014 11/5/2014 11/7/2014 11/9/2014 11/11/2014 11/13/2014 11/15/2014 11/17/2014 11/19/2014 11/21/2014 11/23/2014 11/25/2014 11/27/2014 11/29/2014 12/1/2014 12/3/2014 12/5/2014 12/7/2014 12/9/2014 12/11/2014 12/13/2014 12/15/2014 12/17/2014 12/19/2014 12/21/2014 12/23/2014 12/25/2014 12/27/2014 12/29/2014 12/31/2014 ShellShock Top 5 Attackers United States Brazil Lithuania China Germany ShellShock Geo-Attack Data 6 Top 5 Targets United States Japan Canada France Australia
0 200000 400000 600000 800000 1000000 1200000 4/10/2014 4/15/2014 4/20/2014 4/25/2014 4/30/2014 5/5/2014 5/10/2014 5/15/2014 5/20/2014 5/25/2014 5/30/2014 6/4/2014 6/9/2014 6/14/2014 6/19/2014 6/24/2014 6/29/2014 7/4/2014 7/9/2014 7/14/2014 7/19/2014 7/24/2014 7/29/2014 8/3/2014 8/8/2014 8/13/2014 8/18/2014 8/23/2014 8/28/2014 9/2/2014 9/7/2014 9/12/2014 9/17/2014 9/22/2014 9/27/2014 10/2/2014 10/7/2014 10/12/2014 10/17/2014 10/22/2014 10/27/2014 11/1/2014 11/6/2014 11/11/2014 11/16/2014 11/21/2014 11/26/2014 12/1/2014 12/6/2014 12/11/2014 12/16/2014 12/21/2014 12/26/2014 12/31/2014 HeartBleed ShellShock HeartBleed vs ShellShock - 2014 7
© 2015 IBM Corporation The Year the Internet Fell Apart Alain-Désiré Kamenyero Sr. Manager, Cyber Security Services Scotiabank
History of the Internet 9 The ARPANET was the first wide area packet switching network, the "Eve" network of what has evolved into the Internet we know and love today. “Everything was built with performance, NOT SECURITY, in mind”, Dr. Shrobe said. “We left it to programmers to incorporate security into every line of code they wrote. One little mistake is all it takes for the bad guy to get in.”
Fast forward in 2014, Year the Internet Fell Apart. 10 The Vulnerabilities Explained The OpenSSL project was founded in 1998 to invent a FREE set of encryption tools for the code used on the Internet.  2/3 world’s webservers use OpenSSL  Vulnerability age: 2 1/2 Years  Relative ease of exploitation  Remote execution  OpenSource Heartbleed April 4th, 2014 logo: vpnexpress.net Bash is a Unix shell written by Brian Fox in 1989 for the GNU Project as a FREE software replacement for the Bourne shell.  70% of devices that access the internet  Vulnerability age: 26 Years  Arbitrary commands execution  Rated 10 on a 10-point severity scale  OpenSource Shellshock September 24th, 2014 logo: heartbleed.com
11 Major Vulnerabilities, a New Norm 11 1887 1492 1488 1612 1705 0 500 1000 1500 2000 2010 2011 2012 2013 2014 High Severity Vulnerabilities 2009 - 2014 8% 68% 24% High Severity Vulnerabilities 2014 Low Medium High 0 1500 3000 4500 6000 7500 2009 2010 2011 2012 2013 2014 # of Vulnerabilities 7,038 new security vulnerabilities were added to the NVD database in 2014. This means an average of 19 new vulnerabilities per day.
Planning For The Future 12 • Reliable and refreshed Inventory • Keep up with threat intelligence • Implement mitigating controls • Create and practice a broad Incident Response Plan  Fast track threat intelligence in security controls  Pro active threat analysis  Security posture awareness  Better communication to stock holders Gartner, FBI, NSA, and AV companies have conditioned us to always assume there are “rats in the attic” … We should be Ready and Prepared
© 2015 IBM Corporation UNICORN (CVE-2014-6332) Robert Freeman Manager, IBM X-Force Research
Impact and what was affected • Every version of Internet Explorer since 3.0 on any Windows OS from 95 or later • Originally part of code written for Microsoft Excel 20-some years ago • Allows remote code execution via a data-only attack, which bypasses security controls meant to prevent remote code execution from memory corruption bugs • Can circumvent Enhanced Protection Model sandbox in IE 10/11 • Can circumvent Microsoft EMET anti-exploitation tool • Vulnerability details: • X-Force Database Entry: 93141 • CVE Entry: CVE-2014-6332 CVSS Base Score 9.3
How the vulnerability works – High level A serial action is needed to exploit the vulnerability, ultimately resulting in “free reign” allowing data exfiltration. A bad actor takes advantage of a hand-off process in VBScript execution within IE to resize a memory request The resize permits a data attack leveraging the memory leak A subsequent memory overwrite makes the script engine believe it’s running in a trusted environment 1 2 3
