Train as you Fight: Are you ready for the Red Team?

Size: px
Start display at page:

Download "Train as you Fight: Are you ready for the Red Team?"

Transcription

1 Train as you Fight: Are you ready for the Red Team? An inside look at Red Teaming Yves Morvan

2 Agenda Introduction What is Red Teaming? VA s vs. Penetration Test vs. Red Teaming Who Needs Red Team Exercises? CDX Cyber Defense Exercise How does Red Team fit in? The Red Team The People, the Infrastructure, The Tools Methodology Coordinating it all Fun and profit! Questions

3 Introduction Yves Morvan IT Security Professional, 14+ year public servant, husband and father of 2 boys. Part time chef, musician Pen Tester with Secure North IT Senior Penetration Tester / Security Researcher at DND s Information Management Engineering & Integration Unit (DIMEI) Red Team Leader at Canadian Forces Network Operations Centre

4 What is Red Teaming? Vulnerability Assessment vs Penetration Test What is Red Teaming? VA s vs. Penetration Test vs. Red Teaming Most Organizations understand VA s & Pen Tests Should already employ a VA / Pen Test strategy Vulnerability Assessments Utilize automated tools to identify known vulnerabilities, mis-configurations, processes, etc. Penetration Tests VA included Exploit vulnerabilities discovered during VA

5 What is Red Teaming? Red Team Exercise vs Penetration Test Simulating a threat actor vs. Exploit each vulnerability Time allocated to Red Team much greater than Pen Test Scope for Red Team exercises is typically much greater than Pen Test Objectives vary Red Team is attempting to accomplish a goal / objective. Red Team EX provides snapshot of overall security posture of the organization. Pen Test is confirming level of risk vulnerability exposes a system / network / organization

6 Who Needs Red Teaming? Obviously! EVERYBODY! Improve Security Posture Organizations with mature penetration testing strategy will benefit most. Assists organizations prioritize which elements of the enterprise receive pen tests and track progress. Findings will provide organization with overall security posture against a determined adversary with specific goals in mind. This does not mean VA s and pen tests are no longer required, quite the opposite.

7 Who Commissions Red Team Exercises? CEO / CIO / CSO High level executives will request the exercise Full access to Red Team as trusted agents. Unbeknownst to the Incident Handlers, surveillance analysts and blue team operators. Have the power to stop Red Team at any point Actual cyber attack is occurring Red Team can assist in the hunt

8 How does the methodology differ? Emulating real world threat actors Much stealthier than Pen Test No noisy vulnerability assessment tools. Low and slow approach is often utilized to prevent / lower risk of detection Tools / capabilities limited only by Red Team capabilities Home brew custom tools. Non-commercial tools for Command & Control (C2) Must study real world actors based on numerous indicators and evolve accordingly Exploits must be properly reviewed / vetted to ensure success and not effect client system in negative fashion. Time Less required to get immediate results Low and slow

9 Red Team Assessment Phases Cyber Kill Chain Model: Recon Weaponize Delivery Exploitation Installation / Foothold Command & Control Act on objectives

10 Red Cell Exercise Background: What is CDX? CDX is a 72 hour computer security competition between US and Canadian military post graduate schools designed to foster education and awareness among our future military leaders about the role of Information Assurance (IA) in protecting the nation s critical information systems.

11 Red Cell Exercise Background: What is CDX? The goal of the annual Cyber Defense Exercise (CDX) is to provide a simulated real-world educational exercise that will challenge the students to build secure networks and defend those networks against adversarial attacks.

12 Red Cell Exercise Background: What is CDX? I am using CDX primarily as the backdrop to this presentation in order to provide insight into military style cyber exercises. I can not discuss real world Red Team engagements The idea is to enforce the notion of train as you fight

13 White Cell What is CDX? The Players Trusted Agents / Referees Gray Cell Simulated or human generated traffic / actions Blue Cell Defenders / Incident Handlers Red Cell OPFor / Threat actors

14 Be it CDX or real world Cyber Defense Operations are an ongoing battle that requires significant investments in resources and infrastructure. Exercising your capabilities is key in identifying flaws or weaknesses that can be bypassed or leveraged by the Attacker.

15 The Red Cell The People

16 The Red Cell The People Coordinating a large team of attackers is not as simple as one would imagine, some people are: Used to working alone or small groups Multi-talented individuals Experts in certain fields We need to be a coordinated set of capabilities to bring the pain and achieve our collective goals and objectives

17 The Red Cell The People

18 The Red Cell The People Teams are created based on various roles and capabilities. People are assigned to one or more teams. Team Leads work with their chain of command to keep everyone informed.

