Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
|
|
- Gervase Fowler
- 6 years ago
- Views:
Transcription
1 Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
2 September 2014 Let HP ArcSight ESM be the strong link in your Cyber Kill Chain Pete Babcock - USAA
3 3 What is the Cyber Kill Chain? The Cyber Kill Chain is a taxonomy designed to measure the effectiveness of the Defense-in-Depth strategy. Layer 3 Layer 2 Layer 1 How far can I get?
4 4 What is the origin of the Kill Chain? The Cyber Kill Chain was socialized by Lockheed Martin. It is based on military doctrine. It was developed as a method for describing an intrusion from an attacker s point of view. It can inform Cyber Security and Intelligence Analysis.
5 5 Reconnaissance Searches LinkedIn for System Administrators at USAA. Guesses their USAA addresses based on name. Weaponization Cyber Obtains domain name and creates website with malware. Crafts spear phish. Delivery Sends spear phish to targeted addresses. Administrator clicks on link and goes to evil website. Kill Chain Exploitation Zero day exploit on website executes on Administrator s PC. Administrator s PC is compromised. Installation Root Kit is installed on Administrator s PC. Stages Establish Root kit connects back to C2 Threat Actor s server to obtain further instructions. Actions on Objectives Threat Actor looks for data on Administrator s PC. Threat Actor starts compromising other USAA machines.
6 6 What can the Kill Chain do? Each phase of the kill chain can be mapped to corresponding defensive tools and actions. An analyst who knows the stage of the Kill Chain has a basic understanding of what is being attempted and what response is called for. Defensive Courses of Actions are based on the Information Operations principles of: Detect, Deny, Disrupt, Degrade, Deceive & Destroy
7 7 Courses of Action Matrix Phase Detect Deny Disrupt Degrade Deceive Reconnaissance Firewall NIDS Web Logs Firewall NIPS * * * Weaponization DNS Monitoring Website Monitoring * * * * Delivery Antivirus NIDS Vigilant User NIPS Proxy In-Line Antivirus * * Exploitation Installation Establish C2 Actions on Objectives NIDS Antivirus Antivirus Application Logs CIC Malware Sandbox NIDS Application Logs Antivirus System Patching Antivirus System Patching Restricted User Accounts * Antivirus * * Firewall NIPS * * Firewall VLANs VLANs * *
8 8 What can the Kill Chain do? The sooner in the kill chain you can disrupt the attack, the better. Tracking similarities across kill chain phases can give CTOC Analysts insight into: Threat Actor Tactics, Techniques and Procedures (TTP) Campaign Analysis
9 9 How will USAA operationalize? 1 Integrate into ArcSight ESM Cases 2 3 Integrate into the CTOC Wiki Integrate into the Weekly Stand-Up Briefing
10 10 Repurposing Case Fields Energy cannot be created or destroyed, it can only be changed from one form to another. - Albert Einstein ArcSight ESM Case Fields are kinda like that
11 11 Modifying ESM Cases When using ArcSight ESM Cases, it is possible to modify them to your needs. There are 3 files that control cases: Manager /opt/arcsight/manager/config/caseui.xml Yes, the modified files will need to be updated on ALL Consoles Console C:\arcsight\Console\current\i18n\common\ label_strings_en.properties C:\arcsight\Console\current\i18n\common\ resource_strings_en.properties
12 12 Repurposing Case Fields The Joke: You are going to use ArcSight s Foreign Language capabilities to give a field an alias in English! First pick a Case Field that you aren t using of the correct field type. Candidates can be found in the resource_strings_en.properties file. Modify the field in the resource_strings_en.properties file. If using a list field in the resource_strings_en.properties file, make sure to configure the list options.