How the vulnerability works - Technical • In VBScript, the COM SafeArrays have a fixed element size (16 bytes) with a WORD specification for variant type • Typically, through this WORD you can only control 8 bytes of this data through the Variant type (for Double values or Currency values) • The vulnerability allows for in-place resizing of these arrays through a “redim preserve” command • SafeArrayRedim() will swap out the old array size with the newly requested size • The re-dimension task is farmed to OleAut32.dll • If the size request isn’t reset before returning to from OleAut32.dll, it can allow for a request for data beyond the intended range, which is the same as a memory leak. Exploitation could have been prevented if VBScript invalidated the “On Error Resume Next” when OleAut32 returns with an error • Exploit will take advantage of the difference in the alignment of the arrays (16 bytes) and alignment of the Windows heap (8 bytes). This provides two important opportunities: • Change the data type in an element of an adjacent array • Reading that content back through the original array reference. As a result, an attacker can request object execution by running unsafe COM objects like ActiveX with arbitrary parameters These possibilities permit a data attack that leverages a memory leak leading to the VBScript class object instance AND Subsequent memory overwrite lead the script engine to believe that it is running in a trusted environment.
What can be gained • Exploiting the vulnerability causes various memory leaks in Microsoft IE, one of which relates to the internal data structure for Visual Basic. • By exploiting, attackers can: • Conduct reliable code execution for COM objects • Exfiltrate data exfiltration straight out of IE • Install of additional malware on the system • This can be exploited similar to a technique used by Yang Yu, called the “Vital Point Strike” presented at the BlackHat 2014 session “Write Once, Pwn Anywhere”. • Scripts can complete the same job as shellcode. • The script interpreter engine in IE can execute malicious scripts as long as they have an elevated privilege.
Notices and Disclaimers Copyright © 2015 by International Business Machines Corporation (IBM). No part of this document may be reproduced or transmitted in any form without written permission from IBM. U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM. Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. THIS DOCUMENT IS DISTRIBUTED "AS IS" WITHOUT ANY WARRANTY, EITHER EXPRESS OR IMPLIED. IN NO EVENT SHALL IBM BE LIABLE FOR ANY DAMAGE ARISING FROM THE USE OF THIS INFORMATION, INCLUDING BUT NOT LIMITED TO, LOSS OF DATA, BUSINESS INTERRUPTION, LOSS OF PROFIT OR LOSS OF OPPORTUNITY. IBM products and services are warranted according to the terms and conditions of the agreements under which they are provided. Any statements regarding IBM's future direction, intent or product plans are subject to change or withdrawal without notice. Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary. References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business. Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation. It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law.
Notices and Disclaimers (con’t) Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products in connection with this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to interoperate with IBM’s products. IBM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property right. • IBM, the IBM logo, ibm.com, Bluemix, Blueworks Live, CICS, Clearcase, DOORS®, Enterprise Document Management System™, Global Business Services ®, Global Technology Services ®, Information on Demand, ILOG, Maximo®, MQIntegrator®, MQSeries®, Netcool®, OMEGAMON, OpenPower, PureAnalytics™, PureApplication®, pureCluster™, PureCoverage®, PureData®, PureExperience®, PureFlex®, pureQuery®, pureScale®, PureSystems®, QRadar®, Rational®, Rhapsody®, SoDA, SPSS, StoredIQ, Tivoli®, Trusteer®, urban{code}®, Watson, WebSphere®, Worklight®, X-Force® and System z® Z/OS, are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at: www.ibm.com/legal/copytrade.shtml.
Thank You Your Feedback is Important! Access the InterConnect 2015 Conference CONNECT Attendee Portal to complete your session surveys from your smartphone, laptop or conference kiosk.

