ISSP - Information Systems Security Partners

Similar documents
BUILDING AND MAINTAINING SOC

OPERATIONS CENTER. Keep your client s data safe and business going & growing with SOC continuous protection

locuz.com SOC Services

May the (IBM) X-Force Be With You

Gujarat Forensic Sciences University

RSA NetWitness Suite Respond in Minutes, Not Months

Course overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

CCISO Blueprint v1. EC-Council

Ingram Micro Cyber Security Portfolio

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Certified Cyber Security Specialist

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

CyberSecurity Training and Capacity Building: A Starting Point for Collaboration and Partnerships. from the most trusted name in information security

Kaspersky Industrial Cybersecurity Training Program

Arbor Networks Spectrum. Wim De Niel Consulting Engineer EMEA

EC-Council C EH. Certified Ethical Hacker. Program Brochure

Certified Ethical Hacker (CEH)

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:

Cybersecurity for Service Providers

A Risk Management Platform

CYBER SOLUTIONS & THREAT INTELLIGENCE

Question 1: What steps can organizations take to prevent incidents of cybercrime? Answer 1:

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

IT Security Mandatory Solutions. Andris Soroka 2nd of July, RIGA

IBM Security Vaš digitalni imuni sistem. Dejan Vuković Security BU Leader South East Europe IBM Security

to Enhance Your Cyber Security Needs

Prescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

The Internet of Everything is changing Everything

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

Evolution Of Cyber Threats & Defense Approaches

CompTIA CSA+ Cybersecurity Analyst

Cyber Security Technologies

Are we breached? Deloitte's Cyber Threat Hunting

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Securing Your Most Sensitive Data

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

Incident Response Services

EC-Council Certified Incident Handler v2. Prepare to Handle and Respond to Security Incidents EC-COUNCIL CERTIFIED INCIDENT HANDLER 1

From Managed Security Services to the next evolution of CyberSoc Services

The Modern SOC and NOC

2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along

AT&T Endpoint Security

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Building an Effective Threat Intelligence Capability. Haider Pasha, CISSP, C EH Director, Security Strategy Emerging Markets Office of the CTO

Automated Threat Management - in Real Time. Vectra Networks

ForeScout ControlFabric TM Architecture

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

Building Resilience in a Digital Enterprise

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

Security. Protect your business from security threats with Pearl Technology. The Connection That Matters Most

SIEMLESS THREAT DETECTION FOR AWS

WHITE PAPER. Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale

White Paper. How to Write an MSSP RFP

Noam Ikar R&DVP. Complex Event Processing and Situational Awareness in the Digital Age

TRUE SECURITY-AS-A-SERVICE

RSA INCIDENT RESPONSE SERVICES

CCNA Cybersecurity Operations 1.1 Scope and Sequence

How technology changed fraud investigations. Jean-François Legault Senior Manager Analytic & Forensic Technology June 13, 2011

Security Terminology Related to a SOC

The Cyber Threat. Bob Gourley, Partner, Cognitio June 22, How we think. 1

Unlocking the Power of the Cloud

to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large

Implementing Cisco Cybersecurity Operations

RSA INCIDENT RESPONSE SERVICES

Threat Detection and Mitigation for IoT Systems using Self Learning Networks (SLN)

Mark Littlejohn June 23, 2016 DON T GO IT ALONE. Achieving Cyber Security using Managed Services

ITU CBS. Digital Security Capacity Building: Role of the University GLOBAL ICT CAPACITY BUILDING SYMPOSIUM SANTO DOMINGO 2018

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

CYBER SECURITY TRAINING

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

Security+ SY0-501 Study Guide Table of Contents

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

IT Technician Pathways Course Guide

Cisco Networking Academy CCNA Cybersecurity Operations 1.1 Curriculum Overview Updated July 2018

Best Practices in Securing a Multicloud World

Ten Ways to Prepare for Incident Response

C T I A CERTIFIED THREAT INTELLIGENCE ANALYST. EC-Council PROGRAM BROCHURE. Certified Threat Intelligence Analyst 1. Certified

Microsoft Security Management

THE ACCENTURE CYBER DEFENSE SOLUTION

Course 831 Certified Ethical Hacker v9

PROTECTION FOR WORKSTATIONS, SERVERS, AND TERMINAL DEVICES ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

New York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief

SECURITY+ COMPETITIVE ANALYSIS 1. GIAC GSEC 2. (ISC)2 SSCP 3. EC-COUNCIL CEH

EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security

CyberVista Certify cybervista.net

EC-Council C EH. Certified Ethical Hacker. Program Brochure

Cybersecurity Roadmap: Global Healthcare Security Architecture

Security analytics: From data to action Visual and analytical approaches to detecting modern adversaries