13 13 resource_strings_en.properties Modify the Field extendedcase.attribute.vulnerabilitydata.label=vulnerability Data extendedcase.attribute.vulnerabilitydata.shortlabel=vulnerability Data extendedcase.attribute.history.label=reoccurence Pain extendedcase.attribute.history.shortlabel=reoccurence Pain extendedcase.attribute.lastoccurrencetime.label=4 - Investigation Start Time extendedcase.attribute.lastoccurrencetime.shortlabel=4 - Investigation Start Time extendedcase.attribute.resistance.label=kill Chain Stage extendedcase.attribute.resistance.shortlabel=kill Chain Stage extendedcase.attribute.conclusions.label=conclusions extendedcase.attribute.conclusions.shortlabel=conclusions List Field Options extendedcase.history=unknown or None,Low,Medium,Please make it stop #extendedcase.resistance=high,low,unknown extendedcase.resistance=unknown,reconnaissance,weaponization,delivery,exploitation,installation,establish C2,Actions on Objectives,Not on Kill Chain
14 14 label_strings_en.properties This file is used to rename the Case tabs and headers displayed in the ArcSight ESM Console. Manager #Cases cases.tab.initial=initial cases.tab.attributes=case Info cases.tab.description=description cases.tab.securityclassification=security Classification cases.tab.followup=incident cases.tab.final=analysis cases.tab.attackmechanism=dean's Categorization cases.tab.attackagent=attack Agent cases.tab.incidentinformation=incident Information cases.tab.vulnerability=vulnerability cases.tab.other=other cases.header.case=case cases.header.ticket=ticket cases.header.incidentinformation=incident Information cases.header.securityclassification=security Classification cases.header.securityclassificationcode=security Classification Code
15 15 CaseUI.xml This is the xml file that defines the fields and tabs to display within a case. <editor enforcelocking="true" colortreeby="consequenceseverity" width="480" height="480"> <tab name="cases.tab.final" <component name="securityclassificationtable" <parameter name="cases.header.case" <parameter name="name" <parameter name="plannedactions" <parameter name="tickettype" <parameter name="stage" <parameter name="securityclassification" <parameter name="resistance" <parameter name="consequenceseverity" <parameter name="history" <parameter name="cases.header.ticket" <parameter name="estimatedstarttime" <parameter name="detectiontime" <parameter name="attacktime" <parameter name="lastoccurrencetime" <parameter name="estimatedrestoretime" </component> <component name="actionstaken" type="base"> type="table"> type="header"/> type="resourcename"/> type="string"/> type="stringlist"/> type="stringlist"/> type="stringlist"/> type="stringlist"/> type="stringlist"/> type="stringlist"/> type="header"/> type="date"/> type="date"/> type="date"/> type="date"/> type="date"/> type="textarea"/> <component name="followupcontact" <component name="conclusions" </tab> <tab name="cases.tab.attributes" <component name="attributestable" <parameter name="cases.header.case" <parameter name="name" <parameter name="displayid" <parameter name="common" </component> </tab> <tab name="cases.tab.followup" <component name="incidentinformationtable" <parameter name="incidentsource1" <parameter name="attackmechanism" </component> <component name="estimatedimpact" </tab> </editor> type="textarea"/> type="textarea"/> type="base" showexport="true"> type="table"> type="header"/> type="resourcename"/> type="int" readonly="true"/> type="commonresourceattrs"/> type="base"> type="table"> type="string"/> type="stringlist"/> type="textarea"/>
16 16 Classify ArcSight ESM Cases
17 17 Classify ArcSight ESM Cases
18 18 Categorize CTOC Use Cases in Wiki
19 19 Categorize CTOC Use Cases in Wiki
20 20 Categorize CTOC Use Cases in Wiki
21 21 How will this be briefed?
22 22 Integrate into the weekly standup briefing The CTOC gives a Weekly Briefing to USAA s CSO and of his direct reports and other parts of the business. 3 new slides were incorporated into the Weekly Standup Briefing slide deck to communicate the Cyber Kill Chain metrics.
23 23 Weekly Cyber Kill Chain metrics 1,200 Reconnaissance 1,000 Weaponization 800 Delivery 600 Exploitation 400 Installation 200 Establish C2 0 12/10/ /17/13 12/24/13 12/31/13 1/7/14 1/14/14 1/21/14 1/28/14 2/3/14 Actions on Objectives
24 24 This week s Cyber Kill Chain
25 25 This week s Cyber Kill Chain highlights Reconnaissance Multiple failed logins - Non-privileged This spike was caused by USAA employees attempting (and failing) to VPN into USAA during the icy weather on Friday 1/24/14. Actions on objectives Non-active USAA username - Destination This was caused by Peoplesoft listing contactors as being terminated when, in fact, their contract was extended. More timely updates to Peoplesoft would correct this.
26 26 Why do we need the Cyber Kill Chain? Measurement is the first step that leads to control and eventually to improvement. If you can t measure something, you can t understand it. If you can t understand it, you can t control it. If you can t control it, you can t improve it. - H. James Harrington
27 27 Q&A Questions?