Recommended

Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud ApplicationsIBM Security
 
IBM Security Portfolio - 2015
IBM Security Portfolio - 2015IBM Security Portfolio - 2015
IBM Security Portfolio - 2015IBM Thailand Co Ltd
 
Msft cloud architecture_security_commonattacks
Msft cloud architecture_security_commonattacksMsft cloud architecture_security_commonattacks
Msft cloud architecture_security_commonattacksAkram Qureshi
 
7 Ways to Stay 7 Years Ahead of the Threat
7 Ways to Stay 7 Years Ahead of the Threat7 Ways to Stay 7 Years Ahead of the Threat
7 Ways to Stay 7 Years Ahead of the ThreatIBM Security
 
IBM Security - 2015 - Client References Guide
IBM Security - 2015 - Client References GuideIBM Security - 2015 - Client References Guide
IBM Security - 2015 - Client References GuideFrancisco González Jiménez
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016IBM Security
 
Security as a Service with Microsoft Presented by Razor Technology
Security as a Service with Microsoft Presented by Razor TechnologySecurity as a Service with Microsoft Presented by Razor Technology
Security as a Service with Microsoft Presented by Razor TechnologyDavid J Rosenthal
 
IT Security As A Service
IT Security As A ServiceIT Security As A Service
IT Security As A ServiceMichael Davis
 

Recommended

Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud ApplicationsIBM Security
 
IBM Security Portfolio - 2015
IBM Security Portfolio - 2015IBM Security Portfolio - 2015
IBM Security Portfolio - 2015IBM Thailand Co Ltd
 
Msft cloud architecture_security_commonattacks
Msft cloud architecture_security_commonattacksMsft cloud architecture_security_commonattacks
Msft cloud architecture_security_commonattacksAkram Qureshi
 
7 Ways to Stay 7 Years Ahead of the Threat
7 Ways to Stay 7 Years Ahead of the Threat7 Ways to Stay 7 Years Ahead of the Threat
7 Ways to Stay 7 Years Ahead of the ThreatIBM Security
 
IBM Security - 2015 - Client References Guide
IBM Security - 2015 - Client References GuideIBM Security - 2015 - Client References Guide
IBM Security - 2015 - Client References GuideFrancisco González Jiménez
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016IBM Security
 
Security as a Service with Microsoft Presented by Razor Technology
Security as a Service with Microsoft Presented by Razor TechnologySecurity as a Service with Microsoft Presented by Razor Technology
Security as a Service with Microsoft Presented by Razor TechnologyDavid J Rosenthal
 
IT Security As A Service
IT Security As A ServiceIT Security As A Service
IT Security As A ServiceMichael Davis
 
SD-WAN - comSpark 2019
SD-WAN - comSpark 2019SD-WAN - comSpark 2019
SD-WAN - comSpark 2019Advanced Technology Consulting (ATC)
 
3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AAD3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AADAndrew Bettany
 
IBM Security Immune System
IBM Security Immune SystemIBM Security Immune System
IBM Security Immune SystemJuan Pablo Coelho
 
MDM is not Enough - Parmelee
MDM is not Enough - Parmelee MDM is not Enough - Parmelee
MDM is not Enough - Parmelee Prolifics
 
Extend Your Market Reach with IBM Security QRadar for MSPs
Extend Your Market Reach with IBM Security QRadar for MSPsExtend Your Market Reach with IBM Security QRadar for MSPs
Extend Your Market Reach with IBM Security QRadar for MSPsIBM Security
 
Get Ahead of Cyber Attacks with Microsoft Enterprise Mobility + Security
Get Ahead of Cyber Attacks with Microsoft Enterprise Mobility + SecurityGet Ahead of Cyber Attacks with Microsoft Enterprise Mobility + Security
Get Ahead of Cyber Attacks with Microsoft Enterprise Mobility + SecurityDavid J Rosenthal
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security GovernanceShankar Subramaniyan
 
Zero Trust Networks
Zero Trust NetworksZero Trust Networks
Zero Trust NetworksPractical Code, LLC
 
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...PlatformSecurityManagement
 
IBM MaaS360 with watson
IBM MaaS360 with watsonIBM MaaS360 with watson
IBM MaaS360 with watsonPrime Infoserv
 
IBM Security Software Solutions
IBM Security Software Solutions IBM Security Software Solutions
IBM Security Software Solutions Thierry Matusiak
 
Ibm security products portfolio
Ibm security products portfolioIbm security products portfolio
Ibm security products portfolioPatrick Bouillaud
 
how to secure web applications with owasp - isaca sep 2009 - for distribution
how to secure web applications with owasp - isaca sep 2009 - for distributionhow to secure web applications with owasp - isaca sep 2009 - for distribution
how to secure web applications with owasp - isaca sep 2009 - for distributionSantosh Satam
 