19 Access The Red Cell The Teams Initial foot in the door and Reconnaissance Persistence Install foothold. We re here to stay Post Exploitation (Windows / *NIX) Lateral movement, dump/steal creds, pivoting, cause general havoc! Web We have lots of fun here!

20

21 The Red Cell Infrastructure With numerous Red Cell teams and operators on keyboard at any given time you need... INFRASTRUCTURE!!!

22

23 Command and Control (C2) servers Team Servers Staging Servers Post Exploitation Servers Long Haul Servers Implants with multi protocol/agent support And finally.. Redirectors!!! The Red Cell Infrastructure

24 The Red Cell Infrastructure - Redirectors

25 The Red Cell Initial Access example

26 The Red Cell Initial Access example

27 Implants/Backdoors/shells/tools - Cobalt Strike, MSF, Canvas, custom etc - WebShells, *NIX backdoors/implants - Regular ole SysAdmin tools too! - Wiki - Knowledgebase of all things haxxor at your fingertips - Test infrastructure The Red Cell Tools - You thought we didn t test first?

28 The Red Cell Tools And of course, the people using the tools!

29 Coordinating it all What is everyone doing? What objectives are affected? What s next? Next attack? Which team? What s the plan? Who needs help? Who needs more time? Is everything documented? Did you sleep yet?

30

31 Coordinating it all Chain of Command Real World Red Team Scenario: High Level Executive Trusted Agent / Client Red Team Leader Day / Night Shift Leads Team Leads Task Leads Operators

32 Coordinating it all Chain of Command Exercise Red Team Scenario: Exercise Director OPFor / Red Cell Director Day / Night Red Cell Shift Leads Team Leads Task Leads Operators

33

34 Fun and Profit Major breaches Social Engineering Don t use your admin account to see a web defacement, it s probably malicious Web Defacements Taunts / Jokes Evil things! Even we had to debate them for hours! * Remember These stories are from an exercise!

35

36

37 Taunt your opponent??

38 Do you want to join our team?

39 Questions? OK Beer?

n Explain penetration testing concepts n Explain vulnerability scanning concepts n Reconnaissance is the first step of performing a pen test

n Explain penetration testing concepts n Explain vulnerability scanning concepts n Reconnaissance is the first step of performing a pen test Chapter Objectives n Explain penetration testing concepts n Explain vulnerability scanning concepts Chapter #4: Threats, Attacks, and Vulnerabilities Vulnerability Scanning and Penetration Testing 2 Penetration

More information

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction Cybersecurity Risk Mitigation: Protect Your Member Data Presented by Matt Mitchell, CISSP Knowledge Consulting Group Introduction Matt Mitchell- Director Risk Assurance 17 years information security experience

More information

Live Adversary Simulation: Red and Blue Team Tactics

Live Adversary Simulation: Red and Blue Team Tactics SESSION ID: HTA-T06 Live Adversary Simulation: Red and Blue Team Tactics James Lyne Head of R&D SANS Institute @JamesLyne Stephen Sims Security Researcher & Fellow SANS Institute @Steph3nSims Agenda 2

More information

Vulnerability Assessments and Penetration Testing

Vulnerability Assessments and Penetration Testing CYBERSECURITY Vulnerability Assessments and Penetration Testing A guide to understanding vulnerability assessments and penetration tests. OVERVIEW When organizations begin developing a strategy to analyze

More information

ICS Penetration Testing

ICS Penetration Testing Connor Leach Jackson Evans-Davies 18 June, 2018 ICS Penetration Testing Understanding the Challenges and Techniques Introductions 1 Connor Leach, GPEN, OSCP - Senior Penetration Tester - Member of Canadian

More information

Are we breached? Deloitte's Cyber Threat Hunting

Are we breached? Deloitte's Cyber Threat Hunting Are we breached? Deloitte's Cyber Threat Hunting Brochure / report title goes here Section title goes here Have we been breached? Are we exposed? How do we proactively detect an attack and minimize the

More information

An Operational Cyber Security Perspective on Emerging Challenges. Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL)

An Operational Cyber Security Perspective on Emerging Challenges. Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL) An Operational Cyber Security Perspective on Emerging Challenges Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL) Johns Hopkins University Applied Physics Lab (JHU/APL) University

More information

to Enhance Your Cyber Security Needs

to Enhance Your Cyber Security Needs Our Service to Enhance Your Cyber Security Needs Since the business critical systems by its nature are ON all of the time and the increasingly connected world makes you open your organization to everything

More information

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches

More information

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by

More information

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS 10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND

More information

ANATOMY OF AN ATTACK!

