Topic: Threat Intelligence Ops In-Depth at Massive Enterprise
Source: Massive Data Analytic Session of ISC2019
Author: Jeremy Li of Meituan-Dianping Inc.
Discover advanced threats with threat intelligence - Jeremy LiJeremy Li
Jeremy Li presented on building private threat intelligence datasets and using them to discover advanced threats. He discussed researching attacker profiling, collecting security data from logs and sensors, and building an internal threat intelligence platform. Li then demonstrated analyzing native-based data, threat intelligence, and attacker profiles to investigate a potential database collision incident targeting the financial industry. The presentation provided examples of using threat intelligence to map out attacker techniques and identify suspicious IP addresses and domains.
Application of threat intelligence in security operationJeremy Li
This document discusses the application of threat intelligence in security operations. It describes how threat intelligence can be used at tactical, operational, and strategic levels to analyze security incidents and trace attacks back to their source. Specific examples are provided of how analyzing logs and security data using threat intelligence can help restore the attack scene and profile attackers. Threat intelligence is presented as a way to make defensive tactics more effective by determining attacks through infrastructure logs and tracing behaviors in security logs back to their origin.
Application of threat intelligence in security operation 2017-06-03Jun LI
This document discusses applying threat intelligence in security operations. It describes collecting data from various logs and security sensors to analyze attack events and restore attack scenes. Threat intelligence is used to trace attacks back to attackers by analyzing their behaviors, tools, and infrastructure using attributes extracted from security logs. Examples show how log analysis and threat intelligence can be used to identify vulnerabilities exploited by attackers, map out attack processes, and profile past behaviors to characterize attackers and inform defensive strategies.
Cybersecurity Incident Response Readiness: How to Find and Respond to Attacke...Infocyte
According to recent reports, nearly 1/3rd of all US Businesses experienced a cybersecurity related breach last year.
With hackers increasingly targeting US businesses and insiders mishandling or misusing their privileges and access, its' imperative that all organizations have incident response (IR) capabilities at the ready. We're talking about real capabilities that include: threat visibility, centralized logging, root cause analysis, and assessment.
While we can agree IR capabilities are important, most businesses do not and may never have on-staff responders or organized security operations - if you are one of these, this talk is for you.
In this talk, Chris explores the processes, procedures, and best practices surrounding Incident Response (IR) as it relates to cybersecurity: Finding, containing, investigating, and eliminating attackers from within your network.
Learn more about cyber threat hunting, incident response, and how a strong incident response process will help your organization stay better protected from cyber attackers.
This presentation, reviewing Cybersecurity Incident Response (IR) Readiness, was originally shared during the 2019 DataConnectors Houston Cybersecurity Conference.
Threat Hunting 101: Intro to Threat Detection and Incident ResponseInfocyte
Join Infocyte's Vice President of Customer and Partner Success, Chris Mills, for Threat Hunting 101: An intro to using Infocyte HUNT to detect, investigate, and respond to advanced persistent threats, file-less malware, and other sophisticated attacks.
Beyond these slides, please reference the video for additional insight and instruction on how to use our Threat Hunting and Incident Response platform.
"Cyberhunting" actively looks for signs of compromise within an organization and seeks to control and minimize the overall damage. These rare, but essential, breed of enterprise cyber defenders give proactive security a whole new meaning.
Check out the accompanying webinar: http://www.hosting.com/resources/webinars/?commid=228353
Threat hunting is a proactive approach to security that involves actively searching networks for threats that evade traditional defenses like firewalls and antivirus. It involves forming hypotheses about potential attacks based on indicators and then validating those hypotheses by searching for related evidence. While threat hunting requires time, skills, and resources that many organizations lack, Panda Security's Threat Hunting and Investigation Service (THIS) provides threat hunting as a managed service at no extra cost with their Adaptive Defense 360 platform. THIS continuously monitors endpoints, forms hypotheses about attacks, and validates findings to detect threats that other solutions may miss.
Discover advanced threats with threat intelligence - Jeremy LiJeremy Li
Jeremy Li presented on building private threat intelligence datasets and using them to discover advanced threats. He discussed researching attacker profiling, collecting security data from logs and sensors, and building an internal threat intelligence platform. Li then demonstrated analyzing native-based data, threat intelligence, and attacker profiles to investigate a potential database collision incident targeting the financial industry. The presentation provided examples of using threat intelligence to map out attacker techniques and identify suspicious IP addresses and domains.
Application of threat intelligence in security operationJeremy Li
This document discusses the application of threat intelligence in security operations. It describes how threat intelligence can be used at tactical, operational, and strategic levels to analyze security incidents and trace attacks back to their source. Specific examples are provided of how analyzing logs and security data using threat intelligence can help restore the attack scene and profile attackers. Threat intelligence is presented as a way to make defensive tactics more effective by determining attacks through infrastructure logs and tracing behaviors in security logs back to their origin.
Application of threat intelligence in security operation 2017-06-03Jun LI
This document discusses applying threat intelligence in security operations. It describes collecting data from various logs and security sensors to analyze attack events and restore attack scenes. Threat intelligence is used to trace attacks back to attackers by analyzing their behaviors, tools, and infrastructure using attributes extracted from security logs. Examples show how log analysis and threat intelligence can be used to identify vulnerabilities exploited by attackers, map out attack processes, and profile past behaviors to characterize attackers and inform defensive strategies.