Empower Enterprise Mobility- Maximize Mobile Control- Presented by Atidan
Empower Enterprise Mobility- Maximize Mobile Control- Presented by AtidanEmpower Enterprise Mobility- Maximize Mobile Control- Presented by Atidan
Empower Enterprise Mobility- Maximize Mobile Control- Presented by AtidanDavid J Rosenthal
 
Microsoft Enterprise Mobility and Security Launch - August 5-2015 - Atidan
Microsoft Enterprise Mobility and Security Launch - August 5-2015 - AtidanMicrosoft Enterprise Mobility and Security Launch - August 5-2015 - Atidan
Microsoft Enterprise Mobility and Security Launch - August 5-2015 - AtidanDavid J Rosenthal
 
IBM Security Software Solutions - Powerpoint
IBM Security Software Solutions - Powerpoint IBM Security Software Solutions - Powerpoint
IBM Security Software Solutions - PowerpointThierry Matusiak
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBsJyothi Satyanathan
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A Serviceguest536dd0e
 
Microsoft Enterprise Mobility and Security EMS
Microsoft Enterprise Mobility and Security EMSMicrosoft Enterprise Mobility and Security EMS
Microsoft Enterprise Mobility and Security EMSDavid J Rosenthal
 
Qradar Business Case
Qradar Business CaseQradar Business Case
Qradar Business CaseEnterprise Technology Management (ETM)
 
The EternalBlue Exploit: how it works and affects systems
The EternalBlue Exploit: how it works and affects systemsThe EternalBlue Exploit: how it works and affects systems
The EternalBlue Exploit: how it works and affects systemsAndrea Bissoli
 
Web Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsWeb Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsAlan Kan
 

More Related Content

What's hot

3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AAD3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AADAndrew Bettany
 
MDM is not Enough - Parmelee
MDM is not Enough - Parmelee MDM is not Enough - Parmelee
MDM is not Enough - Parmelee Prolifics
 
Extend Your Market Reach with IBM Security QRadar for MSPs
Extend Your Market Reach with IBM Security QRadar for MSPsExtend Your Market Reach with IBM Security QRadar for MSPs
Extend Your Market Reach with IBM Security QRadar for MSPsIBM Security
 
Get Ahead of Cyber Attacks with Microsoft Enterprise Mobility + Security
Get Ahead of Cyber Attacks with Microsoft Enterprise Mobility + SecurityGet Ahead of Cyber Attacks with Microsoft Enterprise Mobility + Security
Get Ahead of Cyber Attacks with Microsoft Enterprise Mobility + SecurityDavid J Rosenthal
 
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...PlatformSecurityManagement
 
IBM MaaS360 with watson
IBM MaaS360 with watsonIBM MaaS360 with watson
IBM MaaS360 with watsonPrime Infoserv
 
IBM Security Software Solutions
IBM Security Software Solutions IBM Security Software Solutions
IBM Security Software Solutions Thierry Matusiak
 
Ibm security products portfolio
Ibm security products portfolioIbm security products portfolio
Ibm security products portfolioPatrick Bouillaud
 
how to secure web applications with owasp - isaca sep 2009 - for distribution
how to secure web applications with owasp - isaca sep 2009 - for distributionhow to secure web applications with owasp - isaca sep 2009 - for distribution
how to secure web applications with owasp - isaca sep 2009 - for distributionSantosh Satam
 
Empower Enterprise Mobility- Maximize Mobile Control- Presented by Atidan
Empower Enterprise Mobility- Maximize Mobile Control- Presented by AtidanEmpower Enterprise Mobility- Maximize Mobile Control- Presented by Atidan
Empower Enterprise Mobility- Maximize Mobile Control- Presented by AtidanDavid J Rosenthal
 
Microsoft Enterprise Mobility and Security Launch - August 5-2015 - Atidan
Microsoft Enterprise Mobility and Security Launch - August 5-2015 - AtidanMicrosoft Enterprise Mobility and Security Launch - August 5-2015 - Atidan
Microsoft Enterprise Mobility and Security Launch - August 5-2015 - AtidanDavid J Rosenthal
 
IBM Security Software Solutions - Powerpoint
IBM Security Software Solutions - Powerpoint IBM Security Software Solutions - Powerpoint
IBM Security Software Solutions - PowerpointThierry Matusiak
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBsJyothi Satyanathan
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A Serviceguest536dd0e
 
Microsoft Enterprise Mobility and Security EMS
Microsoft Enterprise Mobility and Security EMSMicrosoft Enterprise Mobility and Security EMS
Microsoft Enterprise Mobility and Security EMSDavid J Rosenthal
 

What's hot (20)