ANATOMY OF AN ATTACK! ANATOMY OF AN ATTACK! Are Your Crown Jewels Safe? Dom Kapac, Security Evangelist WHAT DO WE MEAN BY CROWN JEWELS? Crown jewels for most organizations are critical infrastructure and data Data is a valuable

More information

Sage Data Security Services Directory

Sage Data Security Services Directory Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time

More information

Evolving the Security Strategy for Growth. Eric Schlesinger Global Director and CISO Polaris Alpha

Evolving the Security Strategy for Growth. Eric Schlesinger Global Director and CISO Polaris Alpha Evolving the Security Strategy for Growth Eric Schlesinger Global Director and CISO Polaris Alpha Evolving the Security Strategy for Growth Where Do We Start? Our History, Making History In late 2016,

More information

Establishing a Framework for Effective Testing and Validation of Critical Infrastructure Cyber-Security

Establishing a Framework for Effective Testing and Validation of Critical Infrastructure Cyber-Security Establishing a Framework for Effective Testing and Validation of Critical Infrastructure Cyber-Security Michael John SmartSec 2016, Amsterdam www.encs.eu European Network for Cyber Security The European

More information

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive

More information

HOSTED SECURITY SERVICES

HOSTED SECURITY SERVICES HOSTED SECURITY SERVICES A PROVEN STRATEGY FOR PROTECTING CRITICAL IT INFRASTRUCTURE AND DEVICES Being always-on, always-connected might be good for business, but it creates an ideal climate for cybercriminal

More information

CROWDSTRIKE FALCON FOR THE PUBLIC SECTOR

CROWDSTRIKE FALCON FOR THE PUBLIC SECTOR C R O W D S T R I K E P U B L I C S E C T O R S O L U T I O N S CROWDSTRIKE FALCON FOR THE PUBLIC SECTOR SECURE YOUR ENTERPRISE WITH A THAT PROVIDES UNRIVALED PROTECTION, SECURITY EXPERTISE, AND OPTIMAL

More information

align security instill confidence

align security instill confidence align security instill confidence cyber security Securing data has become a top priority across all industries. High-profile data breaches and the proliferation of advanced persistent threats have changed

More information

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

Today s cyber threat landscape is evolving at a rate that is extremely aggressive, Preparing for a Bad Day The importance of public-private partnerships in keeping our institutions safe and secure Thomas J. Harrington Today s cyber threat landscape is evolving at a rate that is extremely

More information

Experiences with practice-focused undergraduate security education

Experiences with practice-focused undergraduate security education Experiences with practice-focused undergraduate security education Robert L. Fanelli and Terrence J. O Connor Department Electrical Engineering and Computer Science United States Military Academy, West

More information

DOWNLOAD OR READ : THREAT AND VULNERABILITY MANAGEMENT COMPLETE SELF ASSESSMENT GUIDE PDF EBOOK EPUB MOBI

DOWNLOAD OR READ : THREAT AND VULNERABILITY MANAGEMENT COMPLETE SELF ASSESSMENT GUIDE PDF EBOOK EPUB MOBI DOWNLOAD OR READ : THREAT AND VULNERABILITY MANAGEMENT COMPLETE SELF ASSESSMENT GUIDE PDF EBOOK EPUB MOBI Page 1 Page 2 threat and vulnerability management complete self assessment guide threat and vulnerability

More information

Testers vs Writers: Pen tests Quality in Assurance Projects. 10 November Defcamp7

Testers vs Writers: Pen tests Quality in Assurance Projects. 10 November Defcamp7 Testers vs Writers: Pen tests Quality in Assurance Projects 10 November 2016 @ Defcamp7 Contents INTRODUCTION CONTEXT WHAT ABOUT AUDITING STANDARDS WHAT ABOUT INDEPENDENCE PEN TEST BETWEEN REGULATORY AND

More information

Department of Management Services REQUEST FOR INFORMATION

Department of Management Services REQUEST FOR INFORMATION RESPONSE TO Department of Management Services REQUEST FOR INFORMATION Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services September 3, 2015 250 South President

More information

How NSFOCUS Protected the G20 Summit. Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity

How NSFOCUS Protected the G20 Summit. Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity How NSFOCUS Protected the G20 Summit Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity SPONSORED BY Rosefelt is responsible for developing NSFOCUS threat intelligence and web

More information

Introducing Cyber Observer

Introducing Cyber Observer "Organizations are failing at early breach detection, with more than 92% of breaches undetected by the breached organization. The situation can be improved with stronger threat intelligence, the addition

More information

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP) SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP) Adaptive Cybersecurity at the Speed of Your Business Attackers Evolve. Risk is in Constant Fluctuation. Security is a Never-ending Cycle.