28 Please give me your feedback Session TB3028 Speaker Pete Babcock Use the mobile app 1. Click on Sessions 2. Click on this session 3. Click on Rate Session Or use the hard copy surveys Thank you for providing your feedback, which helps us enhance content for future events.
29 Thank you Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
30 Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
HPE Security ArcSight ESM
HPE Security ArcSight ESM Software Version: 7.0 Cases Editor UI Customization Tech Note April 20, 2018 Legal Notices Warranty The only warranties for Hewlett Packard Enterprise products and services are
More informationANATOMY OF AN ATTACK!
ANATOMY OF AN ATTACK! Are Your Crown Jewels Safe? Dom Kapac, Security Evangelist WHAT DO WE MEAN BY CROWN JEWELS? Crown jewels for most organizations are critical infrastructure and data Data is a valuable
More informationBest Practices for Scoping Infections and Disrupting Breaches
2017 SPLUNK INC. Best Practices for Scoping Infections and Disrupting Breaches Analytics-Driven Security Alain Gutknecht Staff SE alain@splunk.com 2017 SPLUNK INC. The Ever-Changing Threat Landscape 100%
More informationThe Kill Chain for the Advanced Persistent Threat
The Kill Chain for the Advanced Persistent Threat Intelligence-driven Computer Network Defense as presented at Michael Cloppert Eric Hutchins Lockheed Martin Corp Wednesday, October 12, 2011 0000 10/12/2011
More informationSecurity analytics: From data to action Visual and analytical approaches to detecting modern adversaries
Security analytics: From data to action Visual and analytical approaches to detecting modern adversaries Chris Calvert, CISSP, CISM Director of Solutions Innovation Copyright 2013 Hewlett-Packard Development
More informationA Common Cyber Threat Framework: A Foundation for Communication
For For Public Distribution A Common Cyber Threat Framework: A Foundation for Communication This is a work of the U.S. Government and is not subject to copyright protection in the United States. Overview
More informationAsset and network modeling in HP ArcSight ESM and Express
Asset and network modeling in HP ArcSight ESM and Express Till Jäger, CISSP, CEH EMEA ArcSight Architect, HP ESP Agenda Overview Walkthrough of asset modeling in ArcSight ESM More inside info about the
More informationArcSight Activate Framework
ArcSight Activate Framework Petropoulos #HPProtect 44% Have trouble managing their SIEM eiqnetworks 2013 SIEM Survey #1 challenge Identification of key events SANS 2012 Log Management and Event Management
More informationApplication Whitelisting and Active Analysis Nick Levay, Chief Security Officer, Bit9
Application Whitelisting and Active Analysis Nick Levay, Chief Security Officer, Bit9 About Me Chief Security Officer @ Bit9 Former Director of Technical Operations and Information Security @ Center for
More informationBuilding Resilience in a Digital Enterprise
Building Resilience in a Digital Enterprise Top five steps to help reduce the risk of advanced targeted attacks To be successful in business today, an enterprise must operate securely in the cyberdomain.
More informationCONTROLLING YOUR OWN BATTLESPACE. From Threat Response Teams To Threat Intelligence Teams
CONTROLLING YOUR OWN BATTLESPACE From Threat Response Teams To Threat Intelligence Teams Agenda Motivations The Intelligence Process The Cyber Kill Chain Approach Indicators of Compromise Information Sharing
More informationUsing Visibility To Turn The Tables on Cybercriminals
SESSION ID: SPO-W07B Using Visibility To Turn The Tables on Cybercriminals Johnnie Konstantas Director, Security Solutions Gigamon Inc. Twitter: @jkonstantas Agenda Turning the tables on cybercriminals
More informationWhat We Can Learn from Other s Cybersecurity Failures. Keith Price BBus, MSc, CGEIT, CISM, CISSP
What We Can Learn from Other s Cybersecurity Failures Keith Price BBus, MSc, CGEIT, CISM, CISSP 1 Agenda A (very) brief modern history of cyber Scale of the cyber problem Clarifying cyber risk through
More informationEnriching and Automating Fraud Response with HP ArcSight ESM
Enriching and Automating Fraud Response with HP ArcSight ESM TB3022 Ron Stamper, Regions Financial, Cybersecurity Engineer Josh Larkins, Malcovery Security, Sr Threat Intel Analyst Table of Contents Introduction
More informationHow Breaches Really Happen
How Breaches Really Happen www.10dsecurity.com About Dedicated Information Security Firm Clients Nationwide, primarily in financial industry Services Penetration Testing Social Engineering Vulnerability
More informationWHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX
WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX 1 INTRODUCTION The MITRE Corporation Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK ) Matrix provides a model
More informationTuning HP ArcSight ESM prioritization
Tuning HP ArcSight ESM prioritization Beirne Konarski, Principal Consultant #HPProtect Priority What does the priority score mean? The priority helps you determine which events are most important to act
More informationPaloalto Networks PCNSA EXAM
Page No 1 m/ Paloalto Networks PCNSA EXAM Palo Alto Networks Certified Network Security Administrator Product: Full File For More Information: /PCNSA-dumps 2 Product Questions: 50 Version: 8.0 Question:
More informationCTI Capability Maturity Model Marco Lourenco
1 CTI Capability Maturity Model Cyber Threat Intelligence Course NIS Summer School 2018, Crete October 2018 MARCO LOURENCO - ENISA Cyber Security Analyst Lead European Union Agency for Network and Information
More informationManaging an Active Incident Response Case. Paul Underwood, COO
Managing an Active Incident Response Case Paul Underwood, COO 2 About Us Paul Underwood - COO Emagined Security is a leading professional services firm for Information Security, Privacy & Compliance solutions.