Cybersecurity Incident Response Readiness: How to Find and Respond to Attacke...Infocyte
According to recent reports, nearly 1/3rd of all US Businesses experienced a cybersecurity related breach last year.
With hackers increasingly targeting US businesses and insiders mishandling or misusing their privileges and access, its' imperative that all organizations have incident response (IR) capabilities at the ready. We're talking about real capabilities that include: threat visibility, centralized logging, root cause analysis, and assessment.
While we can agree IR capabilities are important, most businesses do not and may never have on-staff responders or organized security operations - if you are one of these, this talk is for you.
In this talk, Chris explores the processes, procedures, and best practices surrounding Incident Response (IR) as it relates to cybersecurity: Finding, containing, investigating, and eliminating attackers from within your network.
Learn more about cyber threat hunting, incident response, and how a strong incident response process will help your organization stay better protected from cyber attackers.
This presentation, reviewing Cybersecurity Incident Response (IR) Readiness, was originally shared during the 2019 DataConnectors Houston Cybersecurity Conference.
Threat Hunting 101: Intro to Threat Detection and Incident ResponseInfocyte
Join Infocyte's Vice President of Customer and Partner Success, Chris Mills, for Threat Hunting 101: An intro to using Infocyte HUNT to detect, investigate, and respond to advanced persistent threats, file-less malware, and other sophisticated attacks.
Beyond these slides, please reference the video for additional insight and instruction on how to use our Threat Hunting and Incident Response platform.
"Cyberhunting" actively looks for signs of compromise within an organization and seeks to control and minimize the overall damage. These rare, but essential, breed of enterprise cyber defenders give proactive security a whole new meaning.
Check out the accompanying webinar: http://www.hosting.com/resources/webinars/?commid=228353
Threat hunting is a proactive approach to security that involves actively searching networks for threats that evade traditional defenses like firewalls and antivirus. It involves forming hypotheses about potential attacks based on indicators and then validating those hypotheses by searching for related evidence. While threat hunting requires time, skills, and resources that many organizations lack, Panda Security's Threat Hunting and Investigation Service (THIS) provides threat hunting as a managed service at no extra cost with their Adaptive Defense 360 platform. THIS continuously monitors endpoints, forms hypotheses about attacks, and validates findings to detect threats that other solutions may miss.
This document outlines an overview of intelligent threat hunting presented by Dhruv Majumdar. It discusses the basics of threat hunting, including that it is a proactive and iterative process to detect threats that evade existing security solutions. It provides a threat hunting recipe and describes important data sources and skills needed like host analysis, network analysis, and threat intelligence. It also walks through an attack scenario and things to look for at different stages of an attack lifecycle. Finally, it concludes with the growing demand for threat hunters and recommendations on how to get started with threat hunting.
In this brief presentation, Chris Gerritz (co-founder and CPO of Infocyte) shares insights on finding and responding to hidden attackers within your network.
Learn about cybersecurity incident response, forensic triage, and the differences between telemetry and protection.
This presentation originally took place at Check Point Software's 2019 CPX 360 conference in Las Vegas.
Threat hunting and achieving security maturityDNIF
The document discusses threat hunting techniques and achieving maturity in threat hunting programs. It introduces threat hunting and defines it as proactively searching networks to detect advanced threats. It then covers threat hunting maturity models ranging from initial to leading levels. Common threat hunting techniques like searching, clustering, grouping and stack counting are explained. The threat hunting loop process of creating hypotheses, investigating, uncovering patterns and informing analytics is also outlined. Finally, two practical threat hunting case studies on potential command and control activity and suspicious emails are described.
Building a Successful Threat Hunting ProgramCarl C. Manion
Understanding the key components necessary to build a successful threat hunting program starts with visibility, the appropriate tools and automation. Skilled, experienced analysts, engineers and incident responders with analytical minds who can apply concepts and approaches to a variety of different toolsets are also instrumental to the process. In this presentation, We'll describe and discuss some of the most common challenges, recommended best practices, and focus areas for achieving an effective threat hunting capability based on lessons learned over the past 15 years.
This document provides an overview of security operation centers (SOCs), security information and event management (SIEM) tools, threat hunting, and related concepts. It defines SOCs as facilities that monitor and analyze an organization's security posture using technology and processes. SIEM tools are listed that help with this. Threat hunting is described as investigating security incidents to uncover new tactics, techniques and procedures (TTPs) used by attackers. The Cyber Kill Chain model and common indicators used to detect compromises like IOCs and IOAs are also summarized.
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014Santiago Bassett
Threat Intelligence has become increasingly important as the number and severity of threats is growing continuously. We live in an era where our prevention technologies are not enough anymore, antivirus products fail to detect new or sophisticated pieces of malware, our firewalls and perimeter defenses are easily bypassed and the attacker’s techniques are growing in complexity. In this new landscape, sharing threat intelligence has become a key component to mitigate cyber-attacks.
In this session we will define what Threat Intelligence is and discuss how to collect and integrate threat intelligence from public sources. In addition, we’ll demonstrate how to build your own Threat Intelligence data using Open Source tools such as sandboxes, honeypots, sinkholes and other publicly available tools.
