Security Event System (SES) Joint Techs July 2009
|
|
- Ophelia Wiggins
- 6 years ago
- Views:
Transcription
1 Security Event System (SES) Joint Techs July 2009
2 Credits SES is a project in the REN ISAC community, with project funding from: the U.S. Department of JusKce, and the cooperakon and support of: Internet2, Internet2 CSI2 WG, Barely3am SoluKons, Indiana University, Carnegie Mellon University (relakon to the EDDY project), and Argonne NaKonal Laboratory (relakon to Federated Model project).
3 Idea Improve Kmely local proteckon against cyber security threat, by means of real Kme sharing of security event informakon within a trusted federakon, and among federakons. At its root, not a new idea. Security event informakon is being shared now, in private and semi private communikes, and some public sources. But there are issues
4 Issues with Current Methods Current methods are cumbersome Much reliance on e mail Not easily automated, oven requires the human interrupt signal Not structured for correlakon MulKple non standard data representakons Not easily consistently parsed or acted on Hard to determine confidence Long term intelligence is difficult to obtain Data is hostage to our inboxes Difficulty of correlakon Difficulty of coordinated or cooperakve analysis MulKple FederaKons Trust relakonships PoliKcal and organizakonal boundaries Yields disincenkves for sharing, and difficulty ackng on shared intel
5 SES In Its Simplest In a security informakon sharing federakon, such as REN ISAC, guided by policy and informakon sharing agreements, machine (aggregated) and human generated security event data, is normalized to standards based data descripkon, and through various supported secure interfaces, is submiaed to the SES repository. CorrelaKon is performed on the collected data, idenkfying bad actors and determining confidence. High confidence bad actor data is formed into a "detect these" feed, and analysts vet high confidence bad actors into a "block these" feed. ParKcipaKng sites pull down the "detect these" and "block these" feeds and apply local proteckons against the bad actors.
6 Discovery, CorrelaKon, and ProtecKon
7 Supported Data Types IP address, represenkng just about any type of compromised host or source of threat, e.g. botnet C&C or drone, DDoS source, scanner, etc. CIDR, either represenkng a miscreant heavy address range, e.g. RBN, or as addikonal qualifying informakon ASN, as addikonal qualifying informakon DNS name, represenkng for example, a botnet C&C URL represenkng for example, a malware download site E mail address, for example, a phishing Reply To: address
8 Inside the ParKcipaKng Site OpKonal uses of SES data, and submissions to SES
9 Query Interface: Tool for the Security Analyst
10 Inter FederaKon Sharing Across Policy Boundaries
11 Building a SoluKon Loosely based on concepts started with the ANL Federated Model Standards based IETF IDMEF standard for represenkng security event messages in XML IETF IODEF standard for represenkng incidents in XML Extensions Understanding "Sites" (via ASN, CIDR) Understanding URIs Understanding "FederaKons Request Tracker for Incident Response (RT+IR) Nicely solves the UI, ACL and workflow problem Allows us to build on exiskng, rich, open source technology. Database performance considerakons Open source InteroperaKon with CMU EDDY (End to End DiagnosKc Discovery) As opkon for local event aggregakon and transport
12 Phase I SoluKon Context of REN ISAC trust federakon Pilot deployment in REN ISAC, end of July Full scale produckon in REN ISAC, end of September(?)
13 A framework for Building a Framework Intra and inter federakon cooperakon IncorporaKon of addikonal correlakon and analysis tools Interface with systems that nokfy abuse contacts regarding infected systems, e.g. the REN ISAC nokficakon system Interface with systems that treat higher level colleckons of incident informakon in a federated context Extending the framework Long term intelligence storage Threat analysis plakorm
14 What meaning for the Typical JT Aaendee? How might nakonal, regional, or state networks, or exchange points be a data provider or consumer? Exchange points? How do you relate with your members w.r.t. security?
