Leveraging Open-Source Intelligence (OSINT)

Transcription

1 Leveraging Open-Source Intelligence (OSINT) How Social Footprints Lead to Cyber Risk Chris Coryea International Cyber Intelligence Services Manager 2017 LEIDOS. ALL RIGHTS RESERVED. The wording LEIDOS used throughout is a registered trademark in the U.S. Patent and Trademark Office owned by Leidos, Inc.

2 I have Defender DNA. I am determined to continuously learn from the past. I leverage my relentless drive to understand the ever-evolving threat landscape and solve the continuous challenges waged by our cyber enemies.

3 400M users 1B posts/day 2.5 Exabytes data/day 500M tweets/day 2016 LEIDOS. ALL RIGHTS RESERVED. PROPRIETARY

4 2016 LEIDOS. ALL RIGHTS RESERVED. PROPRIETARY

5 1 Analyst / 5 Hours 2016 LEIDOS. ALL RIGHTS RESERVED. PROPRIETARY

6 Cybersecurity Footprint: Exposing your Strategy Network Implementation Engineer September 2012 Present (3 years 5 months)..fireeye Lead Architect System Architect January 2009 Present (7 years 1 month) April 2010 Present (5 years 11 months)..global FireEye Mandiant currently working on designing the architecture for a global implementation of FireEye Threat Prevention (ETP) solution inline for 2016 working as lead architect on deployment of FireEye Mandiant solution globally Project Manager June 2014 Present (1 year 9 months) Security Analyst May 2013 Present (2 years 9 months) Lead Architect April 2010 Present (5 years 11 months).. 4M endpoint... SOC Analyst in London..Global FireEye Mandiant Initiative Location Time Frame Budget User Awareness Middle East 1 year 1.5M Security Architect October 2014 Present (1 years 4 months).. 4M endpoint. Advanced Security Project Global Manager 1 year N/A June 2014 Present (1 year 9 months) Solution Engineer July 2011 Present (5 years 7 months) Mobile Security United States 2 years 4M 2016 endpoint. Endpoint Security Global 1 year 4M managing 4m+ project to roll out new endpoint security across the enterprise in 2016 Application Security Global 3 years 8M SOC Transformation (20 staff) London 2 years 15M initiative involves a monthly project resource budget in excess of 200k, entails management of a team of 3 other Project Managers and numerous Business Analysts, Architects, Subject Matter Experts and stakeholders Supply Chain Security AsiaPac 3 years 5M Hybrid Cloud Security N/A 2 years 11M Human Resources March 2009 Present (7 years).. 2 year, 15M SOC Security Analyst January 2016 Present (1 month).. Joined SOC team in 2016 Human Resources March 2009 Present (7 years) the successful candidate will be responsible for leading a team of 20 analysts located at SOC based in London overseeing [company s] 2 year, 15M SOC transformation 2016 Lockheed Martin Corporation. All rights reserved.

7 Cybersecurity Footprint: Exposing your Technology Network Implementation Engineer September 2012 Present (3 years 5 months) My role responsibilities are business-a-usual tasks and small projects: LAN: Small configurations on Cisco switches and routers (access and trunk ports, VLANs with HSRP, VPC) Small projects such as new switch landing and configuration (Nexus 5K, Nexus 2K) Firewall: Small firewall changes on Juniper, Checkpoint and FortiGate firewalls (rules, routes, NAT) Management of DNS and DHCP services through Infoblox Grid Manager Network Security Specialist April 2012 Present (3 years 10 months) Working with the Security Operations Centre on a wide range of technologies including: McAfee IDS / IPS product suite BeCrypt Enterprise Manager Symantec Scan Engine Products Checkpoint IPS software blade technology Juniper IDP Devices Additionally I take a part in organizing knowledge sharing sessions for my colleagues, interns, apprentices.