The industry’s reticence to share information about attack vectors gives the adversary a huge advantage. Using Threat Intelligence we can reduce this advantage and enable preventative response. We will guide you through the different standards (OpenIOC, STIX, MAEC, OTX, IODEF…) to describe and share cyber intelligence, as well as Open Source Frameworks such as CIF (Collective Intelligence Framework) that allows you to combine different threat sources.
One of the biggest problems with Threat Intelligence is finding out how to take advantage of the data you have to actually improve the detection/prevention capabilities in your environment. We will describe how to leverage Threat Intelligence to detect threats and provide defenses, and we will focus on how to use Open Source Tools (Suricata, OSSIM, OSSEC, Bro, Yara…) to get the most of your Threat Intelligence.
Presenters: Jaime Blasco and Santiago Bassett
Cornerstones of Trust 2014:
https://www.cornerstonesoftrust.com
Creating Your Own Threat Intel Through Hunting & VisualizationRaffael Marty
The security industry is talking a lot about threat intelligence; external information that a company can leverage to understand where potential threats are knocking on the door and might have already perpetrated the network boundaries. Conversations with many CERTs have shown that we have to stop relying on knowledge about how attacks have been conducted in the past and start 'hunting' for signs of compromises and anomalies in our own environments.
In this presentation we explore how the decade old field of security visualization has emerged. We show how we have applied advanced analytics and visualization to create our own threat intelligence and investigated lateral movement in a Fortune 50 company.
Visualization. Data science. No machine learning. But pretty pictures.
Here is a blog post I wrote a bit ago about the general theme of internal threat intelligence:
http://www.darkreading.com/analytics/creating-your-own-threat-intel-through-hunting-and-visualization/a/d-id/1321225?
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
In order to effectively defend your organization, you must think about the offensive strategy as well. But before we get ahead of ourselves let’s talk briefly about the building blocks of a good offense. First is an architecture that is built around a security policy that is aligned with the business risk. Risk must be understood and a cookie cutter approach must be avoided here because again every organization is different and so are their risks.
Threat hunting - Every day is hunting seasonBen Boyd
Breakout Presentation by Ben Boyd during the 2018 Nebraska Cybersecurity Conference.
Introduction to Threat Hunting and helpful steps for building a Threat Hunting Program of any size, from small to massive.
My slides for PHDays 2018 Threat Hunting Hands-On Lab - https://www.phdays.com/en/program/reports/build-your-own-threat-hunting-based-on-open-source-tools/
Virtual Machines for lab are available here - https://yadi.sk/d/qB1PNBj_3ViWHe
This presentation "Threat hunting on the wire" is part of a a series of courses on the subject of Threat Hunting. It covers command-line packet analysis, and network forensics.
SANS CTI Summit 2016 Borderless Threat IntelligenceJason Trost
This past year was the year of the data breach. Large and small organizations across every industry vertical were impacted by compromises that ranged from theft of PII, intellectual property, and financial information to publication of entire backend databases and email spools. The data from these breaches often wound up being exposed publicly, exchanged or sold on underground markets, or simply leveraged to breach other organizations. Many of these breaches have cascading effects due to the transitive nature of security that exists across many companies. Many companies rely on critical business partners, subsidiaries, and other organizations whose services are trusted. Also, due to password reuse customers accounts included in a 3rd party data dump could enable unauthorized access to another business's assets.
In this talk we outline through case studies several ways that Threat Intelligence is being used today to improve the security and awareness of organizations by monitoring "supply chain" partners, customers, and trusted 3rd parties. Specifically we will discuss brand monitoring, mass credential compromises, signs of infection/compromise, and signs of targeting and social networking data-mining. We will outline how organizations can effectively integrate this practice into their existing security programs.
This document summarizes an ethical hacking seminar that was presented. It discusses the following key points:
- Ethical hacking involves using the same tools and techniques as hackers but in a legal manner to test security vulnerabilities.
- The hacking process involves footprinting, scanning, gaining access, and maintaining access. Footprinting gathers information, scanning finds open ports and services, and gaining access exploits vulnerabilities.
- Ethical hackers are independent security professionals who evaluate systems without damaging them or stealing data. They find vulnerabilities and report them to owners.
- Skills needed for ethical hacking include knowledge of operating systems, firewalls, networking protocols, and project management. Understanding how hackers think is important to catch security
The document summarizes a presentation given by cybersecurity experts Ken Smith and Benjamin Brooks. It discusses the state of cyber attacks, the mindset of attackers, and the need for a paradigm shift in how organizations approach security. It then describes a fictional operation called "OatmealGhost" where the presenters carried out a penetration test against a target organization to demonstrate the attacker mindset and how easily networks can be breached.
The document provides an overview of honeypots and guidelines for setting up and running a research honeynet. It defines honeypots and differentiates between research and production honeypots. It outlines technical requirements for setting up a honeynet, including separating it from other networks, controlling data flow, and capturing data for analysis. It discusses insights that can be gained about attackers' tools and behaviors from observing compromised honeypots. Specifically, it notes the prevalence of script kiddies scanning for vulnerabilities and how they indicate inexperienced attackers may still pose risks if configurations are not secure.
Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016Danny Akacki
We can all agree that threat detection is an essential component of a functioning security monitoring program. Let's start thinking about how to take our tradecraft to the next level and hunt for ways for evil to do evil things. This talk will run through some of the observations gathered during hunting expeditions inside the networks of multiple Fortune ranked organizations. We hope to challenge you to expand your security operations, moving beyond traditional signature based detection.