SD-WAN - comSpark 2019
SD-WAN - comSpark 2019SD-WAN - comSpark 2019
SD-WAN - comSpark 2019
 
3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AAD3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AAD
 
IBM Security Immune System
IBM Security Immune SystemIBM Security Immune System
IBM Security Immune System
 
MDM is not Enough - Parmelee
MDM is not Enough - Parmelee MDM is not Enough - Parmelee
MDM is not Enough - Parmelee
 
Extend Your Market Reach with IBM Security QRadar for MSPs
Extend Your Market Reach with IBM Security QRadar for MSPsExtend Your Market Reach with IBM Security QRadar for MSPs
Extend Your Market Reach with IBM Security QRadar for MSPs
 
Get Ahead of Cyber Attacks with Microsoft Enterprise Mobility + Security
Get Ahead of Cyber Attacks with Microsoft Enterprise Mobility + SecurityGet Ahead of Cyber Attacks with Microsoft Enterprise Mobility + Security
Get Ahead of Cyber Attacks with Microsoft Enterprise Mobility + Security
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security Governance
 
Zero Trust Networks
Zero Trust NetworksZero Trust Networks
Zero Trust Networks
 
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
 
IBM MaaS360 with watson
IBM MaaS360 with watsonIBM MaaS360 with watson
IBM MaaS360 with watson
 
IBM Security Software Solutions
IBM Security Software Solutions IBM Security Software Solutions
IBM Security Software Solutions
 
Ibm security products portfolio
Ibm security products portfolioIbm security products portfolio
Ibm security products portfolio
 
how to secure web applications with owasp - isaca sep 2009 - for distribution
how to secure web applications with owasp - isaca sep 2009 - for distributionhow to secure web applications with owasp - isaca sep 2009 - for distribution
how to secure web applications with owasp - isaca sep 2009 - for distribution
 
Empower Enterprise Mobility- Maximize Mobile Control- Presented by Atidan
Empower Enterprise Mobility- Maximize Mobile Control- Presented by AtidanEmpower Enterprise Mobility- Maximize Mobile Control- Presented by Atidan
Empower Enterprise Mobility- Maximize Mobile Control- Presented by Atidan
 
Microsoft Enterprise Mobility and Security Launch - August 5-2015 - Atidan
Microsoft Enterprise Mobility and Security Launch - August 5-2015 - AtidanMicrosoft Enterprise Mobility and Security Launch - August 5-2015 - Atidan
Microsoft Enterprise Mobility and Security Launch - August 5-2015 - Atidan
 
IBM Security Software Solutions - Powerpoint
IBM Security Software Solutions - Powerpoint IBM Security Software Solutions - Powerpoint
IBM Security Software Solutions - Powerpoint
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBs
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A Service
 
Microsoft Enterprise Mobility and Security EMS
Microsoft Enterprise Mobility and Security EMSMicrosoft Enterprise Mobility and Security EMS
Microsoft Enterprise Mobility and Security EMS
 
Qradar Business Case
Qradar Business CaseQradar Business Case
Qradar Business Case
 

Similar to The Year the Internet Fell Apart

The EternalBlue Exploit: how it works and affects systems
The EternalBlue Exploit: how it works and affects systemsThe EternalBlue Exploit: how it works and affects systems
The EternalBlue Exploit: how it works and affects systemsAndrea Bissoli
 
Web Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsWeb Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsAlan Kan
 
DEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.pptDEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.pptschwarz10
 
WEB APPLICATION SECURITY
WEB APPLICATION SECURITYWEB APPLICATION SECURITY
WEB APPLICATION SECURITYyashwanthlavu
 
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.pptKaukau9
 
Uncover What's Inside the Mind of a Hacker
Uncover What's Inside the Mind of a HackerUncover What's Inside the Mind of a Hacker
Uncover What's Inside the Mind of a HackerIBM Security
 
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_230 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_2Gaurav Srivastav
 
Best practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included featuresBest practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included featuresAlexander Benoit
 
Layer7-WebServices-Hacking-and-Hardening.pdf
Layer7-WebServices-Hacking-and-Hardening.pdfLayer7-WebServices-Hacking-and-Hardening.pdf
Layer7-WebServices-Hacking-and-Hardening.pdfdistortdistort
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelinesZakaria SMAHI
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network SecurityHarish Chaudhary
 
Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Laura Arrigo
 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...IBM Security
 
IBM Smarter Business 2012 - IBM Security: Threat landscape
IBM Smarter Business 2012 - IBM Security: Threat landscapeIBM Smarter Business 2012 - IBM Security: Threat landscape
IBM Smarter Business 2012 - IBM Security: Threat landscapeIBM Sverige
 
