Security Essentials Start Here
|
|
- Geraldine Tate
- 6 years ago
- Views:
Transcription
1 Security Essentials Start Here 5 best practices to secure your organization and prevent business injuring incidents Teodor Cimpoesu, Technical Director, UTI-CERT
2 certsign Clear legal requirements and compliance Disaster recovery and business continuity Trusted Introducer member ISO & 9001 compliance Regular internal pen testing and security audit Structure enhanced to cover variety of customers Oil and gas Utilities providers Banks Telecom Al around cyber security services and solutions Flexibility for special projects customized according to client needs Customizable services Adaptable SLA Training, Knowledge transfer and technical support
3 UTI-CERT SOC Consulting Vulnerability Assessment Security validation (Pen testing) Security consulting Managed Services Monitoring (SIEM) Network Security Communication Security Data Security Endpoint Security CSIRT Alerting Services Incident Handling Vulnerability Handling Forensics Malware Analysis Vulnerability Analysis Special Services Cyber Investigation Threat Intelligence Advanced Monitoring Special Projects Research & Development
4 1. Cybercrime & Risk
5 Cyber risks in global context Word Economic Forum study on global risks (2014) findings position Cyber attacks in high likelihood / high impact. Systemic risk is the risk of breakdowns in an entire system, as opposed to breakdowns in individual parts and components Systemic risks are characterized by: modest tipping points combining indirectly to produce large failures risk-sharing or contagion, as one loss triggers a chain of others hysteresis, or systems being unable to recover equilibrium after a shock Cyber risks in key areas (e.g. financial) and attacks on critical infrastructure pose a systemic risk Source: World Economic Forum, Global Risks 2014 Ninth Edition
6 Cyber risks in global context On the The Global Risks Interconnection Map we can see the links and potential influences of the systemic risks. The Technological Risks are strongly linked with geopolitical and economic risks. Organized crime risk has a direct link to them. Mitigating one area involves taking into consideration other indirect risk propagations as well. Source: World Economic Forum, Global Risks 2014 Ninth Edition
7 Global Cybercrime The Comprehensive study by United Nations Office on Drugs and Crime (2013) gives a perspective from GOV, COM, EDU view. Findings: - Laws are fragmented, lack procedural powers and hinder intl cooperation. - Law enforcement and criminal justice have limitations in their capacity to react and combat - Preventions activities are lacking / require strengthening Source: Comprehensive Study on Cybercrime, UN ODC
8 Global Cybercrime The Comprehensive study by United Nations Office on Drugs and Crime (2013) gives a perspective from GOV, COM, EDU view. Findings: - Laws are fragmented, lack procedural powers and hinder intl cooperation. - Law enforcement and criminal justice have limitations in their capacity to react and combat - Preventions activities are lacking / require strengthening Source: Comprehensive Study on Cybercrime, UN ODC
9 Accelerators: business ecosystem The increasing frequency, variety, and complexity of attacks are the product of an emerging cybercrimeas-a-service provider market. This market allows malicious parties to execute attacks at considerably lower cost, with considerably lower levels of technical savvy. Research-as-a-Service Vulnerabilities, Exploits, IDs Crimware-as-a-Service Development, Malware Services Infrastructure-as-a-Service Botnets, Hosting, Exploitpacks Hacking-as-a-service DoS, Password Cracking, Financials Source: Cybercrime Exposed. Cybercrime-as-a-Service, McAfee
10 Accelerators: Cheap & easy Source: Cybercrime Exposed. Cybercrime-as-a-Service, McAfee
11 Botnet business Global/Local Source: Anubis Networks
12 EU response to cybercrime Policies and directives The Cybersecurity Strategy of the EU (2013) Directive 2013/40/EU on attacks against information systems Directive 2011/92/EU on combating the sexual exploitation of children online and child abuse eprivacy Directive 2009/136/EC Framework Decision on combating fraud and counterfeit /413/JHA Institutions & Initiatives European Cybercrime Centre EUROPOL European Network and Information Security Agency (ENISA) Cybersecurity Strategy Strategic Priorities Achieving cyber resilience Drastically reducing cybercrime Developing cyberdefence policy and capabilities Develop the industrial and technological resources for cybersec Establish a coherent international cyberspace policy for EU Directive 2013/40/EU Deadline for transposition in the Member States Guidelines and best practices EU countries must: have an operational national point of contact, use the existing network of 24/7 contact points, respond to urgent requests for help within 8 hours to indicate whether and when a response may be provided, collect statistical data on cybercrime.