More informationCyber Threat Intelligence Standards - A high-level overview
Cyber Threat Intelligence Standards - A high-level overview Christian Doerr TU Delft, Cyber Threat Intelligence Lab Delft University of Technology Challenge the future ~ whoami At TU Delft since 2008 in
More informationAdvanced Endpoint Protection
Advanced Endpoint Protection Protecting Endpoints and Servers Nick Levay, Chief Security Officer, Bit9 @rattle1337 2014 Bit9. All Rights Reserved About Me Chief Security Officer, Bit9
More informationThe GenCyber Program. By Chris Ralph
The GenCyber Program By Chris Ralph The Mission of GenCyber Provide a cybersecurity camp experience for students and teachers at the K-12 level. The primary goal of the program is to increase interest
More informationImproved C&C Traffic Detection Using Multidimensional Model and Network Timeline Analysis
Improved C&C Traffic Detection Using Multidimensional Model and Elad Menahem Avidan Avraham Modern Threats Are More Sophisticated & Evasive CYBER KILL CHAIN: Infection Phase Post-Infection Recon Weaponization
More informationSecurity & Phishing
Email Security & Phishing Best Practices In Cybersecurity Presenters Bill Shieh Guest Speaker Staff Engineer Information Security Ellie Mae Supervisory Special Agent Cyber Crime FBI 2 What Is Phishing?
More informationCourse Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture
About this Course This course will best position your organization to analyse threats and detect anomalies that could indicate cybercriminal behaviour. The payoff for this new proactive approach would
More informationJoe Stocker, CISSP, MCITP, VTSP Patriot Consulting
Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting Microsoft Cloud Evangelist at Patriot Consulting Principal Systems Architect with 17 Years of experience Technical certifications: MCSE, MCITP Office
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationWar Stories on Powering Incident Response with Intelligence
War Stories on Powering Incident Response with Intelligence Indicators What are They Good For? It depends Atomic Indicators must be high confidence to be useful 2 Herd Immunity Patient zero dies so others
More informationSupplier Training Excellence Program
Supplier Training Excellence Program Cybersecurity Webinar February 9, 2017 Agenda Why must my company complete the Cyber Questionnaire(s)? What are the Cyber Questionnaire(s)? How do I get help? What
More informationempow s Security Platform The SIEM that Gives SIEM a Good Name
empow s Security Platform The SIEM that Gives SIEM a Good Name Donnelley Financial Solutions empow s platform is unique in the security arena it makes all the tools in our arsenal work optimally and in
More informationAutomated Context and Incident Response
Technical Brief Automated Context and Incident Response www.proofpoint.com Incident response requires situational awareness of the target, his or her environment, and the attacker. However, security alerts
More informationAutomated Threat Management - in Real Time. Vectra Networks
Automated Threat Management - in Real Time Security investment has traditionally been in two areas Prevention Phase Active Phase Clean-up Phase Initial Infection Key assets found in the wild $$$$ $$$ $$
More informationCombating Cyber Risk in the Supply Chain
SESSION ID: CIN-W10 Combating Cyber Risk in the Supply Chain Ashok Sankar Senior Director Cyber Strategy Raytheon Websense @ashoksankar Introduction The velocity of data breaches is accelerating at an
More informationThreat Based Defence Alonso Jose da Silva II. GRC & Cyber Security Conference - Bringing the Silos
Threat Based Defence Alonso Jose da Silva II Objectives What we will discuss Threat-based defence: principles and function Running a threat intelligence cycle Case study - financial services fraud About