More information

Building Resilience in a Digital Enterprise

Building Resilience in a Digital Enterprise Building Resilience in a Digital Enterprise Top five steps to help reduce the risk of advanced targeted attacks To be successful in business today, an enterprise must operate securely in the cyberdomain.

More information

An ICS Whitepaper Choosing the Right Security Assessment

An ICS Whitepaper Choosing the Right Security Assessment Security Assessment Navigating the various types of Security Assessments and selecting an IT security service provider can be a daunting task; however, it does not have to be. Understanding the available

More information

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies

More information

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015 www.pwc.com RIMS Perk Session 2015 - Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015 Los Angeles RIMS Agenda Introductions What is Cybersecurity? Crown jewels The bad

More information

Course Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture

Course Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture About this Course This course will best position your organization to analyse threats and detect anomalies that could indicate cybercriminal behaviour. The payoff for this new proactive approach would

More information

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved. FTA 2017 SEATTLE Cybersecurity and the State Tax Threat Environment 1 Agenda Cybersecurity Trends By the Numbers Attack Trends Defensive Trends State and Local Intelligence What Can You Do? 2 2016: Who

More information

Cyber Threat Intelligence Debbie Janeczek May 24, 2017

Cyber Threat Intelligence Debbie Janeczek May 24, 2017 Cyber Threat Intelligence Debbie Janeczek May 24, 2017 AGENDA Today s Cybersecurity Challenges What is Threat Intelligence? Data, Information, Intelligence Strategic, Operational and Tactical Threat Intelligence

More information

CyberSecurity Training and Capacity Building: A Starting Point for Collaboration and Partnerships. from the most trusted name in information security

CyberSecurity Training and Capacity Building: A Starting Point for Collaboration and Partnerships. from the most trusted name in information security CyberSecurity Training and Capacity Building: A Starting Point for Collaboration and Partnerships About SANS The SANS (SysAdmin, Audit, Network, Security) Institute Established in 1989 Cooperative research

More information

A New Cyber Defense Management Regulation. Ophir Zilbiger, CRISC, CISSP SECOZ CEO

A New Cyber Defense Management Regulation. Ophir Zilbiger, CRISC, CISSP SECOZ CEO A New Cyber Defense Management Regulation Ophir Zilbiger, CRISC, CISSP SECOZ CEO Personal Background IT and Internet professional (since 1992) PwC (1999-2003) Global SME for Network Director Information

More information

RSA NetWitness Suite Respond in Minutes, Not Months

RSA NetWitness Suite Respond in Minutes, Not Months RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations

More information

External Supplier Control Obligations. Cyber Security

External Supplier Control Obligations. Cyber Security External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place

More information

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave EFFECTIVELY TARGETING ADVANCED THREATS Terry Sangha Sales Engineer at Trustwave THE CHALLENGE PROTECTING YOUR ENVIRONMENT IS NOT GETTING EASIER ENDPOINT POINT OF SALE MOBILE VULNERABILITY MANAGEMENT CYBER

More information

Penetration Testing: How to Test What Matters Most

Penetration Testing: How to Test What Matters Most Penetration Testing: How to Test What Matters Most Presenters: Sam Pfanstiel, CISSP, CISM, QSA(P2PE), ETA CPP, Coalfire John Stickle, OSCE, OSCP, OSWP, Coalfire Labs Housekeeping Presenters About Conexxus

More information

IT Security vs. Defensive Cyber Operations: The evolution of CAF Cyber

IT Security vs. Defensive Cyber Operations: The evolution of CAF Cyber ASSISTANT DEPUTY MINISTER (INFORMATION MANAGEMENT) DIRECTOR GENERAL INFORMATION MANAGEMENT OPERATIONS JOINT FORCE CYBER COMPONENT COMMANDER IT Security vs. Defensive Cyber Operations: The evolution of

More information

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21 National and Cyber Security Branch Presentation for Gridseccon Quebec City, October 18-21 1 Public Safety Canada Departmental Structure 2 National and Cyber Security Branch National and Cyber Security

