Vajra Cyber Threat Mitigation Service (Vajra CTMS)

Transcription

1 Vajra Cyber Threat Mitigation Service (Vajra CTMS) A Military Grade Cyber Threat Mitigation Service for Businesses and Governments Cyber Security & Privacy Foundation Pte. Ltd., Singapore

2 I m no expert, but I think it s some kind of cyber attack! 2

3 Cyber Threat - A Serious, Live Threat Cyber attacks present financial, operational, reputational, regulatory, geopolitical and M&A risks Attacks are an assault on a institution s strategic imperatives CYBER THREATS NOW A MAINSTREAM BUSINESS RISK THAT DEMAND CEO AND BOARD LEVEL ATTENTION No longer just the IT team s migraine Committed, phenomenally skilled, unconventional and highly resourceful, Black Hat hackers are an overwhelming problem for conventionally resourced IT setups Cyber attacks are somewhat like a heart attack Never know when one is around the corner 3

4 Cyber Threat - A Serious, Live Threat Financial Impact Revenue losses Regulatory penalties Disruption of business systems Erosion of customers Non Financial Impact Reputational damage Pirating of products Diversion of R&D data Impact on innovation, loss of trade secrets Stolen product designs or prototypes Theft of business and manufacturing processes Loss of sensitive information such as M&A plans and corporate strategy 4

5 Major Threats Distributed Denial of Service Hacking DDoS attacks typically cripple an organisation Services like Net banking, Mobile banking, ATMs, Mail servers, trading/clearing platforms go unavailable for few hours/longer Store front is shut down Crucial systems needed by hospitals, patients, drug firms, health insurers are disabled SCADA and other control systems failure, power grid collapse, internet access failure Non functional servers and internet network can lead to information vacuum internally and with clients, customers, suppliers, regulators Black Hat attacks on Web portals, servers, Data Base servers, SCADA systems, App Stores, Routers All round attack Personal, Mobile, Desktop devices & Firmware Results in Leakages database, personal records, patient records Outages and breakdown in Utilities : power, water, gas, trading, payment & clearing systems, Tax Information Networks 0 Day & APT Attacks Interconnected Business Ecosystem Attacks Intense, organised attacks on critical sectors & organisations -Labeled as Advanced Persistent Threats given their draconian nature -APTs can have long term impact and severely compromise organisations & their insurers Partners, suppliers, supply chains -Smaller, less prepared members of ecosystems more tempting targets to get a foothold into the system 5

6 Establishments vs Hackers Establishments Say We Have Latest security tools A CISO Antivirus, firewall, Intrusion prevention system - all updated Compliance with best security processes Top consultants undertaking audits, vulnerability assessments and penetration testing Hackers Say Ha! We don t look at your certifications or who did it. Or how good your processes are We need a single vulnerability to get in! We have 0 day vulnerabilities which none is aware of We have an Advanced Persistent Threat Team (criminals, hackers, insiders and money) that never gives up 6

7 Vajra Daily Cloud Scan 7

8 Cyber Security Structure Security Technologies WAF/Firewall/IDS/SIEM is present. ISO Standards are implemented around data center, VAPT is regularly done to satisfy compliance/regulatory requirement/certification requirement. Analysis of SIEM logs SOC monitors and analyses logs and takes corrective action with logs from WAF/firewall/IPS. The traffics are blocked which are then blacklisted. WAF allows signature to be blocked. MOST ORGANIZATION ASSUME THEY ARE SECURE. 8

9 Points to be Noted Hacking Incidents Global hacking incidents include US Gov & Fortune 100 have happened. BFSI organization has been recently compromised and regulators have taken strict action. Point of infiltration(apt): External web application/services/mobile application insecure SQL injection/xss/idor/file upload/broken authentication 0day vulnerabilities on exposed services Default passwords on frameworks/applications/devices Lateral movement through Pivoting(from exposed interfaces) Existing Cyber Security Structure not able to address the above point of infiltration. 9