More informationNew World, New IT, New Security
SESSION ID: GPS1-R08 New World, New IT, New Security Jackie Chen Chief Product & Marketing Officer Sangfor Technologies (HQ) #RSAC New World, New IT, New Security Internet of Things BYOD Cloud Estimated
More informationCisco Security Exposed Through the Cyber Kill Chain
Cisco Forschung & Lehre Forum für Mecklenburg Vorpommern Cisco Security Exposed Through the Cyber Kill Chain Rene Straube CSE, Cisco Advanced Threat Solutions January, 2017 The Cisco Security Model BEFORE
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 19: Intrusion Detection Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Intruders Intrusion detection host-based network-based
More informationSOLUTION BRIEF REMOTE ACCESS: WEBSHELLS SEE EVERYTHING, FEAR NOTHING
REMOTE ACCESS: WEBSHELLS SEE EVERYTHING, FEAR NOTHING RSA Visibility Reconnaissance Weaponization Delivery Exploitation Installation C2 Action WHAT IS A WEBSHELL? A WebShell is a piece of code or a script
More informationInvestigative Response Case Metrics Initiative Preliminary findings from 700+ data compromise investigations
Investigative Response Case Metrics Initiative Preliminary findings from 700+ data compromise investigations GLOBAL CAPABILITY. PERSONAL ACCOUNTABILITY. Wade Baker MiniMetricon 2.5 April 07, 2008 2008
More informationSharing What Matters. Accelerating Incident Response and Threat Hunting by Sharing Behavioral Data
Sharing What Matters Accelerating Incident Response and Threat Hunting by Sharing Behavioral Data Dan Gunter, Principal Threat Analyst Marc Seitz, Threat Analyst Dragos, Inc. August 2018 Today s Talk at
More informationStrategy is Key: How to Successfully Defend and Protect. Session # CS1, February 19, 2017 Karl West, CISO, Intermountain Healthcare
Strategy is Key: How to Successfully Defend and Protect Session # CS1, February 19, 2017 Karl West, CISO, Intermountain Healthcare 1 Speaker Introduction Karl West Chief Information Security Officer Intermountain
More information23 MAR Malicious cyber activity of Iran-based Mabna Institute TLP: WHITE
23 MAR 2018 Alert Number ME-000092-TT WE NEED YOUR HELP! If you find any of these indicators on your networks, or have related information, please contact FBI CYWATCH immediately. Email: cywatch@ic.fbi.gov
More informationThe Mechanics of Cyber Threat Information Sharing
The Mechanics of Cyber Threat Information Sharing Session 229, February 23, 2017 Denise Anderson, President, National Health Information Sharing and Analysis Center (NH-ISAC) Julie Connolly, Principal
More informationThe Human Exploitation Kill Chain
SESSION ID: STR-T09R The Human Exploitation Kill Chain Ira Winkler President Secure Mentem @irawinkler The Problem The human is considered the weakest link Anytime a user fails, it is considered an awareness
More informationThe Rise of the Purple Team
SESSION ID: AIR-W02 The Rise of the Purple Team Robert Wood Head of Security Nuna @robertwood50 William Bengtson Senior Security Program Manager Nuna @waggie2009 Typical Team Responsibilities Red Vulnerability
More informationCyber security tips and self-assessment for business
Cyber security tips and self-assessment for business Last year one in five New Zealand SMEs experienced a cyber-attack, so it s essential to be prepared. Our friends at Deloitte have put together this
More informationHPE Security ArcSight Connectors
HPE Security ArcSight Connectors SmartConnector for Barracuda Firewall NG F- Series Syslog Configuration Guide October 17, 2017 Configuration Guide SmartConnector for Barracuda Firewall NG F-Series Syslog
More informationHow to use cyber kill chain model to build cybersecurity?