More information

IMEC Cybersecurity for Manufacturers Penetration Testing and Top 10

IMEC Cybersecurity for Manufacturers Penetration Testing and Top 10 IMEC Cybersecurity for Manufacturers Penetration Testing and Top 10 Christian Espinosa, Alpine Security www.alpinesecurity.com 1 Objectives Learn about penetration testing Learn what to consider when selecting

More information

CYBER SOLUTIONS & THREAT INTELLIGENCE

CYBER SOLUTIONS & THREAT INTELLIGENCE CYBER SOLUTIONS & THREAT INTELLIGENCE STRENGTHEN YOUR DEFENSE DarkTower is a global advisory firm focused on security for some of the world s leading organizations. Our security services, along with real-world

More information

Choosing the Right Security Assessment

Choosing the Right Security Assessment A Red Team Whitepaper Choosing the Right Security Navigating the various types of Security s and selecting an IT security service provider can be a daunting task; however, it does not have to be. Understanding

More information

with Advanced Protection

with Advanced  Protection with Advanced Email Protection OVERVIEW Today s sophisticated threats are changing. They re multiplying. They re morphing into new variants. And they re targeting people, not just technology. As organizations

More information

THE POWER OF TECH-SAVVY BOARDS:

THE POWER OF TECH-SAVVY BOARDS: THE POWER OF TECH-SAVVY BOARDS: LEADERSHIP S ROLE IN CULTIVATING CYBERSECURITY TALENT SHANNON DONAHUE DIRECTOR, INFORMATION SECURITY PRACTICES 1 IT S A RISK-BASED WORLD: THE 10 MOST CRITICAL UNCERTAINTIES

More information

CYBERSECURITY MATURITY ASSESSMENT

CYBERSECURITY MATURITY ASSESSMENT CYBERSECURITY MATURITY ASSESSMENT ANTICIPATE. IMPROVE. PREPARE. The CrowdStrike Cybersecurity Maturity Assessment (CSMA) is unique in the security assessment arena. Rather than focusing solely on compliance

More information

BHConsulting. Your trusted cybersecurity partner

BHConsulting. Your trusted cybersecurity partner Your trusted cybersecurity partner BH Consulting Securing your business BH Consulting is an award-winning, independent provider of cybersecurity consulting and information security advisory services. Recognised

More information

BHConsulting. Your trusted cybersecurity partner

BHConsulting. Your trusted cybersecurity partner Your trusted cybersecurity partner BH Consulting Securing your business BH Consulting is an award-winning, independent provider of cybersecurity consulting and information security advisory services. Recognised

More information

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018 Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security BRANDEIS UNIVERSITY PROFESSOR ERICH SCHUMANN MAY 2018 1 Chinese military strategist Sun Tzu: Benchmark If you know your

More information

Vulnerability Management Trends In APAC

Vulnerability Management Trends In APAC GET STARTED Introduction In the age of the customer, the threat landscape is constantly evolving. Attackers are out to steal your company s data, and the ever-expanding number of devices and technologies

More information

STANDARD INFORMATION SHARING FORMATS. Will Semple Head of Threat and Vulnerability Management New York Stock Exchange

STANDARD INFORMATION SHARING FORMATS. Will Semple Head of Threat and Vulnerability Management New York Stock Exchange STANDARD INFORMATION SHARING FORMATS Will Semple Head of Threat and Vulnerability Management New York Stock Exchange AGENDA Information Sharing from the Practitioner s view Changing the focus from Risk

More information

The Perfect Storm Cyber RDT&E

The Perfect Storm Cyber RDT&E The Perfect Storm Cyber RDT&E NAVAIR Public Release 2015-87 Approved for public release; distribution unlimited Presented to: ITEA Cyber Workshop 25 February 2015 Presented by: John Ross NAVAIR 5.4H Cyberwarfare

More information

Introduction to Threat Deception for Modern Cyber Warfare

Introduction to Threat Deception for Modern Cyber Warfare Introduction to Threat Deception for Modern Cyber Warfare Joseph R. Salazar Technical Deception Engineer CISSP, CEH, EnCE 1 Introduction AGENDA Attacker Playbook The Need for Deception Deception as Detection

More information

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments Today s PCI compliance landscape is one of continuing change and scrutiny. Given the number

More information

RiskSense Attack Surface Validation for IoT Systems

RiskSense Attack Surface Validation for IoT Systems RiskSense Attack Surface Validation for IoT Systems 2018 RiskSense, Inc. Surfacing Double Exposure Risks Changing Times and Assessment Focus Our view of security assessments has changed. There is diminishing

