Cyberattack Analysis and Information Sharing in the U.S.
|
|
- Hope Brooks
- 5 years ago
- Views:
Transcription
1 Cyberattack Analysis and Information Sharing in the U.S. Promoting the sharing and utilization of the Analyzed Information Sean Barnum February 2013 Sponsored by the US Department of Homeland Security 2013 The MITRE Corporation. All rights reserved.
2 Diverse and evolving threats Balance inward & outward focus Proactive & reactive actions Recon Deliver Control Maintain Weaponize Exploit Execute Information sharing Need for holistic threat intelligence 2013 The MITRE Corporation. All rights reserved.
3 Challenges of Cyber Threat Information Sharing Sharing is always possible but active and effective sharing requires overcoming some challenges Social Challenges Who do you trust? (sharing in and sharing out) The value of sharing even with competitors Legal/Regulatory Challenges Privacy, secret government info, international sharing, etc. Technical Challenges ( useful and usable info sharing) Tower of Babel (many different formats) Automation (machine speed) Deconflate sensitive info from shareable info How to actually share what you want to share 2013 The MITRE Corporation. All rights reserved. Standardized Threat Representation
4 Cyber Threat Information Sharing Cyber threat information (particularly indicators) sharing is not new Typically very atomic and very limited in sophistication IP lists, File hashes, URLs, addresses, etc. Most sharing is unstructured & human-to-human Recent trends of machine-to-machine transfer of simple/atomic indicators STIX aims to enable sharing of more expressive indicators as well as other full-spectrum cyber threat information The MITRE Corporation. All rights reserved.
5 5 Cost to Adversary Slightly more expensive to hop between domains Difficult & expensive: Changing tactics and procedures to evade behavioral detection Trivial/cheap to hop between IP addresses 2013 The MITRE Corporation. All rights reserved.
6 Evolution of Standardized Representations for Threat 6 Vulnerabilities Weaknesses Attack Patterns? Malware Behavior Cyber Observables Threat Indicators Based on IDXWG community of Threat Intel and Incident Response experts begins working on defining a standard representation for cyber threat indicators What is an Indicator? Community iterated on scope Defined Indicator scope as a part of broader cyber threat information architecture Structured threat information architecture evolved into STIX 2013 The MITRE Corporation. All rights reserved.
7 7 What is STIX? Language Specify Capture Characterize Communicate Cyber Threat Information Community-driven Consistency Clarity Support automation 2013 The MITRE Corporation. All rights reserved.
8 STIX Use Cases STIX provides a common mechanism for addressing structured cyber threat information across and among this full range of use cases improving consistency, efficiency, interoperability, and overall situational awareness The MITRE Corporation. All rights reserved.
9 9 What is Cyber (Threat) Intelligence? Consider these questions: What activity are we seeing? What threats should I look for on my networks and systems and why? Where has this threat been seen? What does it do? What weaknesses does this threat exploit? Why does it do this? Who is responsible for this threat? What can I do about it? 2013 The MITRE Corporation. All rights reserved. 9
10 2013 The MITRE Corporation. All rights reserved. 10
11 2013 The MITRE Corporation. All rights reserved. 11
12 12 What is a cyber observable? A measurable event or stateful property in the cyber domain Some measurable events: a registry key is created, a file is deleted, an http GET is received, Some stateful properties: MD5 hash of a file, value of a registry key, existence of a mutex, Cyber Observable expression (CybOX) is a standardized language for encoding and communicating information about cyber observables ( The MITRE Corporation. All rights reserved.
13 13 What sort of basic things can you do with CybOX? Almost every field is optional. This means you can use whatever is appropriate and ignore the rest. Layered typing structure enabling flexible use Built in extensibility mechanisms Can specify and characterize a wide range of cyber objects Can specify and characterize dynamic cyber events & actions Can specify and characterize complex actions Can define relational and logical compositions of multiple objects, actions, events and/or observables Define a wide myriad of potential observable pattern variations at the logical composition level or utilizing patterns at the Object attribute level including Equals, Contains, IsInRange, IsInSet, Regex, etc. all of which allow the user to define an almost infinitely variable set of patterns and filters The MITRE Corporation. All rights reserved.