Splunk Discovery Day Düsseldorf 2016 - Splunk für SecuritySplunk
Splunk Enterprise Security is an advanced security information and event management (SIEM) and security intelligence platform that allows organizations to monitor, detect, investigate, and respond to cyberattacks and threats. It provides risk-based analytics, security intelligence, continuous monitoring of security domains, and incident response capabilities through features like alerts and dashboards, pre-built searches, threat intelligence integration, and an investigation timeline. The platform helps connect data from various sources to gain security insights and identify unknown threats.
My Presentation on Career Opportunities in Cyber Security presented at the North Cap University during the course inauguration ceremony, where I talked about different career paths to get into the cyber security domain.
This document outlines an overview of intelligent threat hunting presented by Dhruv Majumdar. It discusses the basics of threat hunting, including that it is a proactive and iterative process to detect threats that evade existing security solutions. It provides a threat hunting recipe and describes important data sources and skills needed like host analysis, network analysis, and threat intelligence. It also walks through an attack scenario and things to look for at different stages of an attack lifecycle. Finally, it concludes with the growing demand for threat hunters and recommendations on how to get started with threat hunting.
In this brief presentation, Chris Gerritz (co-founder and CPO of Infocyte) shares insights on finding and responding to hidden attackers within your network.
Learn about cybersecurity incident response, forensic triage, and the differences between telemetry and protection.
This presentation originally took place at Check Point Software's 2019 CPX 360 conference in Las Vegas.
Threat hunting and achieving security maturityDNIF
The document discusses threat hunting techniques and achieving maturity in threat hunting programs. It introduces threat hunting and defines it as proactively searching networks to detect advanced threats. It then covers threat hunting maturity models ranging from initial to leading levels. Common threat hunting techniques like searching, clustering, grouping and stack counting are explained. The threat hunting loop process of creating hypotheses, investigating, uncovering patterns and informing analytics is also outlined. Finally, two practical threat hunting case studies on potential command and control activity and suspicious emails are described.
Building a Successful Threat Hunting ProgramCarl C. Manion
Understanding the key components necessary to build a successful threat hunting program starts with visibility, the appropriate tools and automation. Skilled, experienced analysts, engineers and incident responders with analytical minds who can apply concepts and approaches to a variety of different toolsets are also instrumental to the process. In this presentation, We'll describe and discuss some of the most common challenges, recommended best practices, and focus areas for achieving an effective threat hunting capability based on lessons learned over the past 15 years.
This document provides an overview of security operation centers (SOCs), security information and event management (SIEM) tools, threat hunting, and related concepts. It defines SOCs as facilities that monitor and analyze an organization's security posture using technology and processes. SIEM tools are listed that help with this. Threat hunting is described as investigating security incidents to uncover new tactics, techniques and procedures (TTPs) used by attackers. The Cyber Kill Chain model and common indicators used to detect compromises like IOCs and IOAs are also summarized.
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014Santiago Bassett
Threat Intelligence has become increasingly important as the number and severity of threats is growing continuously. We live in an era where our prevention technologies are not enough anymore, antivirus products fail to detect new or sophisticated pieces of malware, our firewalls and perimeter defenses are easily bypassed and the attacker’s techniques are growing in complexity. In this new landscape, sharing threat intelligence has become a key component to mitigate cyber-attacks.
In this session we will define what Threat Intelligence is and discuss how to collect and integrate threat intelligence from public sources. In addition, we’ll demonstrate how to build your own Threat Intelligence data using Open Source tools such as sandboxes, honeypots, sinkholes and other publicly available tools.
The industry’s reticence to share information about attack vectors gives the adversary a huge advantage. Using Threat Intelligence we can reduce this advantage and enable preventative response. We will guide you through the different standards (OpenIOC, STIX, MAEC, OTX, IODEF…) to describe and share cyber intelligence, as well as Open Source Frameworks such as CIF (Collective Intelligence Framework) that allows you to combine different threat sources.
One of the biggest problems with Threat Intelligence is finding out how to take advantage of the data you have to actually improve the detection/prevention capabilities in your environment. We will describe how to leverage Threat Intelligence to detect threats and provide defenses, and we will focus on how to use Open Source Tools (Suricata, OSSIM, OSSEC, Bro, Yara…) to get the most of your Threat Intelligence.
Presenters: Jaime Blasco and Santiago Bassett
Cornerstones of Trust 2014:
https://www.cornerstonesoftrust.com
Creating Your Own Threat Intel Through Hunting & VisualizationRaffael Marty
The security industry is talking a lot about threat intelligence; external information that a company can leverage to understand where potential threats are knocking on the door and might have already perpetrated the network boundaries. Conversations with many CERTs have shown that we have to stop relying on knowledge about how attacks have been conducted in the past and start 'hunting' for signs of compromises and anomalies in our own environments.
In this presentation we explore how the decade old field of security visualization has emerged. We show how we have applied advanced analytics and visualization to create our own threat intelligence and investigated lateral movement in a Fortune 50 company.
Visualization. Data science. No machine learning. But pretty pictures.
Here is a blog post I wrote a bit ago about the general theme of internal threat intelligence:
http://www.darkreading.com/analytics/creating-your-own-threat-intel-through-hunting-and-visualization/a/d-id/1321225?