8 Cybersecurity Footprint: Exposing your Technology Antivirus & Endpoint ACME Protection Adversaries can: Symantec an Anvil Corporation Symantec Endpoint Firewalls Scan/Protection Protection Firewalls: Engine Palo Alto, Juniper SRX Lumension Juniper NetScreen LogRhythm (1) Palo Alto Firescope McAfee Checkpoint Load Balancing: F5 LTM & GTM Netbrain learn where current RSA Envision TTPs Sidewinder (includes some & Messaging Protection Zabbixwill be most effective inmon Traffic Imperva Nokia appliances) Network Implementation External Engineer Proxies: BlueCoat 5G Corvil Network Security Specialist Sentinel SecureSphere McAfee IronMail Symantec Observium Fortinet September 2012 Present (3 years 5 months) April 2012 Present (3 years 10 months) (WAF) FireEye MPS BrightMail F5 Enterprise (2) CA ehealth Cisco ASA IDS & IDP: TippingPoint Infoblox My role responsibilities FortiGate are business-a-usual tasks and small Working with the Security Manager Operations construct Centre attacks on a wide to avoid range of Lucent ArcSight projects: Huawei technologies including: Antivirus & Endpoint Protection: FireEye WebMPS Palo or Alto subvert Panorama known security LAN: Small configurations on Cisco switches and McAfee IDS / IPS product suite Load routers Balancing (access and trunk ports, (malware), VLANs with McAfee Proxies HSRP, Endpoint Protection Suite BeCrypt Enterprise Manager measures VPC) BlueCoat McAfee Symantec Scan Engine Authentication Products & Application Small projects Delivery such as new switch s: landing WebSense McAfee and Endpoint Protection VMWare Suite ESX Checkpoint IPS BeCrypt software blade technology (3) F5 BIG-IP: configuration (Nexus 5K, Nexus 2K) Juniper IDP Devices Catapan Cisco Identify LTM/GTM, Firewall: Small firewall changes on Juniper, exploit vulnerabilities Vasco Enterprise Checkpoint Citrix NetScaler + Nexus Cisco Routers and Switches Services Engine CGX InfoExpress Manager, VIPRION and FortiGate Foundry firewalls ServerIron Intrusion Detection & Prevention (ISE) (rules, routes, NAT) NAC + ArcSight for analysis of external security threats Management of DNS and DHCP services through (hardware) McAfee IDS, IPS Juniper IDP Aruba ClearPass Infoblox Grid Manager Suite SourceFire CheckPoint IPS Additionally I take a part in organizing knowledge TippingPoint sharing sessions for my colleagues, interns, apprentices. Security Monitoring & Management

9 Executive Footprint: Exposing your Company & Family Private social media accounts Separation of work & personal life Private & public social media accounts Mix of work & personal life Public social media accounts Association between work & personal life 2016 Lockheed Martin LOW Corporation. RISK All rights reserved. MEDIUM RISK HIGH RISK 2016 Lockheed Martin Corporation. All rights reserved.

10 Executive Footprint: Exposing your Company & Family 16 Executives, 30 Accounts: 94% LinkedIn 63% Twitter 31% Facebook Exposure: Detailed information on conferences and business travel Detailed resume/cv public on LinkedIn Friends public on Facebook LOW RISK MEDIUM RISK HIGH RISK 2016 Lockheed Martin Corporation. All rights reserved.

11 Executive Footprint: Exposing your Company & Family John Doe CEO ACME ANVIL CORPORATION Twitter Twitter LinkedIn Facebook Facebook YouTube Pinterest John Doe CEO Jane Doe Jane Doe Father tweets daughter from his work account Jane consistently tweets her location and activities Detailed CV/resume information listed publically Account is public, bio list numerous interests, friends are also public Friends list is public and using same picture as business profile Account is private but links to Facebook account HIGH Account is public and links to Facebook account LOW RISK MEDIUM RISK HIGH RISK Lockheed Lockheed Martin Martin Corporation. Corporation. All All rights rights reserved. reserved.

12 Open-Source Intelligence (OSINT): Scope of Capabilities Technology and Strategy Exposure Executive Footprint Geopolitical Predictions Supply Chain Internet of Things (IoT)

13 Know the scope of intelligence publically available to your adversaries Understand how the aggregation of this intelligence can expose your vulnerability landscape Leverage OSINT to monitor and mitigate your exposure

14 Thank you. Questions and Discussion