14 14 CybOX v1.0 Objects Account Address API Artifact Code Device Disk Disk Partition DNS Query DNS Record DNS Cache Message File GUI GUI Dialog Box GUI Window HTTP Session Library Linux Package Memory Mutex Network Connection Network Flow Network Packet Network Route Entry Network Route The MITRE Corporation. All rights reserved. Network Subnet Pipe Port Process Product Semaphore Socket System Unix File Unix Network Route Entry Unix Pipe Unix Process Unix User Account Unix Volume URI User Account User Session Volume Whois Win Computer Account Win Critical Section Win Driver Win Event Win Event Log Win Executable File Win File Win Handle Win Kernel Win Kernel Hook Win Mailslot Win Memory Page Region Win Mutex Win Network Route Entry Win Pipe Win Network Share Win Prefetch Win Process Win Registry Key Win Semaphore Win Service Win System Win System Restore Win Task Win Thread Win User Account Win Volume Win Waitable Timer X509 Certificate (more on the way)
15 2013 The MITRE Corporation. All rights reserved. 15
16 2013 The MITRE Corporation. All rights reserved. 16
17 2013 The MITRE Corporation. All rights reserved. 17
18 2013 The MITRE Corporation. All rights reserved. 18
19 2013 The MITRE Corporation. All rights reserved. 19
20 2013 The MITRE Corporation. All rights reserved. 20
21 2013 The MITRE Corporation. All rights reserved. 21
22 22 Why were they doing it? Why should you care about it? What you are looking for What exactly were they doing? Who was doing it? What should you do about it? Where was it seen? What were they looking to exploit? 2013 The MITRE Corporation. All rights reserved.
23 Implementations Initial implementation has been done in XML Schema Ubiquitous, portable and structured Concrete strawman for community of experts Practical structure for early real-world prototyping and POC implementations Plan to iterate and refine with real-world use Next step will be a formal implementation-independent specification Will include guidance for developing XML, JSON, RDF/OWL, or other implementations 2013 The MITRE Corporation. All rights reserved.
24 Enabling Utilities Utilities to enable easier prototyping and usage of the language. Utilities consist of things like: Language (Python) bindings for STIX, CybOX, MAEC, etc. High-level programmatic APIs for common needs/activities Conversion utilities from commonly used formats & tools Comparator tools for analyzing language-based content Utilities supporting common use cases E.g. _to_CybOX utility supporting phishing analysis & management Open communities on GitHub (STIXProject, CybOXProject & MAECProject) 2013 The MITRE Corporation. All rights reserved.
25 Adoption & Usage Still in its early stages but already generating extensive interest and initial operational use How to actually share what you want to share 2013 The MITRE Corporation. All rights reserved The MITRE Corporation. All rights reserved.
26 What is TAXII? Trusted Automated exchange of Indicator Information The goal of TAXII is to facilitate the exchange of structured cyber threat information Designed to support existing sharing paradigms in a more automated manner TAXII is a set of specifications defining the network-level activity of the exchange Defines services and messages to exchange data Does NOT dictate HOW data is handled in the back-end, WHAT data is shared or WHO it is shared with TAXII is NOT a sharing program 2013 The MITRE Corporation. All rights reserved The MITRE Corporation. All rights reserved.
27 27 TAXII Specifications TAXII Protocol Binding Specifications TAXII Services Specification Define requirements for network transport of TAXII messages Defines TAXII Services Defines TAXII Message Types Defines TAXII Message Exchanges TAXII Message Binding Specifications Define TAXII Message format bindings The MITRE Corporation. All rights reserved.
28 Adoption & Usage Still in its early stages but already generating extensive interest and initial operational use Actively being considered by several information sharing communities Active interest from several large user organizations Active interest from some service/product vendors 2013 The MITRE Corporation. All rights reserved The MITRE Corporation. All rights reserved.
29 A sampling of some of the organizations contributing to the STIX conversation includes: The MITRE Corporation. All rights reserved.
30 Current Focus Make it easier for people to understand and use STIX Improve documentation Develop supporting utilities Provide collaborative guidance Gather feedback Refine and extend the language based on feedback and needs 2013 The MITRE Corporation. All rights reserved.
31 Where to Learn More STIX Website (whitepapers, documentation, schemas, etc.) STIX GitHub site (bindings, APIs, utilities) STIX Discussion List TAXII Website (whitepapers, specifications, etc.) TAXII Discussion List TAXII GitHub site (bindings, APIs, utilities, implementations) CybOX Website (whitepapers, specifications, etc.) CybOX Discussion List CybOX GitHub site (bindings, APIs, utilities, implementations) Questions The MITRE Corporation. All rights reserved The MITRE Corporation. All rights reserved.