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...AI Frontiers
 
Palestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry morePalestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry moreBHack Conference
 
How to Detect a Cryptolocker Infection with AlienVault USM
How to Detect a Cryptolocker Infection with AlienVault USMHow to Detect a Cryptolocker Infection with AlienVault USM
How to Detect a Cryptolocker Infection with AlienVault USMAlienVault
 
2014CyberSecurityProject
2014CyberSecurityProject2014CyberSecurityProject
2014CyberSecurityProjectKaley Hair
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security PresentationSimplex
 

Similar to The Year the Internet Fell Apart (20)

The EternalBlue Exploit: how it works and affects systems
The EternalBlue Exploit: how it works and affects systemsThe EternalBlue Exploit: how it works and affects systems
The EternalBlue Exploit: how it works and affects systems
 
Web Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsWeb Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging Threats
 
DEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.pptDEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.ppt
 
WEB APPLICATION SECURITY
WEB APPLICATION SECURITYWEB APPLICATION SECURITY
WEB APPLICATION SECURITY
 
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
 
Uncover What's Inside the Mind of a Hacker
Uncover What's Inside the Mind of a HackerUncover What's Inside the Mind of a Hacker
Uncover What's Inside the Mind of a Hacker
 
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_230 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
 
Code protection
Code protectionCode protection
Code protection
 
Best practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included featuresBest practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included features
 
Layer7-WebServices-Hacking-and-Hardening.pdf
Layer7-WebServices-Hacking-and-Hardening.pdfLayer7-WebServices-Hacking-and-Hardening.pdf
Layer7-WebServices-Hacking-and-Hardening.pdf
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelines
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
 
Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12
 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
 
IBM Smarter Business 2012 - IBM Security: Threat landscape
IBM Smarter Business 2012 - IBM Security: Threat landscapeIBM Smarter Business 2012 - IBM Security: Threat landscape
IBM Smarter Business 2012 - IBM Security: Threat landscape
 
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
 
Palestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry morePalestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry more
 
How to Detect a Cryptolocker Infection with AlienVault USM
How to Detect a Cryptolocker Infection with AlienVault USMHow to Detect a Cryptolocker Infection with AlienVault USM
How to Detect a Cryptolocker Infection with AlienVault USM
 
2014CyberSecurityProject
2014CyberSecurityProject2014CyberSecurityProject
2014CyberSecurityProject
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security Presentation
 

More from IBM Security

Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsIBM Security
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...IBM Security
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...IBM Security
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIBM Security
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...IBM Security
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...IBM Security
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackIBM Security
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationIBM Security
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?IBM Security
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceIBM Security
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...IBM Security
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...IBM Security
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...IBM Security
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowIBM Security
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsIBM Security
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020IBM Security
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityIBM Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident ResponseIBM Security
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats IBM Security
 

More from IBM Security (20)

Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOps
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM Resilient
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon Black
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident Response
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats
 

Recently uploaded

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityVictorSzoltysek
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightSafe Software
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data SciencePaolo Missier
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfdanishmna97
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMKumar Satyam
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuidePixlogix Infotech
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceWSO2
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard37
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....rightmanforbloodline
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 

Recently uploaded (20)

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governance
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 