Building the Cybersecurity Workforce. November 2017

Suma Soft s IT Risk & Security Management Solutions for Global Enterprises

WHITEPAPER ATTIVO NETWORKS DECEPTION TECHNOLOGY FOR MERGERS AND ACQUISITIONS

Expert Reference Series of White Papers. Cisco Completes the Security Picture with Sourcefire

Transcription:

Information Systems Security Partners ISSP - Information Systems Security Partners Использование коммерческого SOC для построения информационной защиты предприяти About ISSP

Company Background Founded 2008 in Ukraine, Now has offices in 3 countries, own SOC, Research & Forensics Lab, Training Center and CERT 50+ employees, business in 7 countries of CEE. Internationally recognized expertise. Purely organic growth since 2008 onwards no debts, no bank or corporate loans, no VCs.

Information Systems Security Partners ISSP has the following business divisions ISSP Security Operations Center provides MSS and MDR service, as well as worldclass technical support for ISSP corporate customers: administrators 8х5, operators 10х6, and on-demand analytics, established 2012 ISSP Labs & Research Center specializes in analysis of computer viruses, challenging tasks of computer forensics, provides research labs facilities for cybersecurity students and scientists, established 2015 ISSP Training Center conducts professional trainings for corporate customers in-house specialists including but not limited to certified product based trainings and professional certification programs, established 2013 About ISSP

Sales / Project Office Technical Office Support Desk & SOC Operators SOC Datacenter Lab & CERT Training Center Facilities

Data for sale Attack as a service Botnet services Malware / Trojans Bank Accounts Payment cards Documents 2,1 Trillion in 2019

Information Systems Security Partners

Banking industry attack vectors IT E-banking ATM / POS Card Social Engineering Internal (Whitebox) Accounts Hijacking Direct Dispense Card Dump Vishing External (Blackbox) Sessions hijacking Malware Card not present Social Networks Advanced Persistent Threat Phishing Skimming Offline overdrafts Phishing

Information Systems Security Partners

> Advanced Persistent Threat a set of stealthy and continuous computer hacking processes, often orchestrated by human targeting a specific entity.

SANDBOX FIREWALL

# 14 / 07 / 2016 1000+ emails were released to various organizations in Ukraine

MS Word has embedded macro Sandbox Evasion IOC`s: HTTP 62.210.102.80 elfaroconsultants.com elfaroconsultants.com/ elfaroconsultants.com//r_upload elfaroconsultants.com//wp-admin/post.php elfaroconsultants.com/bug/pic.gif?siteid elfaroconsultants.com/din.aspx?s=0000000 elfaroconsultants.com/p?c1=2&c2=13765216 elfaroconsultants.com/pagestat/pagestate elfaroconsultants.com/safari/content.bin elfaroconsultants.com/t51.2885-15/e35/p2 elfaroconsultants.com/tracker?js=13;id=1 elfaroconsultants.com/wpad.dat wtfismyip.com:443 shougunj.com:80 69.30.217.90:443 52.23.245.170:80

The User is the Weakest Link

The User is the Weakest Link

Penetration throw AntiSpam

Penetration throw AntiSpam

Intrusion as a Service Information Systems Security Partners

SANDBOX FIREWALL

HANCITOR+VAWTRAK 2014 82 K PC s were infected, 24 M $ were stolen just in Japan

Извлечение кода Этот элемент Заполнение

Is it Rubic s Cube

Другие средства SANDBOX FIREWALL

Windows 2003 server end of life 13 June 2010 ; Взлом пароля состоящий из 14 символов, при наличии LM-хеша, занял всего 40 секунд! 316 учётных записей содержали LM-hash их взлом занял 2 часа 38 минут!

МИФЫ: Какое же решение? SANDBOX FIREWALL Другие средства

Information Systems Security Partners

Information Systems Security Partners

Toolset example Information Systems Security Partners

6 month from intrusion to blackout 14 min

Hackers Spend 200+ Days Inside Before Discovery

The result of internal recon Information Systems Security Partners

Attackers know more about us than ever..