More information

Intro to Capture the Flag

Intro to Capture the Flag Intro to Capture the Flag Talk for General Audience: Why Capture the Flag (CTFs) Matter. Synopsis: CTFs are one example of a gamified learning environment. Gamified ecosystems pose many benefits to professional

More information

The Cyber Threat. Bob Gourley, Partner, Cognitio June 22, How we think. 1

The Cyber Threat. Bob Gourley, Partner, Cognitio June 22, How we think. 1 The Cyber Threat Bob Gourley, Partner, Cognitio June 22, 2016 How we think. 1 About This Presentation Based on decades of experience in cyber conflict Including cyber defense, cyber intelligence, cyber

More information

Incorporating Hunt Teams To Defend Your Enterprise

Incorporating Hunt Teams To Defend Your Enterprise Incorporating Hunt Teams To Defend Your Enterprise How the application of military-grade investigative techniques can defend the network from cyber threats Produced in partnership with Cognitio Copyright

More information

Training on CREST Practitioner Security Analyst (CPSA)

Training on CREST Practitioner Security Analyst (CPSA) 1 Training on CREST Practitioner Security Analyst (CPSA) Objectives This programme introduces to you to the CPSA, CREST Practitioner Security Analyst, and certification. This instructor led course covers

More information

RiskSense Attack Surface Validation for Web Applications

RiskSense Attack Surface Validation for Web Applications RiskSense Attack Surface Validation for Web Applications 2018 RiskSense, Inc. Keeping Pace with Digital Business No Excuses for Not Finding Risk Exposure We needed a faster way of getting a risk assessment

More information

How Breaches Really Happen

How Breaches Really Happen How Breaches Really Happen www.10dsecurity.com About Dedicated Information Security Firm Clients Nationwide, primarily in financial industry Services Penetration Testing Social Engineering Vulnerability

More information

WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX

WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX 1 INTRODUCTION The MITRE Corporation Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK ) Matrix provides a model

More information

CASE STUDY. How 16 Penetration Tests Missed A Vulnerability Which Could ve Cost One Company Over $103 Million In PCI Fines

CASE STUDY. How 16 Penetration Tests Missed A Vulnerability Which Could ve Cost One Company Over $103 Million In PCI Fines CASE STUDY How 16 Penetration Tests Missed A Vulnerability Which Could ve Cost One Company Over $103 Million In PCI Fines IN A RECENT ENHANCED RED TEAM/ADVANCED PENETRATION TEST, OUR TEAM OF TESTERS UNCOVERED

More information

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO INFORMATION SECURITY PAINS CISO RESPONSIBILITY WITHOUT AUTHORITY INVENTORY TO MANAGE ALERTS WITHOUT MEANING ASSETS SPREAD ACROSS

More information

STUDENT LEARNING OUTCOMES Beacom College of Computer and Cyber Sciences

STUDENT LEARNING OUTCOMES Beacom College of Computer and Cyber Sciences STUDENT LEARNING OUTCOMES Beacom College of Computer and Cyber Sciences Undergraduate Programs - Bachelor B.S. Computer Game Design Upon completion of the B.S. degree in Computer Game Design, students

More information

CONTROLLING YOUR OWN BATTLESPACE. From Threat Response Teams To Threat Intelligence Teams

CONTROLLING YOUR OWN BATTLESPACE. From Threat Response Teams To Threat Intelligence Teams CONTROLLING YOUR OWN BATTLESPACE From Threat Response Teams To Threat Intelligence Teams Agenda Motivations The Intelligence Process The Cyber Kill Chain Approach Indicators of Compromise Information Sharing

More information

Security Incident Management in Microsoft Dynamics 365

Security Incident Management in Microsoft Dynamics 365 Security Incident Management in Microsoft Dynamics 365 Published: April 26, 2017 This document describes how Microsoft handles security incidents in Microsoft Dynamics 365 2017 Microsoft Corporation. All

More information

All the Cool Kids Are Red Teaming Should You Be Drinking the Kool-aid Too?