32 Orient on the Adversary! 32 We want you to be part of the conversation The MITRE Corporation. All rights reserved.
Leveraging CybOX to Standardize Representation and Exchange of Digital Forensic Information
DIGITAL FORENSIC RESEARCH CONFERENCE Leveraging CybOX to Standardize Representation and Exchange of Digital Forensic Information By Eoghan Casey, Greg Back, and Sean Barnum Presented At The Digital Forensic
More informationEnabling Distributed Event Management: Interoperability for Automated Response and Prevention. Sean Barnum George Saylor Aug 2011
Enabling Distributed Event Management: Interoperability for Automated Response and Prevention Sean Barnum George Saylor Aug 2011 The HS SEDI FFRDC is managed and operated by The MITRE Corporation for DHS.
More informationSupply Chain Information Exchange: Non-conforming & Authentic Components
Supply Chain Information Exchange: Non-conforming & Authentic Components Joe Jarzombek Director for Software and Supply Chain Assurance Stakeholder Engagement & Cyber Infrastructure Resilience Agenda Purpose
More informationCyber Threat Intelligence Sharing Standards
SESSION ID: PST-W08 Cyber Threat Intelligence Sharing Standards Jerome Athias Cybersecurity Specialist Saudi Aramco @JA25000 Agenda Cyber Threat Intelligence (CTI) CTI Sharing Standards Summary & Apply
More informationCyber Observables and Integration with EMAP EMAP 2011 Developer Days
Cyber Observables and Integration with EMAP EMAP 2011 Developer Days Sean Barnum Aug 2011 Knowledge Repositories Asset Definition Configuration Guidance Vulnerability Alert Threat Alert Incident Report
More informationSTIX Profile Development Tutorial
STIX Profile Development Tutorial This tutorial describes how to create a STIX Profile step-by-step, with a particular focus on creating community profiles using the profile spreadsheet format with the
More informationThe Mechanics of Cyber Threat Information Sharing
The Mechanics of Cyber Threat Information Sharing Session 229, February 23, 2017 Denise Anderson, President, National Health Information Sharing and Analysis Center (NH-ISAC) Julie Connolly, Principal
More informationSTANDARD INFORMATION SHARING FORMATS. Will Semple Head of Threat and Vulnerability Management New York Stock Exchange
STANDARD INFORMATION SHARING FORMATS Will Semple Head of Threat and Vulnerability Management New York Stock Exchange AGENDA Information Sharing from the Practitioner s view Changing the focus from Risk
More informationFeatured Articles II Security Research and Development Research and Development of Advanced Security Technology
364 Hitachi Review Vol. 65 (2016), No. 8 Featured Articles II Security Research and Development Research and Development of Advanced Security Technology Tadashi Kaji, Ph.D. OVERVIEW: The damage done by
More informationModern Cyber Defense with Automated Real-Time Response: A Standards Update
SESSION ID: AIR-F01 Modern Cyber Defense with Automated Real-Time Response: A Standards Update Bret Jordan Director of Security Architecture Symantec @jordan_bret Joe Brule Executive Director OpenC2 Forum
More informationCYBER SECURITY OPERATION CENTER (CSOC)
WHITE PAPER ON CYBER SECURITY OPERATION CENTER (CSOC) THE CHANGING LANDSCAPE Introduction Thanks to Internet and developments around Internet! The world has changed its data dimensions and has opened up
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationA Common Cyber Threat Framework: A Foundation for Communication
For For Public Distribution A Common Cyber Threat Framework: A Foundation for Communication This is a work of the U.S. Government and is not subject to copyright protection in the United States. Overview
More informationWHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX
WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX 1 INTRODUCTION The MITRE Corporation Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK ) Matrix provides a model
More informationCyber Common Technical Core (CCTC) Advance Sheet Windows Operating Systems
Cyber Common Technical Core (CCTC) Advance Sheet Windows Operating Systems Section 1: Command Line Tools Skill 1: Employ commands using command line interface 1.1 Use command line commands to gain situational
More informationCTI-TC. Monthly Meeting UPDATE ON MVP RELEASE FOR DRAFT SPECIFICATIONS. Session #1: 15:00:00 UTC July 21, 2016*