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
In order to effectively defend your organization, you must think about the offensive strategy as well. But before we get ahead of ourselves let’s talk briefly about the building blocks of a good offense. First is an architecture that is built around a security policy that is aligned with the business risk. Risk must be understood and a cookie cutter approach must be avoided here because again every organization is different and so are their risks.
Threat hunting - Every day is hunting seasonBen Boyd
Breakout Presentation by Ben Boyd during the 2018 Nebraska Cybersecurity Conference.
Introduction to Threat Hunting and helpful steps for building a Threat Hunting Program of any size, from small to massive.
My slides for PHDays 2018 Threat Hunting Hands-On Lab - https://www.phdays.com/en/program/reports/build-your-own-threat-hunting-based-on-open-source-tools/
Virtual Machines for lab are available here - https://yadi.sk/d/qB1PNBj_3ViWHe
This presentation "Threat hunting on the wire" is part of a a series of courses on the subject of Threat Hunting. It covers command-line packet analysis, and network forensics.
SANS CTI Summit 2016 Borderless Threat IntelligenceJason Trost
This past year was the year of the data breach. Large and small organizations across every industry vertical were impacted by compromises that ranged from theft of PII, intellectual property, and financial information to publication of entire backend databases and email spools. The data from these breaches often wound up being exposed publicly, exchanged or sold on underground markets, or simply leveraged to breach other organizations. Many of these breaches have cascading effects due to the transitive nature of security that exists across many companies. Many companies rely on critical business partners, subsidiaries, and other organizations whose services are trusted. Also, due to password reuse customers accounts included in a 3rd party data dump could enable unauthorized access to another business's assets.
In this talk we outline through case studies several ways that Threat Intelligence is being used today to improve the security and awareness of organizations by monitoring "supply chain" partners, customers, and trusted 3rd parties. Specifically we will discuss brand monitoring, mass credential compromises, signs of infection/compromise, and signs of targeting and social networking data-mining. We will outline how organizations can effectively integrate this practice into their existing security programs.
This document summarizes an ethical hacking seminar that was presented. It discusses the following key points:
- Ethical hacking involves using the same tools and techniques as hackers but in a legal manner to test security vulnerabilities.
- The hacking process involves footprinting, scanning, gaining access, and maintaining access. Footprinting gathers information, scanning finds open ports and services, and gaining access exploits vulnerabilities.
- Ethical hackers are independent security professionals who evaluate systems without damaging them or stealing data. They find vulnerabilities and report them to owners.
- Skills needed for ethical hacking include knowledge of operating systems, firewalls, networking protocols, and project management. Understanding how hackers think is important to catch security
The document summarizes a presentation given by cybersecurity experts Ken Smith and Benjamin Brooks. It discusses the state of cyber attacks, the mindset of attackers, and the need for a paradigm shift in how organizations approach security. It then describes a fictional operation called "OatmealGhost" where the presenters carried out a penetration test against a target organization to demonstrate the attacker mindset and how easily networks can be breached.
The document provides an overview of honeypots and guidelines for setting up and running a research honeynet. It defines honeypots and differentiates between research and production honeypots. It outlines technical requirements for setting up a honeynet, including separating it from other networks, controlling data flow, and capturing data for analysis. It discusses insights that can be gained about attackers' tools and behaviors from observing compromised honeypots. Specifically, it notes the prevalence of script kiddies scanning for vulnerabilities and how they indicate inexperienced attackers may still pose risks if configurations are not secure.
Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016Danny Akacki
We can all agree that threat detection is an essential component of a functioning security monitoring program. Let's start thinking about how to take our tradecraft to the next level and hunt for ways for evil to do evil things. This talk will run through some of the observations gathered during hunting expeditions inside the networks of multiple Fortune ranked organizations. We hope to challenge you to expand your security operations, moving beyond traditional signature based detection.
Splunk Discovery Day Düsseldorf 2016 - Splunk für SecuritySplunk
Splunk Enterprise Security is an advanced security information and event management (SIEM) and security intelligence platform that allows organizations to monitor, detect, investigate, and respond to cyberattacks and threats. It provides risk-based analytics, security intelligence, continuous monitoring of security domains, and incident response capabilities through features like alerts and dashboards, pre-built searches, threat intelligence integration, and an investigation timeline. The platform helps connect data from various sources to gain security insights and identify unknown threats.
My Presentation on Career Opportunities in Cyber Security presented at the North Cap University during the course inauguration ceremony, where I talked about different career paths to get into the cyber security domain.
This document discusses vulnerability management and cybersecurity risks. It identifies various risks like staff risks, technology risks, and operational risks. It also discusses risk management frameworks and programs. Key aspects of vulnerability management are identified like asset identification, threat assessment, impact evaluation, and risk response. Common vulnerabilities are also listed. The document emphasizes that risk assessment and management is important to protect organizational assets and should be an ongoing process.
1. Vulnerability assessment and penetration testing (VAPT) involves identifying security vulnerabilities in an organization's network and systems through scanning and manual exploitation techniques.
2. The process includes information gathering, scanning to detect vulnerabilities, analysis of vulnerabilities found, and penetration testing to manually exploit vulnerabilities.
3. The final report documents the findings by risk level, technical details of vulnerabilities discovered, and recommendations for remediation.
This presentation explained the security controls and evolving threats that pertain in the market
at the moment through giving descriptive elaboration on today's security landscape. The
presentation further envelopes the key reasons why Cyber Security is imperative for
organizations today.