How to use cyber kill chain model to build cybersecurity? Ireneusz Tarnowski Wroclaw Centre for Networking and Supercomputing, Wroclaw University of Science and Technology, Wybrzeze Wyspianskiego 27, 50-370
More informationConverged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products
Converged security Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products Increased risk and wasted resources Gartner estimates more than $1B in
More informationwith Advanced Protection
with Advanced Email Protection OVERVIEW Today s sophisticated threats are changing. They re multiplying. They re morphing into new variants. And they re targeting people, not just technology. As organizations
More information5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief
5 Trends That Will Impact Your IT Planning in 2012 Layered Security Executive Brief a QuinStreet Excutive Brief. 2011 Layered Security Many of the IT trends that your organization will tackle in 2012 aren
More informationLive Adversary Simulation: Red and Blue Team Tactics
SESSION ID: HTA-T06 Live Adversary Simulation: Red and Blue Team Tactics James Lyne Head of R&D SANS Institute @JamesLyne Stephen Sims Security Researcher & Fellow SANS Institute @Steph3nSims Agenda 2
More informationAn Operational Cyber Security Perspective on Emerging Challenges. Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL)
An Operational Cyber Security Perspective on Emerging Challenges Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL) Johns Hopkins University Applied Physics Lab (JHU/APL) University
More informationEliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat
WHITE PAPER Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat Executive Summary Unfortunately, it s a foregone conclusion that no organisation is 100 percent safe
More informationThe Credential Phishing Handbook. Why It Still Works and 4 Steps to Prevent It
The Credential Phishing Handbook Why It Still Works and 4 Steps to Prevent It Introduction Phishing is more than 20 years old, but still represents more than 90% of targeted attacks. The reason is simple:
More informationCOMPUTER NETWORK SECURITY
COMPUTER NETWORK SECURITY Prof. Dr. Hasan Hüseyin BALIK (9 th Week) 9. Firewalls and Intrusion Prevention Systems 9.Outline The Need for Firewalls Firewall Characterictics and Access Policy Type of Firewalls
More informationCIH
mitigating at host level, 23 25 at network level, 25 26 Morris worm, characteristics of, 18 Nimda worm, characteristics of, 20 22 replacement login, example of, 17 signatures. See signatures SQL Slammer
More informationCertified Ethical Hacker (CEH)
Certified Ethical Hacker (CEH) COURSE OVERVIEW: The most effective cybersecurity professionals are able to predict attacks before they happen. Training in Ethical Hacking provides professionals with the
More informationPrecisionAccess Trusted Access Control
Data Sheet PrecisionAccess Trusted Access Control Defeats Cyber Attacks Credential Theft: Integrated MFA defeats credential theft. Server Exploitation: Server isolation defeats server exploitation. Compromised
More informationHPE Security ArcSight Reputation Security Monitor Plus (RepSM Plus)
HPE Security ArcSight Reputation Plus (RepSM Plus) Software Version: 1.6 RepSM Plus Solution Guide February 6, 2017 Legal Notices Warranty The only warranties for Hewlett Packard Enterprise products and
More informationCloudSOC and Security.cloud for Microsoft Office 365
Solution Brief CloudSOC and Email Security.cloud for Microsoft Office 365 DID YOU KNOW? Email is the #1 delivery mechanism for malware. 1 Over 40% of compliance related data in Office 365 is overexposed
More informationThanks for attending this session on April 6 th, 2016 If you have any question, please contact Jim at
Thanks! Thanks for attending this session on April 6 th, 2016 If you have any question, please contact Jim at jim@stickleyonsecurity.com Don t forget to checkout Stickley on Security and learn about our
More informationTHE ACCENTURE CYBER DEFENSE SOLUTION
THE ACCENTURE CYBER DEFENSE SOLUTION A MANAGED SERVICE FOR CYBER DEFENSE FROM ACCENTURE AND SPLUNK. YOUR CURRENT APPROACHES TO CYBER DEFENSE COULD BE PUTTING YOU AT RISK Cyber-attacks are increasingly
More informationUnderstanding Cisco Cybersecurity Fundamentals
210-250 Understanding Cisco Cybersecurity Fundamentals NWExam.com SUCCESS GUIDE TO CISCO CERTIFICATION Exam Summary Syllabus Questions Table of Contents Introduction to 210-250 Exam on Understanding Cisco
More informationGoogle on BeyondCorp: Empowering employees with security for the cloud era
SESSION ID: EXP-F02 Google on BeyondCorp: Empowering employees with security for the cloud era Jennifer Lin Director, Product Management, Security & Privacy Google Cloud What is BeyondCorp? Enterprise
More informationSecuring IEDs against Cyber Threats in Critical Substation Automation and Industrial Control Systems
Securing IEDs against Cyber Threats in Critical Substation Automation and Industrial Control Systems Eroshan Weerathunga, Anca Cioraca, Mark Adamiak GE Grid Solutions MIPSYCON 2017 Introduction Threat
More informationRSA NetWitness Suite Respond in Minutes, Not Months
RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations
More informationNISTCSF.COM. NIST Cybersecurity Framework (NCSF) Workforce Development Solutions
NISTCSF.COM NIST Cybersecurity Framework (NCSF) Workforce Development Solutions AGENDA The Cybersecurity Threat Landscape The Cybersecurity Challenge NIST Cybersecurity Framework NICE Cybersecurity Workforce
More informationACS-3921/ Computer Security And Privacy. Chapter 9 Firewalls and Intrusion Prevention Systems
ACS-3921/4921-001 Computer Security And Privacy Chapter 9 Firewalls and Intrusion Prevention Systems ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been
More informationTrain as you Fight: Are you ready for the Red Team?