Session #1: 15:00:00 UTC July 21, 2016* CTI-TC Monthly Meeting Session #2: 01:00:00 UTC July 22, 2016* UPDATE ON MVP RELEASE FOR DRAFT SPECIFICATIONS * Attendance at either Session #1 or Session #2 Counts
More informationCyber Threat Intelligence Standards - A high-level overview
Cyber Threat Intelligence Standards - A high-level overview Christian Doerr TU Delft, Cyber Threat Intelligence Lab Delft University of Technology Challenge the future ~ whoami At TU Delft since 2008 in
More informationAdvanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018
Advanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018 The Homeland Security Systems Engineering and Development Institute (HSSEDI ) is a trademark of the U.S. Department of Homeland
More informationChapter X Security Performance Metrics
Chapter X Security Performance Metrics Page 1 of 9 Chapter X Security Performance Metrics Background For the past two years, the State of Reliability report has included a chapter for security performance
More informationPALANTIR CYBERMESH INTRODUCTION
100 Hamilton Avenue Palo Alto, California 94301 PALANTIR CYBERMESH INTRODUCTION Cyber attacks expose organizations to significant security, regulatory, and reputational risks, including the potential for
More informationCOMPUTER FORENSICS (CFRS)
Computer Forensics (CFRS) 1 COMPUTER FORENSICS (CFRS) 500 Level Courses CFRS 500: Introduction to Forensic Technology and Analysis. 3 credits. Presents an overview of technologies of interest to forensics
More informationTAXII 1.0 (DRAFT) Capabilities and Services. Charles Schmidt & Mark Davidson
TAXII 1.0 (DRAFT) Capabilities and Services Charles Schmidt & Mark Davidson 2 About This Talk Look at the use scenarios we want to support and how we have designed TAXII to support them TAXII supports
More information2 nd Cybersecurity Workshop Test and Evaluation to Meet the Advanced Persistent Threat
2 nd Cybersecurity Workshop Test and Evaluation to Meet the Advanced Persistent Threat Faye Francy Aviation ISAC February 2015 Company Organization Corporate Defense, Space & Security Boeing Capital Corporation
More informationThe Kill Chain for the Advanced Persistent Threat
The Kill Chain for the Advanced Persistent Threat Intelligence-driven Computer Network Defense as presented at Michael Cloppert Eric Hutchins Lockheed Martin Corp Wednesday, October 12, 2011 0000 10/12/2011
More informationArcSight Activate Framework
ArcSight Activate Framework Petropoulos #HPProtect 44% Have trouble managing their SIEM eiqnetworks 2013 SIEM Survey #1 challenge Identification of key events SANS 2012 Log Management and Event Management
More informationPatterning in STIX 2.0 John-Mark Gurney Principal Security Architect New Context. Minneapolis, MN April 13, 2017
Patterning in STIX 2.0 John-Mark Gurney Principal Security Architect New Context ICS A Joint Lean Working Security Group Firm Spring 2017 Minneapolis, MN April 13, 2017 WHAT IS STIX? Machine readable Cyber
More informationHow to Identify Advanced Persistent, Targeted Malware Threats with Multidimensional Analysis
White paper How to Identify Advanced Persistent, Targeted Malware Threats with Multidimensional Analysis AhnLab, Inc. Table of Contents Introduction... 1 Multidimensional Analysis... 1 Cloud-based Analysis...
More informationCybersecurity in Government
Cybersecurity in Government Executive Development Course: Digital Government Ng Lup Houh, Principal Cybersecurity Specialist Cybersecurity Group 03 April 2018 Agenda Cyber Threats & Vulnerabilities Cyber
More informationRESTful API Design APIs your consumers will love
RESTful API Design APIs your consumers will love Matthias Biehl RESTful API Design Copyright 2016 by Matthias Biehl All rights reserved, including the right to reproduce this book or portions thereof in
More informationChapter X Security Performance Metrics
Chapter X Security Performance Metrics Page 1 of 10 Chapter X Security Performance Metrics Background For many years now, NERC and the electricity industry have taken actions to address cyber and physical
More informationBuilding a Resilient Security Posture for Effective Breach Prevention
SESSION ID: GPS-F03B Building a Resilient Security Posture for Effective Breach Prevention Avinash Prasad Head Managed Security Services, Tata Communications Agenda for discussion 1. Security Posture 2.