Happiest Minds Cyber Security Services:
http://www.happiestminds.com/cyber-security-services/
Big Data Analytics to Enhance Security คุณอนพัทย์ พิพัฒน์กิติบดี Technical Ma...BAINIDA
This document discusses using big data analytics to enhance security. It begins by defining big data analytics and describing security trends like the evolution from intrusion detection systems to security information and event management (SIEM) to next-generation SIEM using big data analytics. An example of an advanced persistent threat is provided. The document then discusses integrating security analytics with open source tools like SQRRL and Prelert. Finally, it covers how to apply these concepts by determining what security-related data can be collected and two options for implementing big data analytics in a security program.
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...Cloudera, Inc.
Learn how to:
* Detect threats automatically and accurately
* Reduce threat response times from 7 days to 4 hour
* Ingest and process 100+TB per day for automated machine learning and behavior-based detection
Evolving technologies and business models have led to advanced network security threats that never existed a few years back. Moreover, enterprises are also relying on outdated security solutions to shut out such threats and this is leading to bigger and frequent data breaches. So if your company recognizes the need for a reliable IT security solution, then you should join our webinar to learn the following:
- An overview of the prevalent enterprise security threats
- The evolving security landscape and the obsolete security mechanisms
- What Seqrite does to ensure enterprise security and network compliance
Azure Operation Management Suite - security and complianceAsaf Nakash
Today’s IT Security and Operations teams are tasked with managing highly complex, hybrid-cloud, cross-platform systems which are increasingly vulnerable to a growing number of sophisticated cyber-attacks. With this, IT Operations teams have a requirement to identify any threats to their environment as soon as possible to mitigate damages, as well as continue to cost-effectively meet SLAs.
Cyber-Espionage: Understanding the Advanced Threat LandscapeAaron White
Sophisticated cyber espionage operations currently present the biggest threat to small and medium sized businesses. Advanced persistent threats (APTs) ranging from nation-states to organized crime use zero-day exploits, customized malware, and social engineering to infiltrate networks, remain undetected for long periods, and steal valuable data. This presentation aims to explain APT attacks and provide recommendations on prevention, detection, and mitigation. It describes the typical four stages of an APT attack - reconnaissance, intrusion and infection, lateral movement within the network, and data exfiltration - and challenges of implementing security information and event management systems to detect such threats. Managed security services that provide 24/7 monitoring, threat analysis and response
Proactive Approach to OT incident response - HOUSECCON 2023Chris Sistrunk
This talk discusses practical approaches to OT incident response, that will leverage the people, processes, tools, and relationships you most likely already have.
Presentation at CMSS Conference 2016 - I was recently honored with the opportunity of speaking at the CMSS 2016 Conference. My goal for this engagement was to educate about the importance of innovating and applying exponential technologies in IT Security within the organization. My audience included many professionals in the medical industry, so it was important for me to be able to convey the importance of cybersecurity in that industry.
The typical process for investigating security-related alerts is labor intensive and largely manual. To make the situation more difficult, as attacks increase in number and diversity, there is an increasing array of detection systems deployed and generating even more alerts for security teams to investigate.
Netflix, like all organizations, has a finite amount of resources to combat this phenomenon, so we built FIDO to help. FIDO is an orchestration layer that automates the incident response process by evaluating, assessing and responding to malware and other detected threats.
The document discusses how Splunk can provide analytics-driven security for higher education through ingesting and analyzing machine data. It outlines how advanced threats have evolved to be more coordinated and evasive. A new approach is needed that fuses technology, human intuition, and processes like collaboration to detect attackers through contextual behavioral analysis of all available data. Examples are provided of security questions that can be answered through Splunk analytics.
Big Data For Threat Detection & ResponseHarry McLaren
Slides used at the University of Edinburgh SIGINT group (cybersecurity society). Covering what is big data, the value for security use cases, hunting for threats/actions, using Splunk to detect and respond, SIEM use and some useful searches (which were demoed).
Cybersecurity involves protecting information systems and networks from attacks, accidents, and failures. It aims to protect corporate and national operations and assets. Some key aspects of cybersecurity include user accounts, configuration management, contingency plans, mobile device security, and incident response. Common cyber threats include viruses, hackers, identity theft, and spyware/adware. Basic cybersecurity actions people can take include installing updates, running antivirus software, using firewalls, avoiding spyware, backing up files, and protecting passwords. Education about cybersecurity risks and proper security practices is important for users at home and work.
The SOC analyst training program is meticulously designed by the subject matter experts at Infosec Train. The training program offers a deep insight into the SOC operations and workflows. It is an excellent opportunity for aspiring and current SOC analysts (L1/L2/L3) to level up their skills to mitigate business risks by effectively handling and responding to security threats.
https://www.infosectrain.com/courses/soc-analyst-expert-training/
The SOC analyst training program is meticulously designed by the subject matter experts at Infosec Train. The training program offers a deep insight into the SOC operations and workflows. It is an excellent opportunity for aspiring and current SOC analysts (L1/L2/L3) to level up their skills to mitigate business risks by effectively handling and responding to security threats.