15 Contacts Doug Pearson isac.net Wes Young
MILE Implementation Report. Chris Inacio, Carnegie Mellon University Daisuke Miyamoto, The University of Tokyo
MILE Implementation Report Chris Inacio, Carnegie Mellon University Daisuke Miyamoto, The University of Tokyo daisu-mi@nc.u-tokyo.ac.jp Updates in Section 2 Information Sharing and Analysis Centers (ISAC)
More informationA Federated Model for Cyber Security
A Federated Model for Cyber Security Internet 2 Joint Techs - 18 July 2007 Scott Pinkerton Argonne National Laboratory Background & Motivation Threat landscape evolving - seems obvious that our defensive
More informationAvoiding Information Overload: Automated Data Processing with n6
Avoiding Information Overload: Automated Data Processing with n6 Paweł Pawliński pawel.pawlinski@cert.pl 26th annual FIRST conference Boston, June 23rd 2014 Who we are part of national CERT for Poland
More informationSarajane Marques Peres, Ph.D. University of São Paulo Based on Elsmari, Navathe / Silberschatz, Korth, Sudarshan s books
Sarajane Marques Peres, Ph.D. University of São Paulo www.each.usp.br/sarajane Based on Elsmari, Navathe / Silberschatz, Korth, Sudarshan s books ER MODEL à R MODEL Mapping of Regular EnKty Types For each
More informationLuminous: Bringing Big(ger) Data to the Fight
Luminous: Bringing Big(ger) Data to the Fight Norm Ritchie Drew Bagley ICANN Helsinki June, 2016 Secure Domain Foundation Non-profit Founded in 2014 Proactive mitigation of malicious domains used for cybercrime
More informationCybersecurity Intelligence Gathering, Sharing and Reacting
Cybersecurity Intelligence Gathering, Sharing and Reacting SAC-PA2 Shane Filus Security Engineer SDAIA ScienceDMZ Actionable Intelligence Appliance SDAIA: NSF Award CICI: Secure Data Architecture: Shared
More informationSecuring RPSL Objects with RPKI Signatures
Securing RPSL Objects with RPKI Signatures dra8 kisteleki sidr rpsl sig 00.txt RPSLSIG: Why? Problems we re looking at: Not all IRRs / IR databases have good enough authenkcakon for maintaining objects
More informationAutomated Response in Cyber Security SOC with Actionable Threat Intelligence
Automated Response in Cyber Security SOC with Actionable Threat Intelligence while its biggest weakness is lack of visibility: SOCs still can t detect previously unknown threats, which is a consistent
More informationOne Phish, Two Phish, Three! Building an Active Threat Management Framework for Malicious
One Phish, Two Phish, Three! Building an Active Threat Management Framework for Malicious Email - Ron Weiss, Incident Response Team lead Disclaimer: The information in this presentation is based on lessons
More information<Partner Name> RSA NETWITNESS Intel Feeds Implementation Guide. Kaspersky Threat Feed Service. <Partner Product>
RSA NETWITNESS Intel Feeds Implementation Guide Kaspersky Jeffrey Carlson, RSA Partner Engineering Last Modified: December 19 th, 2017 Solution Summary Kaspersky Lab offers
More informationInfoblox Dossier User Guide
Infoblox Dossier User Guide 2017 Infoblox Inc. All rights reserved. ActiveTrust Platform Dossier and TIDE - June 2017 Page 1 of 16 1. Overview of Dossier... 3 2. Prerequisites... 3 3. Access to the Dossier