13 2. Defence Fundamentals
14 Step 1: Know - what is a best practice and why SANS Top20 Critical Security Controls 1 Inventory of Authorized and Unauthorized Devices 2 Inventory of Authorized and Unauthorized Software 3 Secure Configurations (HW/SW/Mobile/Stations/Servers) 4 Continuous Vulnerability Assessment and Remediation 5 Malware Defenses 6 Application Software Security 7 Wireless Access Control 8 Data Recovery Capability 9 Security Skills Assessment and Appropriate Training 10 Secure Configurations for Network Devices 11 Limitation and Control of Network Ports, Protocols&Services 12 Controlled Use of Administrative Privileges 13 Boundary Defense 14 Maintenance, Monitoring, and Analysis of Audit Logs 15 Controlled Access Based on the Need to Know 16 Account Monitoring and Control 17 Data Protection 18 Incident Response and Management 19 Secure Network Engineering 20 Penetration Tests and Red Team Exercises How to implement: Update structured information on your inventory & classification. Continue with Threat Modeling, that will give the focus areas. Evaluate written and technical policies. Test them in real life, daily operations. Segregate, separate, define roles and limit access. Understand & adopt Zero Trust Model. Ensure that there are written incident response procedures that include a definition of personnel roles for handling incidents. The procedures should define the phases of incident handling. Assign job titles and duties for handling IR Define management personnel who will support the incident handling process by acting in key decision-making roles. Org standards for time to report anomalous events Publish information regarding reporting anomalies and incidents to the incident handling team. Run awareness training. Source: SANS Institute Critical Security Controls
15 Step 1: Know - what is a best practice and why Modern Security Practices Intelligence driven defense Threat vector analysis Data exfiltration analysis Detection dominant design Zero trust model Intrusion kill chain Attack hunting Visibility analysis Data visualization Lateral movement analysis Data ingress/egress mapping Internal segmentation Network security monitoring Continuous monitoring
16 Step 1: Know - what is a best practice and why IDS & IPS with multiple deployment models DPI of IP & Serial SCADA protocols - DNP3, IEC 101/104/61850, ModBus. Each protocol packet is validated up to its function code and the command content. Model-based analytics for M2M sessions Self-learning of application behavioral model Signature Based for detect known vulnerability Task-based validation of H2M sessions Integration with physical security Authentication Proxy for access to end-devices o Encrypted VPN tunnels for inter-site connectivity
17 Step 2: Discover - Assets and configuration audit
18 Step 2: Discover Software Asset Management Microsoft SAM Control costs & risks Tackle complexity Optimize use of SW assets Grow/optimize the infrastructure Risk coverage Non-compliance Security Business down-time Legal & licensing Overspending on licensing Software conflicts
19 Step 3: Assess - the Threat (do Modeling) Methodologies, e.g. IDDIL/ATC : Covers critical security controls (SANS / ISO27001) I. Discovery Identify ASSETS Define the ATTACK SURFACE Decompose the SYSTEM Identify ATTACK VECTORS List THREAT ACTORS II. Implementation Analysis & assessment Triage Control Source: A Threat-Driven Approach to Cyber Security - Methodologies, Practices and Tools to Enable a Functionally Integrated Cyber Security Organization, Lockheed Martin Corp.
20 Step 3: Assess - The actual vulnerabilities (do Scan/Pentest)
21 Step 4: Monitor integrate, correlate, enrich Source: HP Security
22 Step 4: Monitor integrate, correlate, enrich Threat Intelligence The real-time collection, normalization, and analysis of the data generated by users, applications, and infrastructure that impacts the IT security and risk posture of an enterprise. The goal of Security Intelligence is to provide actionable and comprehensive insight that reduces risk and operational effort for any size organization. Data collected and warehoused by Security Intelligence solutions includes logs, events, network flows, user identities and activity, asset profiles and locations, vulnerabilities, asset configurations, and external threat data. Security Intelligence provides analytics to answer fundamental questions that cover the before/during/after timeline of risk and threat management. Risk Management. Vulnerability Management. Configuration Monitoring. Patch Management. Threat Intelligence. Compliance Management. Reporting and Scorecards. SIEM. Log Management. Incident Response. Network and Host Intrusion Prevention. Network Anomaly Detection. Packet Forensics. Database Activity Monitoring. Data Loss Prevention. Source: IBM
23 Step 4: Monitor integrate, correlate, enrich Threat Intel (TI) Frameworks MAEC CAPEC OVAL CVE MMDEF IODEF YARA Indicators STIX Structured Threat Information expression (MITRE/OASIS) TAXII Trusted Automated exchange of Indicator Information (MITRE/OASIS) CYBOX Cyber Observable expression (MITRE/OASIS) OpenIOC Open Indicators of Compromise (FireEYE/Mandiant) IODEF Incident Object Description Exchange Format (IETF RFC5070). YARA - Yet Another Regex Analyzer binary pattern scanning (OSS) SNORT - real-time analysis of network traffic (CISCO). TAXII PCAP PCAPNG CYBOX STIX NetFlow S-Flow OpenIOC CEF Syslog Enumerations MMDEF - Malware Metadata Exchange Format (IEEE) MAEC - Malware Attribute Enumeration and Characterization (MITRE). CAPEC Common Attack Pattern Enumeration and Classification (MITRE). CVE - Common Vulnerabilities and Exposures (MITRE) CVSS - Common Vulnerability Scoring System (NIST) CPE Common Platform Enumeration (NIST) OVAL - Open Vulnerability and Assessment Language (MITRE) OSVDB - Open Sourced Vulnerability Database (OSF) JSON YAML XML MITRE Not-for-profit org that operates US federally funded research centers.