https://www.infosectrain.com/courses/soc-analyst-expert-training/
Similar to Threat Intelligence Ops In-Depth at Massive Enterprise (20)
Prediction of Electrical Energy Efficiency Using Information on Consumer's Ac...PriyankaKilaniya
Energy efficiency has been important since the latter part of the last century. The main object of this survey is to determine the energy efficiency knowledge among consumers. Two separate districts in Bangladesh are selected to conduct the survey on households and showrooms about the energy and seller also. The survey uses the data to find some regression equations from which it is easy to predict energy efficiency knowledge. The data is analyzed and calculated based on five important criteria. The initial target was to find some factors that help predict a person's energy efficiency knowledge. From the survey, it is found that the energy efficiency awareness among the people of our country is very low. Relationships between household energy use behaviors are estimated using a unique dataset of about 40 households and 20 showrooms in Bangladesh's Chapainawabganj and Bagerhat districts. Knowledge of energy consumption and energy efficiency technology options is found to be associated with household use of energy conservation practices. Household characteristics also influence household energy use behavior. Younger household cohorts are more likely to adopt energy-efficient technologies and energy conservation practices and place primary importance on energy saving for environmental reasons. Education also influences attitudes toward energy conservation in Bangladesh. Low-education households indicate they primarily save electricity for the environment while high-education households indicate they are motivated by environmental concerns.
Tools & Techniques for Commissioning and Maintaining PV Systems W-Animations ...Transcat
Join us for this solutions-based webinar on the tools and techniques for commissioning and maintaining PV Systems. In this session, we'll review the process of building and maintaining a solar array, starting with installation and commissioning, then reviewing operations and maintenance of the system. This course will review insulation resistance testing, I-V curve testing, earth-bond continuity, ground resistance testing, performance tests, visual inspections, ground and arc fault testing procedures, and power quality analysis.
Fluke Solar Application Specialist Will White is presenting on this engaging topic:
Will has worked in the renewable energy industry since 2005, first as an installer for a small east coast solar integrator before adding sales, design, and project management to his skillset. In 2022, Will joined Fluke as a solar application specialist, where he supports their renewable energy testing equipment like IV-curve tracers, electrical meters, and thermal imaging cameras. Experienced in wind power, solar thermal, energy storage, and all scales of PV, Will has primarily focused on residential and small commercial systems. He is passionate about implementing high-quality, code-compliant installation techniques.
Generative AI Use cases applications solutions and implementation.pdfmahaffeycheryld
Generative AI solutions encompass a range of capabilities from content creation to complex problem-solving across industries. Implementing generative AI involves identifying specific business needs, developing tailored AI models using techniques like GANs and VAEs, and integrating these models into existing workflows. Data quality and continuous model refinement are crucial for effective implementation. Businesses must also consider ethical implications and ensure transparency in AI decision-making. Generative AI's implementation aims to enhance efficiency, creativity, and innovation by leveraging autonomous generation and sophisticated learning algorithms to meet diverse business challenges.
https://www.leewayhertz.com/generative-ai-use-cases-and-applications/
Open Channel Flow: fluid flow with a free surfaceIndrajeet sahu
Open Channel Flow: This topic focuses on fluid flow with a free surface, such as in rivers, canals, and drainage ditches. Key concepts include the classification of flow types (steady vs. unsteady, uniform vs. non-uniform), hydraulic radius, flow resistance, Manning's equation, critical flow conditions, and energy and momentum principles. It also covers flow measurement techniques, gradually varied flow analysis, and the design of open channels. Understanding these principles is vital for effective water resource management and engineering applications.
Blood finder application project report (1).pdfKamal Acharya
Blood Finder is an emergency time app where a user can search for the blood banks as
well as the registered blood donors around Mumbai. This application also provide an
opportunity for the user of this application to become a registered donor for this user have
to enroll for the donor request from the application itself. If the admin wish to make user
a registered donor, with some of the formalities with the organization it can be done.
Specialization of this application is that the user will not have to register on sign-in for
searching the blood banks and blood donors it can be just done by installing the
application to the mobile.
The purpose of making this application is to save the user’s time for searching blood of
needed blood group during the time of the emergency.
This is an android application developed in Java and XML with the connectivity of
SQLite database. This application will provide most of basic functionality required for an
emergency time application. All the details of Blood banks and Blood donors are stored
in the database i.e. SQLite.
This application allowed the user to get all the information regarding blood banks and
blood donors such as Name, Number, Address, Blood Group, rather than searching it on
the different websites and wasting the precious time. This application is effective and
user friendly.
Road construction is not as easy as it seems to be, it includes various steps and it starts with its designing and
structure including the traffic volume consideration. Then base layer is done by bulldozers and levelers and after
base surface coating has to be done. For giving road a smooth surface with flexibility, Asphalt concrete is used.
Asphalt requires an aggregate sub base material layer, and then a base layer to be put into first place. Asphalt road
construction is formulated to support the heavy traffic load and climatic conditions. It is 100% recyclable and
saving non renewable natural resources.
With the advancement of technology, Asphalt technology gives assurance about the good drainage system and with
skid resistance it can be used where safety is necessary such as outsidethe schools.
The largest use of Asphalt is for making asphalt concrete for road surfaces. It is widely used in airports around the
world due to the sturdiness and ability to be repaired quickly, it is widely used for runways dedicated to aircraft
landing and taking off. Asphalt is normally stored and transported at 150’C or 300’F temperature
5G Radio Network Througput Problem Analysis HCIA.pdf
Threat Intelligence Ops In-Depth at Massive Enterprise
1. Threat Intelligence Ops In-Depth
at Massive Enterprise
Jeremy Li – Information Security Dept. of Meituan Inc.