More informationTHREAT INTEL AND CONTENT CURATION: ORGANIZING THE PATH TO SUCCESSFUL DETECTION
SESSION ID: AIR-W12 THREAT INTEL AND CONTENT CURATION: ORGANIZING THE PATH TO SUCCESSFUL DETECTION Justin Monti CTO MKACyber Mischel Kwon CEO MKACyber @MKACyber What is Cyber Threat Intelligence Data collected,
More informationSept 2018 CTI TC F2F Summary Notes
Sept 2018 CTI TC F2F Summary Notes Session 1: STIX 2.1 Review The majority of the discussion centered around how we develop and validate implementations for the newly added features. No real hard and fast
More informationSecurity Automation Developer Days July 9-13, 2012
Monday July 9 th 2012 10:00-10:10 Welcome Introduce the organizers of the event and the major players; describe MITRE s role for the event; and describe the goals for this event. 10:10 12:00 CCE David
More informationAchieving a Secure and Resilient Cyber Ecosystem: A Way Ahead
Achieving a Secure and Resilient Cyber Ecosystem: A Way Ahead January 2016 Continuing to strengthen the security and resilience of our nation s critical infrastructure in partnership with you Our Responsibilities
More informationCourse Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture
About this Course This course will best position your organization to analyse threats and detect anomalies that could indicate cybercriminal behaviour. The payoff for this new proactive approach would
More informationTanium Endpoint Detection and Response. (ISC)² East Bay Chapter Training Day July 13, 2018
Tanium Endpoint Detection and Response (ISC)² East Bay Chapter Training Day July 13, 2018 $> WhoamI 11 Years of Security Experience Multiple Verticals (Technology, Industrial, Healthcare, Biotech) 9 Years
More informationWeb Services in Cincom VisualWorks. WHITE PAPER Cincom In-depth Analysis and Review
Web Services in Cincom VisualWorks WHITE PAPER Cincom In-depth Analysis and Review Web Services in Cincom VisualWorks Table of Contents Web Services in VisualWorks....................... 1 Web Services
More informationCONTROLLING YOUR OWN BATTLESPACE. From Threat Response Teams To Threat Intelligence Teams
CONTROLLING YOUR OWN BATTLESPACE From Threat Response Teams To Threat Intelligence Teams Agenda Motivations The Intelligence Process The Cyber Kill Chain Approach Indicators of Compromise Information Sharing
More informationCyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS
Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported
More informationBuilding Resilience in a Digital Enterprise
Building Resilience in a Digital Enterprise Top five steps to help reduce the risk of advanced targeted attacks To be successful in business today, an enterprise must operate securely in the cyberdomain.
More informationENTERPRISE ENDPOINT PROTECTION BUYER S GUIDE
ENTERPRISE ENDPOINT PROTECTION BUYER S GUIDE TABLE OF CONTENTS Overview...3 A Multi-Layer Approach to Endpoint Security...4 Known Attack Detection...5 Machine Learning...6 Behavioral Analysis...7 Exploit
More information1. Draw and explain program flow of control without and with interrupts. [16]
Code No: R05310503 Set No. 1 1. Draw and explain program flow of control without and with interrupts. [16] 2. Explain the following transitions: (a) Blocked Blocked/Suspended. (b) Blocked/Suspended Ready/Suspended.
More informationPublishing Linked Statistical Data: Aragón, a case study.
Publishing Linked Statistical Data: Aragón, a case study. Oscar Corcho 1, Idafen Santana-Pérez 1, Hugo Lafuente 2, David Portolés 3, César Cano 4, Alfredo Peris 4, and José María Subero 4 1 Ontology Engineering
More informationMedical Device Vulnerability Management
Medical Device Vulnerability Management MDISS / NH-ISAC Process Draft Dale Nordenberg, MD June 2015 Market-based public health: collaborative acceleration Objectives Define a trusted and repeatable process
More informationdescribe the functions of Windows Communication Foundation describe the features of the Windows Workflow Foundation solution
1 of 9 10/9/2013 1:38 AM WCF and WF Learning Objectives After completing this topic, you should be able to describe the functions of Windows Communication Foundation describe the features of the Windows
More informationThe University of Queensland
UQ Cyber Security Strategy 2017-2020 NAME: UQ Cyber Security Strategy DATE: 21/07/2017 RELEASE:0.2 Final AUTHOR: OWNER: CLIENT: Marc Blum Chief Information Officer Strategic Information Technology Council
More informationThe rise of major Adversaries is the most relevant trend in 2014, targeting Government and Critical Services
The rise of major Adversaries is the most relevant trend in 2014, targeting Government and Critical Services Major Trends of 2014 And relevant changes in Threat Scenario Most Target Countries and Sectors
More informationGlobal Response Centre (GRC) & CIRT Lite. Regional Cyber security Forum 2009, Hyderabad, India 23 rd to 25 th September 2009
Global Response Centre (GRC) & CIRT Lite Regional Cyber security Forum 2009, Hyderabad, India 23 rd to 25 th September 2009 IMPACT Service offerings Global Response Centre CIRT Lite Need for GRC Access
More informationEngineering Your Software For Attack
Engineering Your Software For Attack Robert A. Martin Senior Principal Engineer Cyber Security Center Center for National Security The MITRE Corporation 2013 The MITRE Corporation. All rights reserved.