Train as you Fight: Are you ready for the Red Team? An inside look at Red Teaming Yves Morvan Twitter: @morvan_yves Email: Yves@securenorth.ca Agenda Introduction What is Red Teaming? VA s vs. Penetration
More informationOperationalizing your Security Data. Presenter: Lee Imrey Splunk, Security Market Specialist
Operationalizing your Security Data Presenter: Lee Imrey Splunk, Security Market Specialist Agenda Introduction Basics Using the right tools for the jobs Identifying (and Exploring) Data Sources Investigation
More informationADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY
ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY OUTLINE Advanced Threat Landscape (genv) Why is endpoint protection essential? Types of attacks and how to prevent them
More informationWhitepaper. Advanced Threat Hunting with Carbon Black Enterprise Response
Advanced Threat Hunting with Carbon Black Enterprise Response TABLE OF CONTENTS Overview Threat Hunting Defined Existing Challenges and Solutions Prioritize Endpoint Data Collection Over Detection Leverage
More informationThought-provoking and inspiring. Michael Cloppert Chief Research Analyst, Lockheed Martin CIRT The George Washington University
Thought-provoking and inspiring Michael Cloppert Chief Research Analyst, Lockheed Martin CIRT The George Washington University CTI Problem Spectrum (by abstraction) Mo CTI, Mo Problems CTI Organizational
More informationAre we breached? Deloitte's Cyber Threat Hunting
Are we breached? Deloitte's Cyber Threat Hunting Brochure / report title goes here Section title goes here Have we been breached? Are we exposed? How do we proactively detect an attack and minimize the
More informationUTOPIA FRAMEWORK - TOKENIZATION CONCEPTS The Case for Tokenization
UTOPIA FRAMEWORK - TOKENIZATION CONCEPTS The Case for Tokenization Abstract Target/Victim modeling is as important as Adversary/Attacker modeling. Automated Tokenization allows us to share categorical
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationNISTCSF.COM. NIST Cybersecurity Framework (NCSF) Workforce Development Solutions
NISTCSF.COM NIST Cybersecurity Framework (NCSF) Workforce Development Solutions AGENDA The Cybersecurity Threat Landscape The Cybersecurity Challenge NIST Cybersecurity Framework NICE Cybersecurity Workforce
More informationCyber Threat Landscape April 2013
www.pwc.co.uk Cyber Threat Landscape April 2013 Cyber Threats: Influences of the global business ecosystem Economic Industry/ Competitors Technology-led innovation has enabled business models to evolve
More information10/11/2016 WHYWE RE HERE AGENDA. What It Means For Your Future. Threat Landscape. Social Engineering. - Phishing. - Pretexting.