2. Intro
• Id: e1knot
• System Infrastructure Security Team of Meituan Inc.
• Systems of Threat Intelligence and Security Awareness Capabilities
• 4-Year+ Threat Intelligence Analytic and Operation Experience
• Speakers at ISC2017, DEFCON China, etc.
3. Agenda
• Threat Types of Systems in Massive Enterprise
• Threat Intelligence Capability Building
• Evaluate Threat Intelligence Capability
• Life-Cycle, Systems and Operation of Threat Intelligence
• Coda
4. Threat Types at Systems in Massive Enterprise
• Massive Business Data: 1B+ Page Views in Core Systems
• Large Business Scale: 1M+ Apps in Systems, 100M+ Lines in Code Repo
• Massive Assets: 1M+ Endpoints, IDC Servers, Software
• Massive Assets Types: 100K+ Types of Middle-Wares and Components
• Massive Alerts: 10K+ Alarms from Different Security Assets
• Situation of Enterprise Security: Incidents with Massive Security Cost
5. Threat Types at Systems in Massive Enterprise
Components
Vuls
Trojan,
Worm,
Botnets
Configs
Corruption
X-Day
Vuls
System Vuls
Logic Vuls
Credentials
Leaked
ACLs Invalid
POI/UGC
Spider
Employee
Compromise
Cheats
App Tamper
Infrastructure System Business System Business Data Grids
6. Threat Intelligence Capability Building
• Solutions can solve your security
problems?
• Threat Intelligence running well
on your Security Infrastructure?
• Threat Intelligence Groups
OKRs/KPIs?
7. Hurts of Threat Intelligence Operation
Fake
Intelligence
Information
Asymmetry
Useless
Intelligence
Information
Lag
9. Threat -> TI -> TI Capability
Ability to provide effective and reliable message type or knowledge type data for discovering
potential or emerging threats (including but not limited to business data, systems and infrastructure),
and the data can be highly automated closed-loop processing capability through secure operations For
threat intelligence capabilities, the data provided is called threat intelligence.
—— A Horizon
Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators,
implications and actionable advice, about an existing or emerging menace or hazard to assets that can
be used to inform decisions regarding the subject's response to that menace or hazard.
—— Gartner(2013)
10. Evaluate Threat Intelligence Capability
Low
Latency
High
Accuracy
Full
Operated
Closed-
Loop
• Intelligence
Synchronized asap
• Intelligence Full-
Operated &
Automation Rate
• Intelligence Data
Grids/Channels
Reliable, Confidence,
Integrity
• High Accuracy
Algorithm
• FINTELs Quality
• Providing Instructions
& Functions
• Compatible Methods
for Intelligence Ops
• TODOs & Cases Study
• Improve FINTELs
Quality
FINTEL is for Final Intelligence
11. Evaluate Threat Intelligence Capability
Data Grids Production Platforms Operators
Threat Intelligence Components
12. Threat Intelligence Architecture Building
• 1- Arch:A Threat Intelligence Architecture Compatible with Existing Security System
• 2- Platforms:Notification Platform(MT-Radar) & Management Platform(MT-Nebula)
• 3- Data Grids:Internet Assets Signatures, Vulnerabilities Database, OSINTs
• 4- Channels:HUMINT, Auto-Gathering, 3rd-Party Services, Security Response Center
Intelligence Required!
14. Threat Intelligence Arch Capability Matrix
TIMC is short for Threat Intelligence Management Center.
Internal
Data
IOC
Black
Channel
Vuls Info OSINTData Grids
Internal Log Sets Threat Intelligence Processing/Aggregation/ProductionProcess
Analytic TI Production Algorithm FINTEL Refinements Adjustment Weight
Operation TI Cases Study
Delivery &
Notification
TI Open Capability Platform
Threats Demands and
Analytics
Data Grids Demands and
Analytics
Response and Closed-
Loop MethodsTI Plans
APIs
MT-Radar
Issue Tickets
TIMC
(MT-Nebula)
HUMINT
Operations
Net-
Disk/GitHub
PDNS
15. Threat Intelligence Gathering & Analytic
OSINT
(Include IOC)
NetDisk/GitHub/
Pastebin
Black Information
Sharing Channel
HUMINT/SRC
Pre-Processing
Key Information
Gathering
Intelligence
Recognition
FINTEL
Refinement
FINTEL Delivery
Pre-Processing TI Data Grids FINTEL Refinements & Optimized Operation
TI Consume
Incident Response
& Recovery
Threat Intelligence Production Model
Real-Time
Compute
Offline
Compute
NLP/OCR
ML
MQ
TI Production Rules Refinements
Datasets
Hybridization
16. Threat Intelligence Gathering & Analytic
• Threat Intelligence Data Grids Contain Network Signature/OSINT DB/Black
Trades Channels
• Fetch Intelligence Entities from Intelligence Data Grids in Using
ML/NLP/OCR
• Optimize & Refine FINTELs for Security Operation
• FINTEL Must be Checked by 3rd Teams for Making Sure of Availability &
Loop-Cycled
17. Threat Intelligence Operation & Delivery
• FINTEL Delivery Rules:
– Highly Readable Contents
– Full Elements for Assessment
– Solutions Provided
– Affections Contained!
– Instructions for Operation