More informationProtect Session B10039 ArcSight Activate Threat Intelligence Packages
Protect2016 - Session B10039 ArcSight Activate Threat Intelligence Packages Time to stop reinventing the wheel Prepared by SEMplicity & HPE George A. Boitano 617-524-0171 gboitano@semplicityinc.com Yun
More informationDefining Computer Security Incident Response Teams
Defining Computer Security Incident Response Teams Robin Ruefle January 2007 ABSTRACT: A computer security incident response team (CSIRT) is a concrete organizational entity (i.e., one or more staff) that
More informationAdversary Playbooks. An Approach to Disrupting Malicious Actors and Activity
Adversary Playbooks An Approach to Disrupting Malicious Actors and Activity Overview Applying consistent principles to Adversary Playbooks in order to disrupt malicious actors more systematically. Behind
More informationCyber Resiliency & Agility Call to Action
Cyber Resiliency & Agility Call to Action MITRE Resiliency Workshop May 31, 2012 Suzanne Hassell Engineering Fellow Raytheon Network Centric Systems shassell@raytheon.com Copyright 2012 Raytheon Company.
More informationCurriculum 2013 Knowledge Units Pertaining to PDC
Curriculum 2013 Knowledge Units Pertaining to C KA KU Tier Level NumC Learning Outcome Assembly level machine Describe how an instruction is executed in a classical von Neumann machine, with organization
More informationProtocols for exchange of cyber security information
Protocols for exchange of cyber security information Ing. Július Baráth, PhD. julius.barath@aos.sk Department of informatics Armed Forces Academy Liptovský Mikuláš, Slovakia doc. Ing. Marcel Harakaľ, PhD.
More informationBPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.
BPS Suite and the OCEG Capability Model Mapping the OCEG Capability Model to the BPS Suite s product capability. BPS Contents Introduction... 2 GRC activities... 2 BPS and the Capability Model for GRC...
More informationTHE ACCENTURE CYBER DEFENSE SOLUTION
THE ACCENTURE CYBER DEFENSE SOLUTION A MANAGED SERVICE FOR CYBER DEFENSE FROM ACCENTURE AND SPLUNK. YOUR CURRENT APPROACHES TO CYBER DEFENSE COULD BE PUTTING YOU AT RISK Cyber-attacks are increasingly
More informationANATOMY OF AN ATTACK!
ANATOMY OF AN ATTACK! Are Your Crown Jewels Safe? Dom Kapac, Security Evangelist WHAT DO WE MEAN BY CROWN JEWELS? Crown jewels for most organizations are critical infrastructure and data Data is a valuable
More informationQuestion No: 2 Which identifier is used to describe the application or process that submitted a log message?
Volume: 65 Questions Question No: 1 Which definition of a fork in Linux is true? A. daemon to execute scheduled commands B. parent directory name of a file pathname C. macros for manipulating CPU sets
More informationCYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta
CYBER ANALYTICS Architecture Overview Technical Brief May 2016 novetta.com 2016, Novetta Novetta Cyber Analytics: Technical Architecture Overview 1 INTRODUCTION 2 CAPTURE AND PROCESS ALL NETWORK TRAFFIC
More informationTHREAT MANAGEMENT AND OUR TECHNICAL LEARNINGS IMPLEMENTING CTI
LIFE AFTER THREAT INTELLIGENCE EXCHANGE THREAT MANAGEMENT AND OUR TECHNICAL LEARNINGS IMPLEMENTING CTI Joep Gommers @joepgommers Marko Dragoljevic @chipi_nbgd Download whitepaper http://bit.do/threatintel
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by behavior-based threat detection and intelligent automation.
More informationReading the Tea Leaves of the 2015 RSA Conference Submissions
Reading the Tea Leaves of the 2015 RSA Conference Submissions Hugh Thompson RSA Conference 2015 Program Committee Chairman Britta Glade RSA Conferences Senior Content Manager Agenda Quick submission &
More informationThe Center for Internet Security
The Center for Internet Security The CIS Security Metrics Service July 1 2008 Organizations struggle to make cost-effective security investment decisions; information security professionals lack widely
More informationHOSTED SECURITY SERVICES
HOSTED SECURITY SERVICES A PROVEN STRATEGY FOR PROTECTING CRITICAL IT INFRASTRUCTURE AND DEVICES Being always-on, always-connected might be good for business, but it creates an ideal climate for cybercriminal
More informationEnabling Distributed Threat Analysis: Common Attack Patterns and Malware Characterization
Enabling Distributed Threat Analysis: Common Attack Patterns and Malware Characterization Sean Barnum Penny Chase Aug 2011 HS SEDI is a trademark of the U.S. Department of Homeland Security (DHS). The
More informationInvasion of Malware Evading the Behavior-based Analysis
Invasion of Malware Evading the Behavior-based Analysis Memory-Based Exploit Analysis of AhnLab MDS Feb. 21, 2014 Content Introduction... 3 Ever-evolving Malware Bypass Even Sandbox-based Behavior Analysis...