More informationGrid Security Incident Handling and Response Guide
Open Science Grid Open Science Grid Grid Security Incident Handling and Response Guide 20 Nov 2004-1- Version 1.0 Issue Date Comment 0.1 30 Aug 2004 Draft release to the Activity Group 0.2 7 Sept 2004
More informationTHREAT INTEL AND CONTENT CURATION: ORGANIZING THE PATH TO SUCCESSFUL DETECTION
SESSION ID: AIR-W12 THREAT INTEL AND CONTENT CURATION: ORGANIZING THE PATH TO SUCCESSFUL DETECTION Justin Monti CTO MKACyber Mischel Kwon CEO MKACyber @MKACyber What is Cyber Threat Intelligence Data collected,
More informationAchieving & Measuring the Value of Cyber Threat Information Sharing. Lindsley Boiney, Clem Skorupka (presenting)
Achieving & Measuring the Value of Cyber Threat Information Sharing Lindsley Boiney, Clem Skorupka (presenting) The MITRE Corporation 2018 International Information Sharing Conference McLean, VA 2 Acknowledgements
More informationTAXII 1.0 (DRAFT) Capabilities and Services. Charles Schmidt & Mark Davidson
TAXII 1.0 (DRAFT) Capabilities and Services Charles Schmidt & Mark Davidson 2 About This Talk Look at the use scenarios we want to support and how we have designed TAXII to support them TAXII supports
More informationCrowdsourcing SecOps Through REN-ISAC. Kim Milford, REN-ISAC Executive Director Chris O Donnell, REN-ISAC Lead Security Engineer
Crowdsourcing SecOps Through REN-ISAC Kim Milford, REN-ISAC Executive Director Chris O Donnell, REN-ISAC Lead Security Engineer Crowdsourcing CyberSecurity Through REN-ISAC Origin Story Adventures in Crowdsourcing
More informationForescout. eyeextend for Palo Alto Networks Wildfire. Configuration Guide. Version 2.2
Forescout Version 2.2 Contact Information Forescout Technologies, Inc. 190 West Tasman Drive San Jose, CA 95134 USA https://www.forescout.com/support/ Toll-Free (US): 1.866.377.8771 Tel (Intl): 1.408.213.3191
More informationSAINT JOSEPH S UNIVERSITY READ ONLY USERS ICONTRACTS UCM QUICK START GUIDE GUIDE TO BASIC FUNCTIONALITY OF UNIVERSAL CONTRACT MANAGER (UCM)
SAINT JOSEPH S UNIVERSITY READ ONLY USERS ICONTRACTS UCM QUICK START GUIDE GUIDE TO BASIC FUNCTIONALITY OF UNIVERSAL CONTRACT MANAGER (UCM) ICONTRACTS UCM QUICK START GUIDE TABLE OF CONTENTS icontracts
More informationCenter for Internet Security Confidence in the Connected World
Center for Internet Security Confidence in the Connected World Northeast Headquarters 31 Tech Valley Dr., East Greenbush, NY 12061 Mid-Atlantic Headquarters 1700 North Moore St., Suite 2100, Arlington,
More informationWHAT KEEPS CISOS UP AT NIGHT:
WHAT KEEPS CISOS UP AT NIGHT: AND WHY YOU SHOULD BE WORRIED TOO! NATIONAL CYBER SECURITY AWARENESS MONTH 25 OCTOBER 2016 http://hub.dyn.com/static/hub.dyn.com/dyn-blog/dyn-statementon-10-21-2016-ddos-attack.html
More informationWater Information Sharing and Analysis Center
SUPERCHARGE YOUR SECURITY Water Information Sharing and Analysis Center DHS Hunt and Incident Response Team September 12, 2018 SUPERCHARGE YOUR SECURITY Presenter Brian Draper, DHS NCCIC HIRT Slides and
More informationHTTP Event Collector in Splunk 6.5 More Super Powers!