10 Vajra Daily APT Scan Executive Summary APMS Corporate Web Reputation & Security Scan (WRSS) Automated Vulnerability Assessment DF24 Anti-fraud module extending to Anti Phishing, Anti- Malware and Anti Spam (APMS). Protect against Reputation, Financial & IP loss. Secure against Trojan Horses, Ransom Demands Web Security scanner scans for vulnerabilities on webportal/web services. Advanced intrusive model including external VA of network for protective and compliance requirements defacement monitor for customer facing web portals. Includes Android mobile app/windows soc desktop app (for quick alerts) 10

11 APMS (Anti Phishing, Malware & Spam) Non-intrusive monitoring to protect against Reputation, Financial & IP loss Exhaustive scan of global phishing and spamming databases to cross-check potential compromises of customer s domain/s Sandbox application to browse customers site/s and check if iframe, malware, java drive by can be downloaded to infect the machines of the end users of a bank s website or a e- commerce portal 11

12 Vajra APMS Automated daily scan and report generation Phishing complaints reporting system Anti viruses check for web portal infections by crawling through all known paths DNS hijack check Similar Domain Name - Electronic Eye (EE) Ap24 phish tank, CTL - Feed processing(ee) 12

13 Anti-Phishing, Malware and Spam (APMS) scrutiny + scan of web portals and web services Human Critical Index(HCI) Vajra WRSS (Web Reputation & Security Scan) Checks for specific CMS vulnerabilities Heuristic Shell detector identifies hackers web-shells in web portals/web app. Manual entry point adding for security analyst 13

14 Vajra WRSS Machine learning assisted Hacker Entry Point Mapper(HEP) Maps entry points normally discovered by hackers Root cause analysis of Sensitive Information Leakages on Internet False positive marker handled by security analyst Accepted Risk/Ignore Export for auditors 14

15 Vajra WRSS Manual APT bugtrack for customer. Automatic report generation template for thecustomer (used by security analyst) 15

16 Automated VA for IP Automated VA for IP Identification, quantification, and prioritization of vulnerabilities Advanced intrusive model including external and internal vulnerability assessment (VA) of network for protection and compliance requirements 16

17 Automated VA for IP Automated VA for IP Scans multiple IP for open ports, enumerates and identifies vulnerability. We mark human critical index of the device(ciso of organization tells us which are most critical in organization). AVA IP has facility to mark false positive when scanner identify it wrongly/when not applicable. The security analyst dedicated to your organization marks it. 17

18 Automated VA for IP Security Analyst can mark Ignore/Accepted risk. Exporting accepted risk for auditing purpose. Manual APT bug-track for customer. Automatic report generation template for the customer (used by security analyst) 18

19 Overall Service Daily APMS report to customer Prioritize vulnerability and work with SOC/Vendor(network/ application level) to fix them. Weekly AVA/WRSS report with Bugtrack report. Strive to ensure no exploitable vulnerability is there. All critical /high vulnerabilities from automated wrss/ava and manual apt testing to be addressed are exported into bug track in the portal. 19

20 A not-for-profit foundation, Cyber Security & Privacy Foundation, formed as a vehicle to create hands on technical competency, initiate R&D and provide training in cyber security for individuals and organisations in India Cyber Security is our Mission, and not only a Business CSPF s cyber security initiatives are supported by its larger ecosystem including: This non-profit foundation benefits from the wisdom of former senior practitioners from the Government and CISOs from Industry and Banks who are Trustees and Advisors of/to the Foundation. We have agreement with international pre emptive threat intel organization. E Hacking News (EHN), a leading Information Security news portal with more than 1,00,000 readers. EHN delivers the latest news updates related to security breaches, cyber crime, vulnerability, cyber security and penetration testing tools and more EHN provided media support to several International Security conferences including NullCon, ClubHack, OWASP Asia and Hack in Paris, among others 20

21 Contact We can be reached at the following id: 21