24 TI Case Study Anubis Network Cyberfeed Helping an energy company and its customers stopping cyber threats Challenge Availability and reliability of networks and infrastructure, which can be compromised by malware designed to impact network and employee productivity. Solution the company is now able to detect devices and machines related to information stealing Trojans using real-time security data feeds via API access, a live dashboard and plugins to its SIEM system (SPLUNK): Detect networks and devices compromised with persistent or new malware families; Understand malware landscape at the company, network, local, country level; Track botnet behavior, growth, dispersion and lifetime; Intercept and monitor communications between malware and C&C server; Ability to define business rules to query communication data details between compromised devices and C&C. Business benefits Amongst other client detected an infected internal machine that only appeared on weekend days. Used Cyberfeed to pinpoint the compromised machine finding it was a person accessing the network through an infected personal device.
25 Step 5: React timely & well-informed. Hunt for it. In reality, companies and organizations struggle with: Threat detection, investigation and incident response is immature Determining the root cause of incidents and then containing and remediating them is the tough nut Making use of security intelligence Evaluating assets risk state SIEM tools also require advanced skills and knowledge Many SIEM are verbose give too many FPs Many attacks spread over larger period of time and context may be lost / lacking
26 Step 5: React timely & well-informed. Hunt for it. Ideal SOC / IR Team Duty officer / Tier 1 Analyst takes care of all incoming requests. Ensure that all incidents have owners. Triage officer / Tier 1 Analyst deal with the reported incidents, decides whether it is an incident and is to be be handled, and by whom Incident handler / Tier 2 Incident Responder works on the incident: analyze data, create solutions, resolve the technical details and communicates about the progress to the manager and the constituents. Incident handler / Tier 3 Subject Matter Expert advanced analyst that deals with complex cases that involve a cross-filed investigation. Incident manager responsible for the coordination of all incident handling activities. Represents the team in communicating to the outside 3 rd parties. Services staffing: to deliver two core services of the distribution of advisory bulletins as well as incident handling: a minimum of 4 FTE. For a full service CSIRT during office hours, and maintaining systems: a minimum of 6 to 8 FTE. For a fully staffed 24x7 shift (2 shifts during out-of-office hours), the minimum is about 12 FTE. Source: Ten Strategies of a World-Class Cybersecurity Operations Center (MITRE)
27 Step 5: React timely & well-informed. Hunt for it. Investigative Lifecycle: Initial Evidence Create IOCs for Host&Network Deploy IOCs in the Enterprise e.g. IDS/SIEM Identify Additional Suspect Systems Collect Evidence Analyze Evidence Refine & Create new IOCs Source: An Introduction to OpenIOC, Mandiant
28 Step 5: React timely & well-informed. Hunt for it. Actually a Russian proverb, Доверяй но проверяй, Suzanne Massie, a writer on Russia, taught Pr. Ronald Raegan "The old mantra of trust but verify just isn t working. Never trust and verify is how we must apply security in this era of sophisticated breaches. Quote:
29 Questions? Thoughts? UTI-CERT Team contacts:
30 3. Research
31 clicksign Online Function as a service Private Key in Cloud Local Component: Web Browser Sign and Verify Web Service architecture Files Stored in Office 365 File always in the cloud, never on the local machine Native signatures, PDF signatures, CMS-RFC5652 signatures
32
33 WhatYouSeeIsNotWhatYouGet - WebRole1: web service interface - Share Point Worker: files manager - Signature Worker: signature manager
34 disksafe for the Cloud User interface and the driver were adapted to work with data in chunks Sync module ensures that data chunks are synchronized between local and cloud storage