All the Cool Kids Are Red Teaming Should You Be Drinking the Kool-aid Too? All the Cool Kids Are Red Teaming Should You Be Drinking the Kool-aid Too? Exploring Different Approaches to Penetration Testing Cara Marie NCC Group ISSA-LA Aug 2017 Obligatory About Me NCC Group Principal

More information

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it

More information

Staffing Services UnderDefense your source of experienced professionals to solve security staffing challenges today

Staffing Services UnderDefense your source of experienced professionals to solve security staffing challenges today Security Staffing Services UnderDefense your source of experienced professionals to solve security staffing challenges today Staff Augmentation, Executive Staffing, Flex Staffing Achieving our main goal

More information

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

10 Cybersecurity Questions for Bank CEOs and the Board of Directors 4 th Annual UBA Bank Executive Winter Conference February, 2015 10 Cybersecurity Questions for Bank CEOs and the Board of Directors Dr. Kevin Streff Founder, Secure Banking Solutions 1 Board of Directors

More information

Cyber Resilience. Think18. Felicity March IBM Corporation

Cyber Resilience. Think18. Felicity March IBM Corporation Cyber Resilience Think18 Felicity March 1 2018 IBM Corporation Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber attack

More information

4/13/2018. Certified Analyst Program Infosheet

4/13/2018. Certified Analyst Program Infosheet 4/13/2018 Certified Analyst Program Infosheet Contents I. Executive Summary II. Training Framework III. Course Structure, Learning Outcomes, and Skills List IV. Sign-up and More Information Executive Summary

More information

Gaps in Resources, Risk and Visibility Weaken Cybersecurity Posture

Gaps in Resources, Risk and Visibility Weaken Cybersecurity Posture February 2019 Challenging State of Vulnerability Management Today: Gaps in Resources, Risk and Visibility Weaken Cybersecurity Posture In the last two years, businesses and governments have seen data breaches

More information

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution Service SM Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution Product Protecting sensitive data is critical to being

More information

A Risk Management Platform

A Risk Management Platform A Risk Management Platform Michael Lai CISSP, CISA, MBA, MSc, BEng(hons) Territory Manager & Senior Security Sales Engineer Shift to Risk-Based Security OLD MODEL: Prevention-Based Security Prevention

More information

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Transforming Security from Defense in Depth to Comprehensive Security Assurance Transforming Security from Defense in Depth to Comprehensive Security Assurance February 28, 2016 Revision #3 Table of Contents Introduction... 3 The problem: defense in depth is not working... 3 The new

More information

ShiftLeft. Real-World Runtime Protection Benchmarking

ShiftLeft. Real-World Runtime Protection Benchmarking ShiftLeft Real-World Runtime Protection Benchmarking Table of Contents Executive Summary... 02 Testing Approach... 02 ShiftLeft Technology... 04 Test Application... 06 Results... 07 SQL injection exploits

More information

Q&A TAKING ENTERPRISE SECURITY TO THE NEXT LEVEL. An interview with John Summers, Enterprise VP and GM, Akamai

Q&A TAKING ENTERPRISE SECURITY TO THE NEXT LEVEL. An interview with John Summers, Enterprise VP and GM, Akamai TAKING ENTERPRISE SECURITY TO THE NEXT LEVEL An interview with John Summers, Enterprise VP and GM, Akamai Q&A What are the top things that business leaders need to understand about today s cybersecurity

More information

SOLUTION BRIEF Virtual CISO

SOLUTION BRIEF Virtual CISO SOLUTION BRIEF Virtual CISO programs that prepare you for tomorrow s threats today Organizations often find themselves in a vise between ever-evolving cyber threats and regulatory requirements that tighten

More information

Attackers Process. Compromise the Root of the Domain Network: Active Directory

Attackers Process. Compromise the Root of the Domain Network: Active Directory Attackers Process Compromise the Root of the Domain Network: Active Directory BACKDOORS STEAL CREDENTIALS MOVE LATERALLY MAINTAIN PRESENCE PREVENTION SOLUTIONS INITIAL RECON INITIAL COMPROMISE ESTABLISH

More information

A CFO s Guide to Cyber Security in the Coming Year

A CFO s Guide to Cyber Security in the Coming Year CYBER SECURITY A CFO s Guide to Cyber Security in the Coming Year LEVERAGE TECHNOLOGY AND YOUR FINANCIAL INSTITUTION TO BUILD BETTER DEFENSES www.cfo.com www.huntington.com A CFO s Guide to Cyber Security

More information

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Enhancing the Cybersecurity of Federal Information and Assets through CSIP TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3

More information

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported

More information

MIS Class 2. The Threat Environment

MIS Class 2. The Threat Environment MIS 5214 Class 2 The Threat Environment Agenda In the News Models Risk Hackers Vulnerabilities Information System Categorization Risk Assessment Exercise Conceptual Modeling and Information Systems In

More information

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.