Copyright 2016 Splunk Inc. HTTP Event Collector in Splunk 6.5 More Super Powers! Itay Neeman Director of Engineering, Splunk Shakeel Mohamed SoJware Engineer, Splunk Disclaimer During the course of this
More informationWHITE PAPER. Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale
WHITE PAPER Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale One key number that is generally
More informationBuilding Successful Threat Intelligence Programs
Threat Intelligence-Driven Security Building Successful Threat Intelligence Programs Allan Thomson, LookingGlass CTO June 2017 Intelligence-Driven Security Threat Intelligence evidence-based knowledge
More informationXLIFF 2.0 AND ENRICHMENT WORKFLOWS IN THE BROWSER
Co- funded by the Horizon 2020 Framework Programme of the European Union Grant Agreement Number 644771 XLIFF 2.0 AND ENRICHMENT WORKFLOWS IN THE BROWSER FEISGILTT 2016, DUBLIN www.freme- project.eu Felix
More informationDiscovery. RelaKonship Between Layers. Discovery: Mapping Name to Address. RouKng: Mapping Link to Path. What s in a Name? Naming
RelaKonship Between Layers Discovery Mike Freedman COS 461: Computer Networks Lectures: MW 10-10:50am in Architecture N101 logical link name hep://www.cs.princeton.edu/courses/archive/spr13/cos461/ 2 Discovery:
More informationIntelligent and Secure Network
Intelligent and Secure Network BIG-IP IP Global Delivery Intelligence v11.2 IP Intelligence Service Brian Boyan - b.boyan@f5.com Tony Ganzer t.ganzer@f5.com 2 Agenda Welcome & Intro Introduce F5 IP Intelligence
More informationSynchronized Security
Synchronized Security 2 Endpoint Firewall Synchronized Security Platform and Strategy Admin Manage All Sophos Products Self Service User Customizable Alerts Partner Management of Customer Installations
More informationCross-site request forgery Cross-site scripting Man-in-the-browser Session hijacking Malware Man-in-the-middle DNS cache poisoning DNS spoofing DNS hijacking Dictionary attacks DDoS DDoS Eavesdropping
More informationRID IETF Draft Update
RID IETF Draft Update Kathleen M. Moriarty INCH Working Group 5 August 2004 This work was sponsored by the Air Force under Air Force Contract Number F19628-00-C-0002. "Opinions, interpretations, conclusions,
More informationX-ARF: A Reporting and Exchange Format for the Data Exchange of Netflow and Honeypot Data
X-ARF: A Reporting and Exchange Format for the Data Exchange of Netflow and Honeypot Data Jan Kohlrausch, Sven Übelacker, GÉANT 3 JRA2 T4: Internal deliverable DFN-CERT Services GmbH Hamburg, Germany Email:
More informationManaged Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts
Managed Enterprise Phishing Protection Comprehensive protection delivered 24/7 by anti-phishing experts MANAGED ENTERPRISE PHISHING PROTECTION 24/7 expert protection against phishing attacks that get past
More informationDHS Automated Information Sharing (AIS) Program
DHS Automated Information Sharing (AIS) Program 2018 Infoblox Inc. All rights reserved. Page 1 of 5 2018 Infoblox Inc. All rights reserved. DHS Automated Information Sharing (AIS) Program Infoblox AIS
More informationFederated Security Incident Response. Tom Barton, University of Chicago Jim Basney, NCSA Vincente Brillault, CERN Scott Koranda, LIGO
Federated Security Incident Response Tom Barton, University of Chicago Jim Basney, NCSA Vincente Brillault, CERN Scott Koranda, LIGO Prologue An Example Criminals target University Employee Self Service
More informationATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS
PARTNER BRIEF ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS INTRODUCTION Attivo Networks has partnered with McAfee to detect real-time in-network threats and to automate incident response
More informationBuilding an Effective Threat Intelligence Capability. Haider Pasha, CISSP, C EH Director, Security Strategy Emerging Markets Office of the CTO
Building an Effective Threat Intelligence Capability Haider Pasha, CISSP, C EH Director, Security Strategy Emerging Markets Office of the CTO The Race To Digitize Automotive Telematics In-vehicle entertainment
More informationRaising Security and Trust in our Inter-Federated World
Authen4ca4on and Authorisa4on for Research and Collabora4on Raising Security and Trust in our Inter-Federated World Hannah Short IT-DI-CSO CERN ISGC, Taipei 12-18 March, 2016 Agenda The federated landscape
More informationPrescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC
Prescriptive Security Operations Centers Leveraging big data capabilities to build next generation SOC Cyber Security Industry in constant renewal in 2016 and 2017 1 Tbps Mirai IoT Botnet broke the Internet
More informationTechniques, Tools and Processes to Help Service Providers Clean Malware from Subscriber Systems