The Year the Internet Fell Apart

  • 1. © 2015 IBM Corporation 2014 The Year the Internet Fell Apart
  • 2. © 2015 IBM Corporation The Year the Internet Fell Apart John Kuhn Senior Threat Researcher IBM Security
  • 3. Records Lost Per Industry Retail/Merchant Medical Providers Government and Military Educational Institutions Financial Services Other Nonprofit Organizations Breaches Per Industry Other Financial and Insurance Services Retail/Merchant Government and Military Medical Providers Educational Institutions Nonprofit Organizations 0 50000000 10000000 15000000 20000000 25000000 30000000 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 Total Records Lost Per Year Good News First…. 2 0 100 200 300 400 500 600 700 800 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 Number of Breaches Per year Records Lost Per Industry Retail/Merchant Medical Providers Government and Military Educational Institutions Financial and Insurance Services Other Nonprofit Organizations Data: http://www.privacyrights.org/data-breach
  • 4. HeartBleed – Summary of Impact • CVE-2014-0160 - OpenSSL • Improper handling of Heartbeat extension packets resulting in potential dataloss. • The bug was introduced December 31, 2011 • Discovered on March 21, 2014 and made public on April 4th • IBM Managed Security Services Statistics 2014 • Over 4 Million detected attacks • Affected all industries • Raised the Alertcon to level 2 3 Logo: Heartblead.com
  • 5. 0 50000 100000 150000 200000 250000 300000 350000 4/10/2014 4/14/2014 4/18/2014 4/22/2014 4/26/2014 4/30/2014 5/4/2014 5/8/2014 5/12/2014 5/16/2014 5/20/2014 5/24/2014 5/28/2014 6/1/2014 6/5/2014 6/9/2014 6/13/2014 6/17/2014 6/21/2014 6/25/2014 6/29/2014 7/3/2014 7/7/2014 7/11/2014 7/15/2014 7/19/2014 7/23/2014 7/27/2014 7/31/2014 8/4/2014 8/8/2014 8/12/2014 8/16/2014 8/20/2014 8/24/2014 8/28/2014 9/1/2014 9/5/2014 9/9/2014 9/13/2014 9/17/2014 9/21/2014 9/25/2014 9/29/2014 10/3/2014 10/7/2014 10/11/2014 10/15/2014 10/19/2014 10/23/2014 10/27/2014 10/31/2014 11/4/2014 11/8/2014 11/12/2014 11/16/2014 11/20/2014 11/24/2014 11/28/2014 12/2/2014 12/6/2014 12/10/2014 12/14/2014 12/18/2014 12/22/2014 12/26/2014 12/30/2014 HeartBleed Top 5 Targets United States Japan France Australia Canada Top 5 Attackers United States Switzerland Netherlands Ukraine Japan HeartBleed By The Numbers 4
  • 6. ShellShock – Summary of Impact • CVE-2014-7169 – Bash Shell • Improper handling environment variables resulting in remote command execution. • The bug was introduced September, 1989 • Discovered on September 9, 2014 and made public on September 24 • IBM Managed Security Services Statistics 2014 • Over 14 Million detected attacks • Affected all industries • Raised the Alertcon to level 3 5 Logo: Symantec.com
  • 9. © 2015 IBM Corporation The Year the Internet Fell Apart Alain-Désiré Kamenyero Sr. Manager, Cyber Security Services Scotiabank
  • 10. History of the Internet 9 The ARPANET was the first wide area packet switching network, the "Eve" network of what has evolved into the Internet we know and love today. “Everything was built with performance, NOT SECURITY, in mind”, Dr. Shrobe said. “We left it to programmers to incorporate security into every line of code they wrote. One little mistake is all it takes for the bad guy to get in.”
  • 11. Fast forward in 2014, Year the Internet Fell Apart. 10 The Vulnerabilities Explained The OpenSSL project was founded in 1998 to invent a FREE set of encryption tools for the code used on the Internet.  2/3 world’s webservers use OpenSSL  Vulnerability age: 2 1/2 Years  Relative ease of exploitation  Remote execution  OpenSource Heartbleed April 4th, 2014 logo: vpnexpress.net Bash is a Unix shell written by Brian Fox in 1989 for the GNU Project as a FREE software replacement for the Bourne shell.  70% of devices that access the internet  Vulnerability age: 26 Years  Arbitrary commands execution  Rated 10 on a 10-point severity scale  OpenSource Shellshock September 24th, 2014 logo: heartbleed.com
  • 12. 11 Major Vulnerabilities, a New Norm 11 1887 1492 1488 1612 1705 0 500 1000 1500 2000 2010 2011 2012 2013 2014 High Severity Vulnerabilities 2009 - 2014 8% 68% 24% High Severity Vulnerabilities 2014 Low Medium High 0 1500 3000 4500 6000 7500 2009 2010 2011 2012 2013 2014 # of Vulnerabilities 7,038 new security vulnerabilities were added to the NVD database in 2014. This means an average of 19 new vulnerabilities per day.
  • 13. Planning For The Future 12 • Reliable and refreshed Inventory • Keep up with threat intelligence • Implement mitigating controls • Create and practice a broad Incident Response Plan  Fast track threat intelligence in security controls  Pro active threat analysis  Security posture awareness  Better communication to stock holders Gartner, FBI, NSA, and AV companies have conditioned us to always assume there are “rats in the attic” … We should be Ready and Prepared
  • 14. © 2015 IBM Corporation UNICORN (CVE-2014-6332) Robert Freeman Manager, IBM X-Force Research