2 What It Means For Your Future Managed IT & Cybersecurity. DoneBetter. AGENDA Threat Landscape Social Engineering - Phishing - Pretexting Targeting Process Attackers Take The Easiest Route Brilliance
More informationTeradata and Protegrity High-Value Protection for High-Value Data
Teradata and Protegrity High-Value Protection for High-Value Data 12.16 EB7178 DATA SECURITY Table of Contents 2 Data Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:
More informationPrescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC
Prescriptive Security Operations Centers Leveraging big data capabilities to build next generation SOC Cyber Security Industry in constant renewal in 2016 and 2017 1 Tbps Mirai IoT Botnet broke the Internet
More informationRemediating Targeted-threat Intrusions
Remediating Targeted-threat Intrusions Jim Aldridge Introduction Successfully remediating a targeted intrusion by a persistent adversary requires a different approach from that applied to non-targeted
More informationACM Retreat - Today s Topics:
ACM Retreat - Today s Topics: Phase II Cyber Risk Management Services - What s next? Policy Development External Vulnerability Assessment Phishing Assessment Security Awareness Notification Third Party
More informationIntroduction to Information Security Dr. Rick Jerz
Introduction to Information Security Dr. Rick Jerz 1 Goals Explain the various types of threats to the security of information Discuss the different categorizations of security technologies and solutions
More informationSRX als NGFW. Michel Tepper Consultant
SRX als NGFW Michel Tepper Consultant Firewall Security Challenges Organizations are looking for ways to protect their assets amidst today s ever-increasing threat landscape. The latest generation of web-based
More informationForeScout ControlFabric TM Architecture
ForeScout ControlFabric TM Architecture IMPROVE MULTI-VENDOR SOLUTION EFFECTIVENESS, RESPONSE AND WORKFLOW AUTOMATION THROUGH COLLABORATION WITH INDUSTRY-LEADING TECHNOLOGY PARTNERS. The Challenge 50%
More informationPhishing Discussion. Pete Scheidt Lead Information Security Analyst California ISO
Phishing Discussion Pete Scheidt Lead Information Security Analyst California ISO 2 Phish What is Phishing Types of Phish 3 Phish What is Phishing Attackers (Phishers) would email (cast their nets) far
More informationCompTIA. SY0-401 EXAM CompTIA Security+ Certification Exam. m/ Product: Demo. For More Information:
Page No 1 https://www.dumpsplanet.com m/ CompTIA SY0-401 EXAM CompTIA Security+ Certification Exam Product: Demo For More Information: SY0-401-dumps Page No 2 Question: 1 Which of the following components
More informationHP HP0-M54. ArcSight ESM Security Analyst. Version: 4.0
HP HP0-M54 ArcSight ESM Security Analyst Version: 4.0 QUESTION NO: 1 Which statement is true about inline filters? A. An inline filter applies only to its current Active Channel. B. An inline filter applies
More informationExternal Supplier Control Obligations. Cyber Security
External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place
More informationBehavioral Analytics A Closer Look
SESSION ID: GPS2-F03 Behavioral Analytics A Closer Look Mike Huckaby VP, Global Systems Engineering RSA The world is full of obvious things which nobody by any chance ever observes. Sherlock Holmes 2 Patterns
More informationInternet had lots of examples and tutorials for specific or advanced dashboards Top 10 lists of other things were easy to find But no dashboard Top
Internet had lots of examples and tutorials for specific or advanced dashboards Top 0 lists of other things were easy to find But no dashboard Top 0 list Which led to... Quick Win, Industry Agnostic, SIEM
More informationVictorious warriors win first and then go to war, while defeated warriors go to war first and then seek to win. Sun Tzu, The Art of War
Victorious warriors win first and then go to war, while defeated warriors go to war first and then seek to win Sun Tzu, The Art of War Introduction About me: James Houston II I am the Managing Director
More informationEFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave
EFFECTIVELY TARGETING ADVANCED THREATS Terry Sangha Sales Engineer at Trustwave THE CHALLENGE PROTECTING YOUR ENVIRONMENT IS NOT GETTING EASIER ENDPOINT POINT OF SALE MOBILE VULNERABILITY MANAGEMENT CYBER
More informationStandard Content Guide
Standard Content Guide Express Express 4.0 with CORR-Engine March 12, 2013 Copyright 2013 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession,
More informationHP Data Protector Media Operations 6.11
HP Data Protector Media Operations 6.11 Getting started This guide describes installing, starting and configuring Media Operations. Copyright 2009 Hewlett-Packard Development Company, L.P. Part number:
More informationModern Cyber Defense with Automated Real-Time Response: A Standards Update
SESSION ID: AIR-F01 Modern Cyber Defense with Automated Real-Time Response: A Standards Update Bret Jordan Director of Security Architecture Symantec @jordan_bret Joe Brule Executive Director OpenC2 Forum
More informationPart 2: How to Detect Insider Threats
Part 2: How to Detect Insider Threats Amichai Shulman Chief Technology Officer Imperva Amichai Shulman CTO, Imperva Speaker at Industry Events RSA, Appsec, Info Security UK, Black Hat Lecturer on information
More information