Techniques, Tools and Processes to Help Service Providers Clean Malware from Subscriber Systems Barry Raveendran Greene, bgreene@senki.org October 22, 2012, Baltimore, Maryland, USA M3AAWG 26th General
More informationUpdate on GNSOrequested. Studies. Liz Gasster Senior Policy Counselor ICANN. 14 March 2012
Update on GNSOrequested WHOIS Studies Liz Gasster Senior Policy Counselor ICANN 14 March 2012 1 gtld WHOIS Studies - Goals WHOIS policy debated for many years GNSO Council decided in October 2007 that
More informationThreat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ
Threat Containment and Operations Yong Kwang Kek, Director of Presales SE, APJ 2018-07-19 1 1 2017 Infoblox Inc. All Rights 2013 Infoblox Inc. All Reserved. Rights Reserved. Three Aspects of Security #1
More informationPeering in Hong Kong. Che- Hoo CHENG CUHK/HKIX
Peering in Hong Kong Che- Hoo CHENG CUHK/HKIX www.hkix.net How Internet Operates in simple terms Internet is composed of networks of ISPs and users User networks connect to ISPs Small ISPs connect to large
More informationCisco Systems Korea
(kiseo@cisco.com) Cisco Systems Korea 2008 Cisco Systems, Inc. All rights reserved. 1 Agenda 2008 Cisco Systems, Inc. All rights reserved. 2 2008 Cisco Systems, Inc. All rights reserved. 3 Threats Are
More informationCyber Security at large scale
Cyber Security & Data Summit June 18 Cyber Security at large scale www.telesoft-technologies.com copyright 2017 by Telesoft Technologies. All rights reserved. Agenda Telesoft Introduction Large scale Challenges
More informationIPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions
IPS Effectiveness IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions An Intrusion Prevention System (IPS) is a critical layer of defense that helps you protect
More informationSplunking Wind Turbines and Keeping the Earth Green
Copyright 2015 Splunk Inc. Splunking Wind Turbines and Keeping the Earth Green Marijan Fofonjka Senior developer, INFIGO IS Ante MarKnić Business Unit Director, KONČAR Disclaimer During the course of this
More informationAutomated Context and Incident Response
Technical Brief Automated Context and Incident Response www.proofpoint.com Incident response requires situational awareness of the target, his or her environment, and the attacker. However, security alerts
More informationConfiguring the Botnet Traffic Filter
CHAPTER 46 Malware is malicious software that is installed on an unknowing host. Malware that attempts network activity such as sending private data (passwords, credit card numbers, key strokes, or proprietary
More informationForescout. eyeextend for Carbon Black. Configuration Guide. Version 1.1
Forescout Version 1.1 Contact Information Forescout Technologies, Inc. 190 West Tasman Drive San Jose, CA 95134 USA https://www.forescout.com/support/ Toll-Free (US): 1.866.377.8771 Tel (Intl): 1.408.213.3191
More informationSOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM
RSA NETWITNESS EVOLVED SIEM OVERVIEW A SIEM is technology originally intended for compliance and log management. Later, as SIEMs became the aggregation points for security alerts, they began to be more
More informationSANS/REN-ISAC PARTNERSHIP AGGREGATE BUY PROGRAM
SANS/REN-ISAC PARTNERSHIP AGGREGATE BUY PROGRAM www.sans.org/partnership/education SANS s mission is to ensure that InfoSec practitioners in critical organizations have the skills needed to protect national
More information4/13/2018. Certified Analyst Program Infosheet
4/13/2018 Certified Analyst Program Infosheet Contents I. Executive Summary II. Training Framework III. Course Structure, Learning Outcomes, and Skills List IV. Sign-up and More Information Executive Summary
More informationWHITEPAPER. Enterprise Cyber Risk Management Protecting IT Assets that Matter
WHITEPAPER Enterprise Cyber Risk Management Protecting IT Assets that Matter Contents Protecting IT Assets That Matter... 3 Today s Cyber Security and Risk Management: Isolated, Fragmented and Broken...4
More information2/12/11. Addendum (different syntax, similar ideas): XML, JSON, Motivation: Why Scientific Workflows? Scientific Workflows
Addendum (different syntax, similar ideas): XML, JSON, Python (a) Python (b) w/ dickonaries XML (a): "meta schema" JSON syntax LISP Source: h:p://en.wikipedia.org/wiki/json XML (b): "direct" schema Source:
More informationSecurity+ SY0-501 Study Guide Table of Contents
Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators
More informationAn Eye on the Storm: Inside the Storm Epidemic. Josh Ballard Network Security Analyst Kansas State University
An Eye on the Storm: Inside the Storm Epidemic Josh Ballard Network Security Analyst Kansas State University bal@k-state.edu Contents The Headlines Peer-to-peer network So just how big is this thing? How