More information

Continuous protection to reduce risk and maintain production availability

Continuous protection to reduce risk and maintain production availability Industry Services Continuous protection to reduce risk and maintain production availability Managed Security Service Answers for industry. Managing your industrial cyber security risk requires world-leading

More information

Thanks for attending this session on April 6 th, 2016 If you have any question, please contact Jim at

Thanks for attending this session on April 6 th, 2016 If you have any question, please contact Jim at Thanks! Thanks for attending this session on April 6 th, 2016 If you have any question, please contact Jim at jim@stickleyonsecurity.com Don t forget to checkout Stickley on Security and learn about our

More information

MN CYBER STATEWIDE INSTITUTE FOR CYBERSECURITY, FORENSICS, AND IOT

MN CYBER STATEWIDE INSTITUTE FOR CYBERSECURITY, FORENSICS, AND IOT MN CYBER STATEWIDE INSTITUTE FOR CYBERSECURITY, FORENSICS, AND IOT WHO ARE WE? Faisal Kaleem Professor, Metro State Executive Director, MN Cyber Corey Blommel Cyber Range Instructor Anoka Ramsey College

More information

Incident Response Agility: Leverage the Past and Present into the Future

Incident Response Agility: Leverage the Past and Present into the Future SESSION ID: SPO1-W03 Incident Response Agility: Leverage the Past and Present into the Future Torry Campbell CTO, Endpoint and Management Technologies Intel Security The Reality we Face Reconnaissance

More information

whitepaper How to Measure, Report On, and Actually Reduce Vulnerability Risk

whitepaper How to Measure, Report On, and Actually Reduce Vulnerability Risk whitepaper How to Measure, Report On, and Actually Reduce Vulnerability Risk Assure the board your company won t be the next data breach Introduction A solid vulnerability management program is critical

More information

State of the. Union. (or: How not to use Krebs as an IDS ) (Information Security) Jeff McJunkin Senior Technical Analyst Counter Hack Challenges

State of the. Union. (or: How not to use Krebs as an IDS ) (Information Security) Jeff McJunkin Senior Technical Analyst Counter Hack Challenges State of the (Information Security) Union (or: How not to use Krebs as an IDS ) Jeff McJunkin Senior Technical Analyst Counter Hack Challenges My background IT Systems / Network Administrator for City

More information

Operationalizing the Three Principles of Advanced Threat Detection

Operationalizing the Three Principles of Advanced Threat Detection SESSION ID: SDS2-R08 Operationalizing the Three Principles of Advanced Threat Detection ZULFIKAR RAMZAN, PH.D Chief Technology Officer RSA @zulfikar_ramzan Dealing with Traffic Congestion Singapore: Major

More information

Cyber Threat Landscape April 2013

Cyber Threat Landscape April 2013 www.pwc.co.uk Cyber Threat Landscape April 2013 Cyber Threats: Influences of the global business ecosystem Economic Industry/ Competitors Technology-led innovation has enabled business models to evolve

More information

DoD Software Assurance Initiative. Mitchell Komaroff, OASD (NII)/DCIO Kristen Baldwin, OUSD(AT&L)/DS

DoD Software Assurance Initiative. Mitchell Komaroff, OASD (NII)/DCIO Kristen Baldwin, OUSD(AT&L)/DS DoD Software Assurance Initiative Mitchell Komaroff, OASD (NII)/DCIO Kristen Baldwin, OUSD(AT&L)/DS Agenda Background Software Assurance Definition Guiding Principles for SwA DoD SwA Strategy Elements»

More information

The Convergence of Security and Compliance

The Convergence of Security and Compliance ebook The Convergence of Security and Compliance How Next Generation Endpoint Security Manages 5 Core Compliance Controls Table of Contents Introduction....3 Positive versus Negative Application Security....3

More information

Must Have Items for Your Cybersecurity or IT Budget in 2018

Must Have Items for Your Cybersecurity or IT Budget in 2018 Must Have Items for Your Cybersecurity or IT Budget in 2018 CBAO Regional Meeting Dan Desko (Senior Manager, IT Risk Advisory) Matt Dunn (Senior Security Analyst, IT Risk Advisory) Who is Schneider Downs?

More information

Prescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC

Prescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC Prescriptive Security Operations Centers Leveraging big data capabilities to build next generation SOC Cyber Security Industry in constant renewal in 2016 and 2017 1 Tbps Mirai IoT Botnet broke the Internet

More information