New threats call for new responses  <ul><li>Richard Stiennon </li></ul><ul><li>Chief Research Analyst </li></ul><ul><li>IT...
Highly targeted sophisticated attacks <ul><li>Custom domains/websites </li></ul><ul><li>Social network vectors </li></ul><...
APT A dversaries:  Competitors, criminals, spies P ernicious:  Devious use of digital  trade craft  T argets: source codes...
Ghostnet <ul><li>Office of the Dalai Lama infiltrated through malware installed on computers </li></ul><ul><li>Email serve...
Sound familiar?  <ul><li>Pentagon 2007 </li></ul><ul><li>Rio Tinto 2009 </li></ul><ul><li>Google Aurora 2010 </li></ul><ul...
Introducing the cyber intelligence team Cyber Commander Analysts Operations Red Team
Cyber Commander <ul><li>Assigns and directs roles </li></ul><ul><li>Makes sure the correct tools and defenses are deployed...
Analysts <ul><li>Cyber defense analysts   are the intelligence gatherers. They study the threatscape with an eye towards e...
Operations <ul><li>Selecting and deploying  tools </li></ul><ul><ul><li>FireEye, Trend, Netwitness, Dumbala, Guidance Soft...
Red Team <ul><li>Attack and penetration  </li></ul><ul><li>Internal audit </li></ul>
The attackers have changed their tools, targets, and goals.  The defenders must change too.
Blog:  www.threatchaos.com email:  [email_address] Twitter:  twitter.com/cyberwar
Upcoming SlideShare
Loading in …5
×

New definition for APT

1,001 views

Published on

Adversaries, perniciousness, targets define the new threat.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,001
On SlideShare
0
From Embeds
0
Number of Embeds
36
Actions
Shares
0
Downloads
14
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

New definition for APT

  1. 1. New threats call for new responses <ul><li>Richard Stiennon </li></ul><ul><li>Chief Research Analyst </li></ul><ul><li>IT-Harvest </li></ul><ul><li>Blog: ThreatChaos.com </li></ul><ul><li>twitter.com/stiennon </li></ul>
  2. 2. Highly targeted sophisticated attacks <ul><li>Custom domains/websites </li></ul><ul><li>Social network vectors </li></ul><ul><li>Custom Trojans </li></ul><ul><li>Persistence </li></ul><ul><li>Insiders </li></ul>
  3. 3. APT A dversaries: Competitors, criminals, spies P ernicious: Devious use of digital trade craft T argets: source codes, data, SIGINT, personnel,
  4. 4. Ghostnet <ul><li>Office of the Dalai Lama infiltrated through malware installed on computers </li></ul><ul><li>Email servers completely owned </li></ul><ul><li>Emails modified in transit </li></ul><ul><li>Email read and acted on </li></ul><ul><li>Over 1,200 infected computers globally </li></ul>
  5. 5. Sound familiar? <ul><li>Pentagon 2007 </li></ul><ul><li>Rio Tinto 2009 </li></ul><ul><li>Google Aurora 2010 </li></ul><ul><li>Stuxnet </li></ul>
  6. 6. Introducing the cyber intelligence team Cyber Commander Analysts Operations Red Team
  7. 7. Cyber Commander <ul><li>Assigns and directs roles </li></ul><ul><li>Makes sure the correct tools and defenses are deployed </li></ul><ul><li>Puts in place controls and audit processes </li></ul><ul><li>Reports to upper management on the results of those processes and audits </li></ul><ul><li>Primary point of contact for communicating to law enforcement and intelligence agencies </li></ul>
  8. 8. Analysts <ul><li>Cyber defense analysts are the intelligence gatherers. They study the threatscape with an eye towards emerging threats to the organization. </li></ul><ul><li>Understanding the state of the art in attack methodologies. </li></ul><ul><li>Getting to know potential attackers and monitoring their activity. </li></ul><ul><li>Monitoring known attack sources, </li></ul><ul><li>Communicating the threat level to the rest of the cyber defense team. </li></ul><ul><li>Assisting in evaluating technology for internal deployment. </li></ul>
  9. 9. Operations <ul><li>Selecting and deploying tools </li></ul><ul><ul><li>FireEye, Trend, Netwitness, Dumbala, Guidance Software </li></ul></ul><ul><li>Discovering internal infections </li></ul><ul><li>Monitoring insider behavior </li></ul>
  10. 10. Red Team <ul><li>Attack and penetration </li></ul><ul><li>Internal audit </li></ul>
  11. 11. The attackers have changed their tools, targets, and goals. The defenders must change too.
  12. 12. Blog: www.threatchaos.com email: [email_address] Twitter: twitter.com/cyberwar

×