More informationForeScout Extended Module for Carbon Black
ForeScout Extended Module for Carbon Black Version 1.0 Table of Contents About the Carbon Black Integration... 4 Advanced Threat Detection with the IOC Scanner Plugin... 4 Use Cases... 5 Carbon Black Agent
More informationAutomating Security Response based on Internet Reputation
Add Your Logo here Do not use master Automating Security Response based on Internet Reputation IP and DNS Reputation for the IPS Platform Anthony Supinski Senior Systems Engineer www.h3cnetworks.com www.3com.com
More informationSECURE HOME GATEWAY PROJECT
SECURE HOME GATEWAY PROJECT - PROTOTYPE DEVELOPMENT IoT SECURITY FOCUSED IDEA & VISION CHALLENGES Lead by: Jacques Latour, CTO, CIRA Labs Canadian Internet Registration Authority Jacques.Latour [@] cira.ca
More informationCyber Threat Intelligence Standards - A high-level overview
Cyber Threat Intelligence Standards - A high-level overview Christian Doerr TU Delft, Cyber Threat Intelligence Lab Delft University of Technology Challenge the future ~ whoami At TU Delft since 2008 in
More informationSmart Protection Network. Raimund Genes, CTO
Smart Protection Network Raimund Genes, CTO Overwhelmed by Volume of New Threats New unique samples added to AV-Test's malware repository (2000-2010) 20.000.000 18.000.000 16.000.000 14.000.000 12.000.000
More informationAn Alert has Fired. Now What?
An Alert has Fired. Now What? Open-source Bro solves security problems traditional tools can t. May 2017 Anyone who works in a security operations center understands the drill: An alert fires from a source
More informationCyber Threat Intelligence Sharing Standards
SESSION ID: PST-W08 Cyber Threat Intelligence Sharing Standards Jerome Athias Cybersecurity Specialist Saudi Aramco @JA25000 Agenda Cyber Threat Intelligence (CTI) CTI Sharing Standards Summary & Apply
More informationSANS/REN-ISAC Partnership
SANS/REN-ISAC Partnership Aggregate Buy Program www.sans.org/partnership/education SANS s mission is to ensure that info security practitioners (InfoSec) in critical organization have the appropriate skills
More informationInternet2 Overview, Services and Activities. Fall 2007 Council Briefings October 7, 2007
Internet2 Overview, Services and Activities Fall 2007 Council Briefings October 7, 2007 Agenda Building Community - Marianne Smith International Partnerships Heather Boyles Middleware and Security - Renee
More informationArbor Networks Spectrum. Wim De Niel Consulting Engineer EMEA
Arbor Networks Spectrum Wim De Niel Consulting Engineer EMEA wdeniel@arbor.net Arbor Spectrum for Advanced Threats Spectrum Finds Advanced Threats with Network Traffic Unlocks Efficiency to Detect, Investigate,
More informationGöran Pestana. Incident handler and developer
Göran Pestana Incident handler and developer Megatron Automated Abuse Handling by Who is Megatron? Who is Megatron? A system that collects and processes information about bad hosts on the Internet Input
More informationInternet Engineering Task Force (IETF) Request for Comments: ISSN: May 2017
Internet Engineering Task Force (IETF) Request for Comments: 8134 Category: Informational ISSN: 2070-1721 C. Inacio CMU D. Miyamoto UTokyo May 2017 Management Incident Lightweight Exchange (MILE) Implementation
More informationSoftware-Define Secure Networks The Future of Network Security for Digital Learning
Software-Define Secure Networks The Future of Network Security for Digital Learning SIGS, 5.Juli 2015 Klaus Ernst, Systems Engineer Juniper Networks Threat Landscape Feels like Treading Water 2017 IT Priorities
More informationPULLING OUR SOCS UP VODAFONE GROUP AT RSAC Emma Smith. Andy Talbot. Group Technology Security Director Vodafone Group Plc
#RSAC SESSION ID: AIR-R04 PULLING OUR SOCS UP VODAFONE GROUP AT RSAC 2018 Emma Smith Group Technology Security Director Vodafone Group Plc Andy Talbot Global Head of Cyber Defence Vodafone Group Plc Pulling
More informationInformation Technology Information Sharing and Analysis Center. First Symposium Barcelona, Spain Feb. 2, 2011
Information Technology Information Sharing and Analysis Center First Symposium Barcelona, Spain Feb. 2, 2011 About Us Non Profit, US Corporation established in 2000 and operational in 2001 Fully funded
More informationDistributed Cooperative Security Monitoring
Distributed Cooperative Security Monitoring Robin Sommer Lawrence Berkeley National Laboratory rsommer@lbl.gov http://www.icir.org/robin Cooperative Security Monitoring Internet sites monitor their network
More informationPolicy Enforcer. Product Description. Data Sheet. Product Overview
Policy Enforcer Product Overview Juniper s Software-Defined Secure Network (SDSN) platform leverages the entire network, not just perimeter firewalls, as a threat detection and security enforcement domain.