  • 15. Impact and what was affected • Every version of Internet Explorer since 3.0 on any Windows OS from 95 or later • Originally part of code written for Microsoft Excel 20-some years ago • Allows remote code execution via a data-only attack, which bypasses security controls meant to prevent remote code execution from memory corruption bugs • Can circumvent Enhanced Protection Model sandbox in IE 10/11 • Can circumvent Microsoft EMET anti-exploitation tool • Vulnerability details: • X-Force Database Entry: 93141 • CVE Entry: CVE-2014-6332 CVSS Base Score 9.3
  • 16. How the vulnerability works – High level A serial action is needed to exploit the vulnerability, ultimately resulting in “free reign” allowing data exfiltration. A bad actor takes advantage of a hand-off process in VBScript execution within IE to resize a memory request The resize permits a data attack leveraging the memory leak A subsequent memory overwrite makes the script engine believe it’s running in a trusted environment 1 2 3
  • 17. How the vulnerability works - Technical • In VBScript, the COM SafeArrays have a fixed element size (16 bytes) with a WORD specification for variant type • Typically, through this WORD you can only control 8 bytes of this data through the Variant type (for Double values or Currency values) • The vulnerability allows for in-place resizing of these arrays through a “redim preserve” command • SafeArrayRedim() will swap out the old array size with the newly requested size • The re-dimension task is farmed to OleAut32.dll • If the size request isn’t reset before returning to from OleAut32.dll, it can allow for a request for data beyond the intended range, which is the same as a memory leak. Exploitation could have been prevented if VBScript invalidated the “On Error Resume Next” when OleAut32 returns with an error • Exploit will take advantage of the difference in the alignment of the arrays (16 bytes) and alignment of the Windows heap (8 bytes). This provides two important opportunities: • Change the data type in an element of an adjacent array • Reading that content back through the original array reference. As a result, an attacker can request object execution by running unsafe COM objects like ActiveX with arbitrary parameters These possibilities permit a data attack that leverages a memory leak leading to the VBScript class object instance AND Subsequent memory overwrite lead the script engine to believe that it is running in a trusted environment.
  • 18. What can be gained • Exploiting the vulnerability causes various memory leaks in Microsoft IE, one of which relates to the internal data structure for Visual Basic. • By exploiting, attackers can: • Conduct reliable code execution for COM objects • Exfiltrate data exfiltration straight out of IE • Install of additional malware on the system • This can be exploited similar to a technique used by Yang Yu, called the “Vital Point Strike” presented at the BlackHat 2014 session “Write Once, Pwn Anywhere”. • Scripts can complete the same job as shellcode. • The script interpreter engine in IE can execute malicious scripts as long as they have an elevated privilege.
  • 19. Notices and Disclaimers Copyright © 2015 by International Business Machines Corporation (IBM). No part of this document may be reproduced or transmitted in any form without written permission from IBM. U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM. Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. THIS DOCUMENT IS DISTRIBUTED "AS IS" WITHOUT ANY WARRANTY, EITHER EXPRESS OR IMPLIED. IN NO EVENT SHALL IBM BE LIABLE FOR ANY DAMAGE ARISING FROM THE USE OF THIS INFORMATION, INCLUDING BUT NOT LIMITED TO, LOSS OF DATA, BUSINESS INTERRUPTION, LOSS OF PROFIT OR LOSS OF OPPORTUNITY. IBM products and services are warranted according to the terms and conditions of the agreements under which they are provided. Any statements regarding IBM's future direction, intent or product plans are subject to change or withdrawal without notice. Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary. References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business. Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation. It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law.
  • 20. Notices and Disclaimers (con’t) Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products in connection with this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to interoperate with IBM’s products. IBM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property right. • IBM, the IBM logo, ibm.com, Bluemix, Blueworks Live, CICS, Clearcase, DOORS®, Enterprise Document Management System™, Global Business Services ®, Global Technology Services ®, Information on Demand, ILOG, Maximo®, MQIntegrator®, MQSeries®, Netcool®, OMEGAMON, OpenPower, PureAnalytics™, PureApplication®, pureCluster™, PureCoverage®, PureData®, PureExperience®, PureFlex®, pureQuery®, pureScale®, PureSystems®, QRadar®, Rational®, Rhapsody®, SoDA, SPSS, StoredIQ, Tivoli®, Trusteer®, urban{code}®, Watson, WebSphere®, Worklight®, X-Force® and System z® Z/OS, are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at: www.ibm.com/legal/copytrade.shtml.
  • 21. Thank You Your Feedback is Important! Access the InterConnect 2015 Conference CONNECT Attendee Portal to complete your session surveys from your smartphone, laptop or conference kiosk.