35 Classic work patterns Pattern 1: 1. PC1 a virtual encrypted disk is created for sync with cloud storage 2. PC2 in the second PC, virtual encrypted disk is imported from the configured cloud storage folder 3. PC1 a secondary user is added for the second PC the entire file containing encrypted disk is synced to cloud storage by the client 4. PC2 the secondary user will be able to access the encrypted disk after he gets the entire file. On a large disk, any small modification triggers entire content synchronization Pattern 2: 1. PC1 a virtual encrypted disk is created. It is copied on a usb stick 2. PC2 in the second PC, virtual encrypted disk is imported from the usb stick 3. PC1 a file is created and stored in the virtual encrypted disk. The entire disk must be copied to usb stick 4. PC2 the disk is mounted from the usb stick
36 Cloud based work patterns Pattern 1: 1. PC1 a virtual encrypted disk is created for sync with Dropbox 2. PC2 in the second PC, virtual encrypted disk is imported 3. PC1 a secondary user is added for the second PC 4. PC2 the secondary user is able to access the encrypted disk Different from typical usage, when a user is added, instead of replicating all the data with the cloud only one chunk is synchronized Pattern 2: 1. PC1 a virtual encrypted disk is created for sync with Dropbox 2. PC2 in the second PC, virtual encrypted disk is imported 3. PC1 a file is created and stored in the virtual encrypted disk 4. PC2 the disk is mounted and the file is present Dependant on the size, when the file is stored on the disk, just the affected chunks are synced. Some real-life performance figures: * 4MB - 1Mb/s - 32s; 4MB - 10Mb/s - 3.2s; 4MB - 100Mb/s - 0.3s * 10MB - 1Mb/s- 80s; 10MB - 10Mb/s - 8s; 10MB - 100Mb/s - 0.8s
37 Computing on encrypted data
38 Experimental facts The practical implementation for determining X>Y and X=Y (followed by the corresponding experimental results) was built on top of HElib library. It consists in coding the corresponding compute recursive functions (C/C++ code). In this manner, we used the leveled version of the BGV FHE scheme (embedded in the 2014 version of HElib). The reported time for the comparison of two 8-bit integers, X > Y, is 12 seconds (for 128 bits of the claimed security and using one core of an Intel(R) Xeon(R) E at 3.6 GHz).
39 Experimental facts Finding the maximum number working with an encrypted array: Security bits Time sec Memory GB No of elements in the array - 16 The conducted tests involved an workstation with an x64 of opensuse 12.1 distribution (Intel i7-4710hq processor running at 3.5 GHz, one core and 8GB RAM). This is the needed time costs for the homomorphic evaluation of the GETMAX function for an array of integer values (of n = 8 bits length).
40 TTP The approach is straightforward, we use a webcrawler for the site and a browser extension for the user experience Cryptography comes into place with digital signatures and timestamping
41 TTP Firefox add-on works with our server sending captured images, Heritrix is used for crawling and storing data Signature service is used to sign and timestamp captured images and sites. Advanced signatures are used to be validated at a later point in time All signatures are stored for presentation to interested users.
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.
More informationDesigning and Building a Cybersecurity Program
Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity
More informationRSA NetWitness Suite Respond in Minutes, Not Months
RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationCyber Threat Intelligence Sharing Standards
SESSION ID: PST-W08 Cyber Threat Intelligence Sharing Standards Jerome Athias Cybersecurity Specialist Saudi Aramco @JA25000 Agenda Cyber Threat Intelligence (CTI) CTI Sharing Standards Summary & Apply
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationMEETING ISO STANDARDS
WHITE PAPER MEETING ISO 27002 STANDARDS September 2018 SECURITY GUIDELINE COMPLIANCE Organizations have seen a rapid increase in malicious insider threats, sensitive data exfiltration, and other advanced
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationIntegrated, Intelligence driven Cyber Threat Hunting
Integrated, Intelligence driven Cyber Threat Hunting THREAT INVESTIGATION AND RESPONSE PLATFORM Zsolt Kocsis IBM Security Technical Executive, CEE zsolt.kocsis@hu.ibm.com 6th Nov 2018 Build an integrated
More informationReducing the Cost of Incident Response
Reducing the Cost of Incident Response Introduction Cb Response is the most complete endpoint detection and response solution available to security teams who want a single platform for hunting threats,
More informationFTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.