More informationIncident Play Book: Phishing
Incident Play Book: Phishing Issue: 1.0 Issue Date: September 12, 2017 Copyright 2017 Independent Electricity System Operator. Some Rights Reserved. The following work is licensed under the Creative Commons
More informationSIEM Solutions from McAfee
SIEM Solutions from McAfee Monitor. Prioritize. Investigate. Respond. Today s security information and event management (SIEM) solutions need to be able to identify and defend against attacks within an
More informationSHARKSEER Zero Day Net Defense. Ronald Nielson Technical Director
SHARKSEER Zero Day Net Defense Ronald Nielson Technical Director SHARKSEER Program Definition: Detects and mitigates web-based malware Zero-Day and Advanced Persistent Threats using COTS technology by
More informationEconomics of Cyber Security
Economics of Cyber Security Risk Management Summer Course Mon 4th Fri 15th July 2016 Maciej Korczyński Delft University of Technology 12 July 2016, Delft, The Netherlands What is economics of cyber security?
More informationSeceon s Open Threat Management software
Seceon s Open Threat Management software Seceon s Open Threat Management software (OTM), is a cyber-security advanced threat management platform that visualizes, detects, and eliminates threats in real
More informationThe State of Standardization Efforts to support Data Exchange in the Security Domain
The State of Standardization Efforts to support Data Exchange in the Security Domain Roman Danyliw FloCon 2004: Standards Talk Network Group Software Engineering Institute Carnegie Mellon
More informationProtecting your next investment: The importance of cybersecurity due diligence
Protecting your next investment: The importance of cybersecurity due diligence Oct. 11, 2018 Baker Tilly Virchow Krause, LLP. All rights reserved. Baker Tilly refers to Baker Tilly Virchow Krause, LLP,
More informationCurrent procedures, challenges and opportunities for collection and analysis of Criminal Justice statistics CERT-GH
Current procedures, challenges and opportunities for collection and analysis of Criminal Justice statistics CERT-GH International Workshop on Criminal Justice Statistics on Cybercrime and Electronic Evidence
More informationBuilding Resilience in a Digital Enterprise
Building Resilience in a Digital Enterprise Top five steps to help reduce the risk of advanced targeted attacks To be successful in business today, an enterprise must operate securely in the cyberdomain.