More informationMcAfee Advanced Threat Defense
Advanced Threat Defense Detect advanced malware Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike
More informationSecurity+ SY0-501 Study Guide Table of Contents
Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators
More informationLeading the Digital Transformation from the Centre of Government
37th Meeting of Senior Officials from Centres of Government Leading the Digital Transformation from the Centre of Government Dublin, Ireland, 8-9 November 2018 Agenda 2 GOV/PGC/MPM/A(2018)1/REV1 19.00
More informationSTIX Block #2: Quick Wins
www.oasis-open.org STIX Block #2: Quick Wins January 14, 2016 Session objective See if we can quickly nail down some quick wins VERY briefly describe apparent consensus on 10 issues/proposals Confirm/Refute
More informationDHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1
Addressing the Evolving Cybersecurity Tom Tollerton, CISSP, CISA, PCI QSA Manager Cybersecurity Advisory Services DHG presenter Tom Tollerton, Manager DHG IT Advisory 704.367.7061 tom.tollerton@dhgllp.com
More informationHacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK
Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for
More informationUnderstanding Cisco Cybersecurity Fundamentals
210-250 Understanding Cisco Cybersecurity Fundamentals NWExam.com SUCCESS GUIDE TO CISCO CERTIFICATION Exam Summary Syllabus Questions Table of Contents Introduction to 210-250 Exam on Understanding Cisco
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by machine learning and intelligent automation. By rethinking
More informationCyber Partnership Blueprint: An Outline
Approved for Public Release; Distribution Unlimited. 13-3851 The MITRE Corporation Cyber Partnership Blueprint: An Outline October 26, 2013 Copyright 1997-2013, The MITRE Corporation. All rights reserved.
More informationFuture Directions for SysML v2 INCOSE IW MBSE Workshop January 28, 2017
Future Directions for SysML v2 INCOSE IW MBSE Workshop January 28, 2017 Sanford Friedenthal safriedenthal@gmail.com 1/30/2017 Agenda Background System Modeling Environment (SME) SysML v2 Requirements Approach
More informationUNCLASSIFIED. R-1 Program Element (Number/Name) PE D8Z / Software Engineering Institute (SEI) Applied Research. Prior Years FY 2013 FY 2014
Exhibit R-2, RDT&E Budget Item Justification: PB 2015 Office of Secretary Of Defense Date: March 2014 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 2: COST ($ in Millions) Prior Years
More informationDoS Cyber Attack on a Government Agency in South America- February 2012 Anonymous Mobile LOIC in Action
DoS Cyber Attack on a Government Agency in South America- February 2012 Anonymous Mobile LOIC in Action 1 Table of Content Preamble...3 About Radware s DefensePro... 3 About Radware s Emergency Response
More informationCarbon Black PCI Compliance Mapping Checklist
Carbon Black PCI Compliance Mapping Checklist The following table identifies selected PCI 3.0 requirements, the test definition per the PCI validation plan and how Carbon Black Enterprise Protection and
More informationGLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications
GLOBALPROTECT Prevent Breaches and Secure the Mobile Workforce GlobalProtect extends the protection of Palo Alto Networks Next-Generation Security Platform to the members of your mobile workforce, no matter
More informationPresentation to the ITU on the Q-CERT Incident Management Team. Ian M Dowdeswell Incident Manager, Q-CERT
Presentation to the ITU on the Q-CERT Incident Management Team Ian M Dowdeswell Incident Manager, Q-CERT 2 Q-CERT Mission The Mission of Q-CERT is to be a world-class center of excellence providing expert
More informationSTIX Patterning: Viva la revolución!