FTA 2017 SEATTLE Cybersecurity and the State Tax Threat Environment 1 Agenda Cybersecurity Trends By the Numbers Attack Trends Defensive Trends State and Local Intelligence What Can You Do? 2 2016: Who
More informationThreat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ
Threat Containment and Operations Yong Kwang Kek, Director of Presales SE, APJ 2018-07-19 1 1 2017 Infoblox Inc. All Rights 2013 Infoblox Inc. All Reserved. Rights Reserved. Three Aspects of Security #1
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationForeScout Extended Module for Splunk
Enterprise Strategy Group Getting to the bigger truth. ESG Lab Review ForeScout Extended Module for Splunk Date: May 2017 Author: Tony Palmer, Senior Lab Analyst Abstract This report provides a first look
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationNOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect
NOTHING IS WHAT IT SIEMs: COVER PAGE Simpler Way to Effective Threat Management TEMPLATE Dan Pitman Principal Security Architect Cybersecurity is harder than it should be 2 SIEM can be harder than it should
More informationDetect Fraud & Financial Crime
IBM i2 Intelligence Analysis Detect Fraud & Financial Crime Acquire Discover Action! Urs Christen Security Sales Government urs.christen@ch.ibm.com 1 IBM Security 2014 IBM Corporation Build an integrated
More informationTHE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson
THE RSA NETWITNESS SUITE REINVENT YOUR SIEM Presented by: Walter Abeson 1 Reality Goals GOALS VERSUS REALITY OF SIEM 1.0 Single compliance & security interface Analyze & prioritize alerts across various
More informationExternal Supplier Control Obligations. Cyber Security
External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place
More informationOUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER
OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER HOW TO ADDRESS GARTNER S FIVE CHARACTERISTICS OF AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER 1 POWERING ACTIONABLE
More informationBUILDING AND MAINTAINING SOC
BUILDING AND MAINTAINING SOC Digit Oktavianto KOMINFO 7 December 2016 digit dot oktavianto at gmail dot com 1 Digit Oktavianto Profile in 1 Page Currently working as a Security Architect Professional Certifications:
More information10 FOCUS AREAS FOR BREACH PREVENTION
10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationAligning with the Critical Security Controls to Achieve Quick Security Wins
Aligning with the Critical Security Controls to Achieve Quick Security Wins Background The Council on CyberSecurity s Critical Security Controls for Effective Cyber Defense provide guidance on easy wins
More informationCriminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud
Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud Introduction The Criminal Justice Information Security (CJIS) Policy is a publically accessible document that contains
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationभ रत य ररज़र व ब क. Setting up and Operationalising Cyber Security Operation Centre (C-SOC)
Annex-2 Setting up and Operationalising Cyber Security Operation Centre (C-SOC) Introduction 1 - Banking Industry in India has evolved technologically over the years and currently delivering innovative
More informationEnhancing the Cybersecurity of Federal Information and Assets through CSIP
TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3
More informationalign security instill confidence
align security instill confidence cyber security Securing data has become a top priority across all industries. High-profile data breaches and the proliferation of advanced persistent threats have changed
More informationFidelis Overview. 15 August 2016 ISC2 Cyber Defense Forum
Fidelis Overview 15 August 2016 ISC2 Cyber Defense Forum Fidelis Cybersecurity EST. 2002 T HE W O RLD S M O ST VAL U ABLE BR AND S USE FIDELIS* I N D U S T R I E S W E S E R V E Defense Contractors Financial
More informationK12 Cybersecurity Roadmap
K12 Cybersecurity Roadmap Introduction Jason Brown, CISSP Chief Information Security Officer Merit Network, Inc jbrown@merit.edu @jasonbrown17 https://linkedin.com/in/jasonbrown17 2 Agenda 3 Why Use the
More informationThe Cognito automated threat detection and response platform
Overview The Cognito automated threat detection and response platform HIGHLIGHTS Finds active cyberattackers inside cloud, data center and enterprise environments Automates security investigations with
More informationCompTIA Cybersecurity Analyst+
CompTIA Cybersecurity Analyst+ Course CT-04 Five days Instructor-Led, Hands-on Introduction This five-day, instructor-led course is intended for those wishing to qualify with CompTIA CSA+ Cybersecurity
More informationARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE
ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE Vectra Cognito HIGHLIGHTS Finds active attackers inside your network Automates security investigations with conclusive
More informationVectra Cognito. Brochure HIGHLIGHTS. Security analyst in software
Brochure Vectra Cognito HIGHLIGHTS Finds active attackers inside your network Automates security investigations with conclusive answers Persistently tracks threats across all phases of attack Monitors
More informationAre we breached? Deloitte's Cyber Threat Hunting
Are we breached? Deloitte's Cyber Threat Hunting Brochure / report title goes here Section title goes here Have we been breached? Are we exposed? How do we proactively detect an attack and minimize the
More informationOne Hospital s Cybersecurity Journey
MAY 11 12, 2017 SAN FRANCISCO, CA One Hospital s Cybersecurity Journey SanFrancisco.HealthPrivacyForum.com #HITprivacy Introduction Senior Director Information Systems Technology, Children s Mercy Hospital
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationKey Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.