More informationSECURE HOME GATEWAY PROJECT
SECURE HOME GATEWAY PROJECT ICANN63 BARCELONA OCTOBER 22, 2018 Jacques Latour, CTO, CIRA Labs Canadian Internet Registration Authority Jacques.Latour [@] cira.ca Today's home network and IoT products and
More informationData Models for Developers
Copyright 2013 Splunk Inc. Data Models for Developers Alice Neels So
More informationGlobal Response Centre (GRC) & CIRT Lite. Regional Cyber security Forum 2009, Hyderabad, India 23 rd to 25 th September 2009
Global Response Centre (GRC) & CIRT Lite Regional Cyber security Forum 2009, Hyderabad, India 23 rd to 25 th September 2009 IMPACT Service offerings Global Response Centre CIRT Lite Need for GRC Access
More informationPreempting Cyber Fraud: SWIFT Threat Indicator Sharing Tool. Cyber Security 3.0 Better Together August 18, 2017
Preempting Cyber Fraud: SWIFT Threat Indicator Sharing Tool Cyber Security 3.0 Better Together August 18, 2017 Research Overview Problem Statement Research Goals & Methodology Defining Insider Cashout
More informationTransportation System Cybersecurity Framework
Transportation System Cybersecurity Framework August 24, 2016 Patrick Zelinski, AASHTO Background Growing issue of cybersecurity and its impact on the highway environment has highlighted safety and operational
More informationUnderstanding Targeted Attacks. Sean Mason VP, Incident Response
Understanding Targeted Attacks Sean Mason VP, Incident Response Sean A. Mason www.seanmason.com @SeanAMason Security Analyst IR Mgr Director IR Executive IR Leader VP, Incident Response Sr. IT Auditor
More informationComodo Dome Shield - Admin Guide
rat Comodo Dome Shield Software Version 1.16 Administrator Guide Guide Version 1.16.062718 Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013 Table of Contents 1 Introduction to Comodo Dome
More informationRSA Fraud & Risk Intelligence Solutions
RSA Fraud & Risk Intelligence Solutions Separating Customers from Criminals May 2015 1 Mobile Social Identities IOT Alternative Authentication Market Disruptors Biometrics Cross Channel Intelligence Sharing
More informationAutomated Threat Management - in Real Time. Vectra Networks
Automated Threat Management - in Real Time Security investment has traditionally been in two areas Prevention Phase Active Phase Clean-up Phase Initial Infection Key assets found in the wild $$$$ $$$ $$
More informationRID IETF Draft Update
RID IETF Draft Update Kathleen M. Moriarty INCH Working Group 29 March 2005 This work was sponsored by the Air Force under Air Force Contract Number F19628-00-C-0002. "Opinions, interpretations, conclusions,
More informationTHE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson
THE RSA NETWITNESS SUITE REINVENT YOUR SIEM Presented by: Walter Abeson 1 Reality Goals GOALS VERSUS REALITY OF SIEM 1.0 Single compliance & security interface Analyze & prioritize alerts across various
More informationCyber-Threats and Countermeasures in Financial Sector
Michael Mavroforakis, PhD Group CISO & CDO SEV: Workshop on Digital Enablers (Cloud & Cybersecurity) 27th March 2018 Agenda: CYBERSECURITY Potential Targets Attack Examples Insider vs Outsider Threats
More informationCourse overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)
Overview This course is intended for those wishing to qualify with CompTIA Security+. CompTIA's Security+ Certification is a foundation-level certificate designed for IT administrators with 2 years' experience
More informationWhi$er School PTA Commi1ee Chairs Welcome to whi$erschoolpta.org!
Whi$er School PTA Commi1ee Chairs Welcome to whi$erschoolpta.org! Ready (or not!)? Go to h1p://whi7erschoolpta.org/wp- login.php Log in using the username and password you received via email when you registered
More informationThe Interactive Guide to Protecting Your Election Website
The Interactive Guide to Protecting Your Election Website 1 INTRODUCTION Cloudflare is on a mission to help build a better Internet. Cloudflare is one of the world s largest networks. Today, businesses,
More informationCERT-FI Autoreporter Mini MetriCon 5.5. Jussi Eronen Information Security Adviser CERT-FI Finnish Communications Regulatory Authority
CERT-FI Autoreporter 2011-12-14 Mini MetriCon 5.5 Jussi Eronen Information Security Adviser CERT-FI Finnish Communications Regulatory Authority Agenda Background The Autoreporter Project Background Mostly
More informationCyber Partnership Blueprint: An Outline
Approved for Public Release; Distribution Unlimited. 13-3851 The MITRE Corporation Cyber Partnership Blueprint: An Outline October 26, 2013 Copyright 1997-2013, The MITRE Corporation. All rights reserved.
More informationDetect & Respond to IoT Botnets AS AN ISP. Christoph Giese Telekom Security; Cyber DefenSe Center
Detect & Respond to IoT Botnets AS AN ISP Christoph Giese Telekom Security; Cyber DefenSe Center Management Summary Mirai hit us hard; IoT Botnets are on the rise and rapidly evolving We developed a three-stage
More information