STIX Patterning: Viva la revolución! Cyber Threat Intelligence Matters FIRST Technical Symposium and OASIS Borderless Cyber Conference Jason Keirstead - STSM, IBM Security Trey Darley - Director of Standards
More informationWHITE PAPER. Secure communication. - Security functions of i-pro system s
WHITE PAPER Secure communication - Security functions of i-pro system s Panasonic Video surveillance systems Table of Contents 1. Introduction... 1 2. Outline... 1 3. Common security functions of the i-pro
More informationLegal Foundation and Enforcement: Promoting Cybersecurity
Legal Foundation and Enforcement: Promoting Cybersecurity Regional Workshop on Frameworks for Cybersecurity and Critical Information Infrastructure Protection February 19, 2008 Mark L. Krotoski Computer
More informationWHITEPAPER ENDPOINT DETECTION AND RESPONSE BEYOND ANTIVIRUS PROACTIVE THREAT HUNTING AT THE ENDPOINT
WHITEPAPER ENDPOINT DETECTION AND RESPONSE BEYOND ANTIVIRUS PROACTIVE THREAT HUNTING AT THE ENDPOINT THREE DECADES OF COMPUTER THREATS In 1986, the Brain boot sector virus caused the first widespread realization
More informationPull It Together. Enabling Interoperability of Digital Forensic Systems Using a Standard Representation and Supporting API
Pull It Together Enabling Interoperability of Digital Forensic Systems Using a Standard Representation and Supporting API Org 1 Sean Barnum, FireEye Ryan Griffith, DC3 Data source 1, 2 Org 2 Data source
More informationZero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection
Zero Trust on the Endpoint Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection March 2015 Executive Summary The Forrester Zero Trust Model (Zero Trust) of information
More informationNFV SEC TUTORIAL. Igor Faynberg, CableLabs Chairman, NFV Security WG
NFV SEC TUTORIAL Igor Faynberg, CableLabs Chairman, NFV Security WG 1 The NFV SEC Working Group Mission The NFV SEC Working Group comprises Computing, Networking and Cloud security experts representing
More informationA QUICK INTRODUCTION TO THE NFV SEC WG. Igor Faynberg, Cable Labs Chairman ETSI NFV SEC WG
A QUICK INTRODUCTION TO THE NFV SEC WG Igor Faynberg, Cable Labs Chairman ETSI NFV SEC WG 1 The NFV SEC Working Group Misson The NFV SEC Working Group comprises computer. network, and Cloud security experts
More informationINCIDENT HANDLING & RESPONSE PROFESSIONAL VERSION 1
INCIDENT HANDLING & RESPONSE PROFESSIONAL VERSION 1 The most practical and comprehensive training course on incident handling & response elearnsecurity has been chosen by students in over 140 countries
More informationQualifying exam: operating systems, 1/6/2014
Qualifying exam: operating systems, 1/6/2014 Your name please: Part 1. Fun with forks (a) What is the output generated by this program? In fact the output is not uniquely defined, i.e., it is not always
More informationCTA STIX/TAXII Service
Overview, on page 1 Poll Service, on page 2 Common Queries, on page 8 CTA Integration with Cisco ISE, on page 10 Overview Cisco ScanCenter allows you to pull information on incidents detected by CTA down
More informationAutomated Response in Cyber Security SOC with Actionable Threat Intelligence
Automated Response in Cyber Security SOC with Actionable Threat Intelligence while its biggest weakness is lack of visibility: SOCs still can t detect previously unknown threats, which is a consistent
More informationApplication Whitelisting and Active Analysis Nick Levay, Chief Security Officer, Bit9
Application Whitelisting and Active Analysis Nick Levay, Chief Security Officer, Bit9 About Me Chief Security Officer @ Bit9 Former Director of Technical Operations and Information Security @ Center for
More informationRiskSense Attack Surface Validation for Web Applications
RiskSense Attack Surface Validation for Web Applications 2018 RiskSense, Inc. Keeping Pace with Digital Business No Excuses for Not Finding Risk Exposure We needed a faster way of getting a risk assessment
More informationIntegrated Access Management Solutions. Access Televentures
Integrated Access Management Solutions Access Televentures Table of Contents OVERCOMING THE AUTHENTICATION CHALLENGE... 2 1 EXECUTIVE SUMMARY... 2 2 Challenges to Providing Users Secure Access... 2 2.1
More informationAchieving & Measuring the Value of Cyber Threat Information Sharing. Lindsley Boiney, Clem Skorupka (presenting)
Achieving & Measuring the Value of Cyber Threat Information Sharing Lindsley Boiney, Clem Skorupka (presenting) The MITRE Corporation 2018 International Information Sharing Conference McLean, VA 2 Acknowledgements
More information