Key Technologies for Security Operations 2 Traditional Security Is Not Working 97% of breaches led to compromise within days or less with 72% leading to data exfiltration in the same time Source: Verizon
More informationCourse Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture
About this Course This course will best position your organization to analyse threats and detect anomalies that could indicate cybercriminal behaviour. The payoff for this new proactive approach would
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationSneak Peak at CIS Critical Security Controls V 7 Release Date: March Presented by Kelli Tarala Principal Consultant Enclave Security
Sneak Peak at CIS Critical Security Controls V 7 Release Date: March 2018 2017 Presented by Kelli Tarala Principal Consultant Enclave Security 2 Standards and Frameworks 3 Information Assurance Frameworks
More informationCyber Security Technologies
1 / Cyber Security Technologies International Seminar on Cyber Security: An Action to Establish the National Cyber Security Center Lisbon, 12 th September 2013 23 / Key highlights - Thales Group Thales
More informationPanelists. Moderator: Dr. John H. Saunders, MITRE Corporation
SCADA/IOT Panel This panel will focus on innovative & emerging solutions and remaining challenges in the cybersecurity of industrial control systems ICS/SCADA. Representatives from government and infrastructure
More informationEXABEAM HELPS PROTECT INFORMATION SYSTEMS
WHITE PAPER EXABEAM HELPS PROTECT INFORMATION SYSTEMS Meeting the Latest NIST SP 800-53 Revision 4 Guidelines SECURITY GUIDELINE COMPLIANCE There has been a rapid increase in malicious insider threats,
More informationMcAfee Advanced Threat Defense
Advanced Threat Defense Detect advanced malware Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike
More informationSupercharge Your SIEM: How Domain Intelligence Enhances Situational Awareness
Supercharge Your SIEM: How Domain Intelligence Enhances Situational Awareness Introduction Drowning in data but starving for information. It s a sentiment that resonates with most security analysts. For
More informationCyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS
Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported
More informationIT Security Mandatory Solutions. Andris Soroka 2nd of July, RIGA
IT Security Mandatory Solutions Andris Soroka 2nd of July, 2014 @LPS, RIGA Data Security Solutions business card Specialization IT Security IT Security services (consulting, audit, pen-testing, market
More informationQuestion No: 1 After running a packet analyzer on the network, a security analyst has noticed the following output:
Volume: 75 Questions Question No: 1 After running a packet analyzer on the network, a security analyst has noticed the following output: Which of the following is occurring? A. A ping sweep B. A port scan
More informationTechnology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited
Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry
More informationWHITE PAPER. Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale
WHITE PAPER Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale One key number that is generally
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationCYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO
CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO INFORMATION SECURITY PAINS CISO RESPONSIBILITY WITHOUT AUTHORITY INVENTORY TO MANAGE ALERTS WITHOUT MEANING ASSETS SPREAD ACROSS
More informationENISA EU Threat Landscape
ENISA EU Threat Landscape 24 th February 2015 Dr Steve Purser ENISA Head of Department European Union Agency for Network and Information Security www.enisa.europa.eu Agenda ENISA Areas of Activity Key
More informationIncident Response Services to Help You Prepare for and Quickly Respond to Security Incidents
Services to Help You Prepare for and Quickly Respond to Security Incidents The Challenge The threat landscape is always evolving and adversaries are getting harder to detect; and with that, cyber risk
More informationTesting for cyber resilience tools & techniques for adversary simulation and improved defense
Testing for cyber resilience tools & techniques for adversary simulation and improved defense Adrian Ifrim & Teodor Cimpoesu, Deloitte Cyber Resilience in Focus NIS Directive to bring cybersecurity capabilities
More informationBOLSTERING DETECTION ABILITIES KENT KNUDSEN JUNE 23, 2016
BOLSTERING DETECTION ABILITIES KENT KNUDSEN JUNE 23, 2016 Overview Current Threats Where we fail Cyber Security Lifecycle Key Areas to Continuously Monitor Security Metrics Where to prioritize Security
More informationGujarat Forensic Sciences University
Gujarat Forensic Sciences University Knowledge Wisdom Fulfilment Cyber Security Consulting Services Secure Software Engineering Infrastructure Security Digital Forensics SDLC Assurance Review & Threat
More informationCyber Threat Intelligence Standards - A high-level overview
Cyber Threat Intelligence Standards - A high-level overview Christian Doerr TU Delft, Cyber Threat Intelligence Lab Delft University of Technology Challenge the future ~ whoami At TU Delft since 2008 in
More informationNational Cyber Security Operations Center (N-CSOC) Stakeholders' Conference
National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference Benefits to the Stakeholders A Collaborative and Win-Win Strategy Lal Dias Chief Executive Officer Sri Lanka CERT CC Cyber attacks
More informationSecurity by Default: Enabling Transformation Through Cyber Resilience
Security by Default: Enabling Transformation Through Cyber Resilience FIVE Steps TO Better Security Hygiene Solution Guide Introduction Government is undergoing a transformation. The global economic condition,
More informationGDPR: An Opportunity to Transform Your Security Operations
GDPR: An Opportunity to Transform Your Security Operations McAfee SIEM solutions improve breach detection and response Is your security operations GDPR ready? General Data Protection Regulation (GDPR)
More informationCybersecurity Auditing in an Unsecure World
About This Course Cybersecurity Auditing in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that cybersecurity
More informationCyberArk Privileged Threat Analytics
CyberArk Privileged Threat Analytics Table of Contents The New Security Battleground: Inside Your Network 3 Privileged account security 3 Collect the right data 4 Detect critical threats 5 Alert on critical
More informationSage Data Security Services Directory
Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time
More informationA Measurement Companion to the CIS Critical Security Controls (Version 6) October
A Measurement Companion to the CIS Critical Security Controls (Version 6) October 2015 1 A Measurement Companion to the CIS Critical Security Controls (Version 6) Introduction... 3 Description... 4 CIS
More informationNovetta Cyber Analytics
Know your network. Arm your analysts. Introduction Novetta Cyber Analytics is an advanced network traffic analytics solution that empowers analysts with comprehensive, near real time cyber security visibility
More informationSecurity+ SY0-501 Study Guide Table of Contents
Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators
More informationTHE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM
THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM Modern threats demand analytics-driven security and continuous monitoring Legacy SIEMs are Stuck in the Past Finding a mechanism to collect, store
More informationBuilding Resilience in a Digital Enterprise
Building Resilience in a Digital Enterprise Top five steps to help reduce the risk of advanced targeted attacks To be successful in business today, an enterprise must operate securely in the cyberdomain.
More informationSecuring Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)
Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF) A Guide to Leveraging Privileged Account Security to Assist with SWIFT CSCF Compliance Table of Contents Executive Summary...
More informationCIS Controls Measures and Metrics for Version 7
Level One Level Two Level Three Level Four Level Five Level Six 1.1 Utilize an Active Discovery Tool Utilize an active discovery tool to identify devices connected to the organization's network and update
More informationCognito Detect is the most powerful way to find and stop cyberattackers in real time
Overview Cognito Detect is the most powerful way to find and stop cyberattackers in real time HIGHLIGHTS Always-learning behavioral models use AI to find hidden and unknown attackers, enable quick, decisive
More informationRSA Security Analytics
RSA Security Analytics This is what SIEM was Meant to Be 1 The Original Intent of SIEM Single compliance & security interface Analyze & prioritize alerts across various sources The cornerstone of security
More informationCyber Threat Landscape April 2013
www.pwc.co.uk Cyber Threat Landscape April 2013 Cyber Threats: Influences of the global business ecosystem Economic Industry/ Competitors Technology-led innovation has enabled business models to evolve
More informationthe SWIFT Customer Security
TECH BRIEF Mapping BeyondTrust Solutions to the SWIFT Customer Security Controls Framework Privileged Access Management and Vulnerability Management Table of ContentsTable of Contents... 2 Purpose of This
More informationIBM Security Vaš digitalni imuni sistem. Dejan Vuković Security BU Leader South East Europe IBM Security
IBM Security Vaš digitalni imuni sistem Dejan Vuković Security BU Leader South East Europe IBM Security Compliance vs Risk based approach & o Zakon o informacionoj bezbednose, Zakon o tajnose podataka,
More informationSOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE
SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE 1 EXECUTIVE SUMMARY Attackers have repeatedly demonstrated they can bypass an organization s conventional defenses. To remain effective,
More informationSix Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP
Six Weeks to Security Operations The AMP Story Mike Byrne Cyber Security AMP 1 Agenda Introductions The AMP Security Operations Story Lessons Learned 2 Speaker Introduction NAME: Mike Byrne TITLE: Consultant
More informationTOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION
INFORMATION TECHNOLOGY SECURITY GUIDANCE TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION ITSM.10.189 October 2017 INTRODUCTION The Top 10 Information Technology (IT) Security
More informationWelcome to the CyberSecure My Business Webinar Series We will begin promptly at 2pm EDT All speakers will be muted until that time
TM Plan. Protect. Respond. Welcome to the CyberSecure My Business Webinar Series We will begin promptly at 2pm EDT All speakers will be muted until that time Registration is open for the April webinar:
More informationSOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM
RSA NETWITNESS EVOLVED SIEM OVERVIEW A SIEM is technology originally intended for compliance and log management. Later, as SIEMs became the aggregation points for security alerts, they began to be more
More informationCIS Controls Measures and Metrics for Version 7
Level 1.1 Utilize an Active Discovery Tool 1.2 Use a Passive Asset Discovery Tool 1.3 Use DHCP Logging to Update Asset Inventory 1.4 Maintain Detailed Asset Inventory 1.5 Maintain Asset Inventory Information
More informationCybersecurity Roadmap: Global Healthcare Security Architecture
SESSION ID: TECH-W02F Cybersecurity Roadmap: Global Healthcare Security Architecture Nick H. Yoo Chief Security Architect Disclosure No affiliation to any vendor products No vendor endorsements Products
More informationForensics and Active Protection
Forensics and Active Protection Computer and Network Forensics Research Project 2003 Work Update Yanet Manzano Florida State University manzano@cs.fsu.edu manzano@cs.fsu.edu 1 Outline CNF Project Goal
More informationPrivileged Account Security: A Balanced Approach to Securing Unix Environments
Privileged Account Security: A Balanced Approach to Securing Unix Environments Table of Contents Introduction 3 Every User is a Privileged User 3 Privileged Account Security: A Balanced Approach 3 Privileged
More informationMay the (IBM) X-Force Be With You
Ann Arbor, Michigan July 23-25 May the (IBM) X-Force Be With You A QUICK PEEK INTO ONE OF THE MOST RENOWNED SECURITY TEAMS IN THE WORLD Marlon Machado Worldwide Standardization Leader, Application Security
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationMITIGATE CYBER ATTACK RISK
SOLUTION BRIEF MITIGATE CYBER ATTACK RISK CONNECTING SECURITY, RISK MANAGEMENT & BUSINESS TEAMS TO MINIMIZE THE WIDESPREAD IMPACT OF A CYBER ATTACK DIGITAL TRANSFORMATION CREATES NEW RISKS As organizations
More informationSANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045
Critical Security Control Solution Brief Version 6 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable,
More informationWHITEPAPER. Enterprise Cyber Risk Management Protecting IT Assets that Matter
WHITEPAPER Enterprise Cyber Risk Management Protecting IT Assets that Matter Contents Protecting IT Assets That Matter... 3 Today s Cyber Security and Risk Management: Isolated, Fragmented and Broken...4
More informationSIEM Solutions from McAfee
SIEM Solutions from McAfee Monitor. Prioritize. Investigate. Respond. Today s security information and event management (SIEM) solutions need to be able to identify and defend against attacks within an
More informationFirst Look Showcase. Expanding our prevention, detection and response solutions. Sumedh Thakar Chief Product Officer, Qualys, Inc.
18 QUALYS SECURITY CONFERENCE 2018 First Look Showcase Expanding our prevention, detection and response solutions Sumedh Thakar Chief Product Officer, Qualys, Inc. Secure Enterprise Mobility Identity (X.509,
More informationSecurity Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:
Position: Reports to: Location: Security Monitoring Engineer / (NY or NC) Director, Information Security New York, NY or Winston-Salem, NC Position Summary: The Clearing House (TCH) Information Security
More informationEFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave
EFFECTIVELY TARGETING ADVANCED THREATS Terry Sangha Sales Engineer at Trustwave THE CHALLENGE PROTECTING YOUR ENVIRONMENT IS NOT GETTING EASIER ENDPOINT POINT OF SALE MOBILE VULNERABILITY MANAGEMENT CYBER
More informationDigital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS
Digital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS Digital Forensics Readiness: PREPARE BEFORE AN INCIDENT HAPPENS 2 Digital Forensics Readiness The idea that all networks can be compromised
More information