The lines between Insiders and Outsiders are blurred. Everyone is an Insider...

Isolated security simply don`t work!

Assume Compromise Detect & Respond Faster Not just IT OT, IOT, Physical Increased Regulation

SOC - security operation center

Logs collection Event Management Context Correlation SOC Services

Security Operations People Center Processes Technologies Business

EC-Council Certified Incident Handler EC-Council Certified Security Analyst EC-Council Computer Hacking Forensic Investigator EC-Council Certified Network Defender SANS 511.1 Security Operations Centers, and Security Architecture Certified Information Systems Security Professional (CISSP) ISO27001 Implementer, Lead Auditor Practice & Experience Formal Training HPE ArcSight ESM Security Administrator and Analyst Cisco CCNA, CCNP Security, Cybersecurity Specialist Advanced Vulnerability Management (AVM) MS Installing and Configuring Windows Server 2012 MS Administering Windows Server 2012 Essentials of Linux System Administration Linux Foundation Certified Engineer Cluster Analysis in Data Mining Data Science at Scale using Spark and Hadoop Python, R, Java Professional Trainings People Vendor Training

Information Systems Security Partners Active Involvement in Global Cybersecurity Community Global CERT initiative: ISSP is a member of FIRST (a global Forum of Incident Response and Security Teams), registration will complete by DEC 2017. Global Forensics initiative: ISSP is a Founding member of CIF (Cybercrime Investigation Forum) an International NGO with HQ in Tokyo Global Research initiative: Cooperation with Cybersecurity Research Organizations and Universities (TALOS, MIT, Dartmouth, SANS Institute, Honeywell SOC ) About ISSP

Information Systems Security Partners Global Visibility ISSP has been featured by: Wired, BBC, WSJ, Reuters, Channel Asia, 10Ch Israel, Liberation, etc. Confirmed speaking (Sep-Dec 2017): Warsaw, Dublin, Prague, Stockholm, Marrakesh, Almaty, London, Kyiv, Tokyo, Boston About ISSP

Lessons Learned Monitoring Recovery Processes Detection Eradication Containment

Technological Processes Change Management System Administration Data Acquisition & Data Correlation & Data Storing Data Delivery and Data Visualization Operational Processes Incident Handling Daily Operations Incident Management Case Management Incident Forensic and Reporting Analytical Processes Analysis : Operational / Incident / Context Hidden Incident Detection Organizational Relations Knowledge and Context (TI, TA, OSINT)

System Logs Network Flow Network Traffic Endpoint Details Security Events Technology: Infrastructure Communications SIEM: RTT Analysis DWH: Data Analytics Data Visualization Asset Context Identity Context Vulnerabilities Context Historical Context Threat Intelligence

HR: Operators Administrators Analytics 2 shifts 4 FTE 12 FTE Operations: (region Ukraine) 10x6

Help Desk Operator Junior Analyst Senior Analyst Junior Administrator Senior Administrator Expert Process Developer SOC Manager Service Manager Account Manager Customer Analyst Customer Expert Customer Service Manager

Состояние инфраструктуры постоянно изменяется

Peer to peer dynamic profiling 1/2

Internal context: anomalies detection: services profiling 2/2

Internal context: anomalies detection: network profiling

Internal context: anomalies detection: services profiling 1/2

External context IOC`s exchange Reverse engineering

Peer to peer dynamic profiling

Usecase # 4: value for money > Financial Benefits

On-Premises SIEM VS. Managed SIEM 4

4x Investment Efficiency (ROI) 5x NPV efficiency TCO : NPV 10x efficiency

3 Steps to start Forensic IOC`s mining Security Audit Actionable Controls

Forensic Indicators of Compromise Threat propagation map Attacks attempts Malicious activity Anomalies

Audit Infrastructure technical audit Integrity Configuration Accounting Protection Network Apps Compliance audit General Frameworks / Policies Industry Standards Processes Data

Information Systems Security Partners Expertise - Technologies Expertise -Services NETWORK PROTECTION - Security Gateways - Intrusion Prevention - Web & Email Filtering - Management & Monitoring - Wireless Security SYSTEM SECURITY - Complex Security - Mobile Devices Protection - Virtual Environment Security - Antivirus & Antispyware - Device, protocol and application control APPLICATION PROTECTION - Web-Applications Protection - Databases Security - Vulnerability Management - Application Management DATA PROTECTION - Data Leakage Prevention - Encryption & Digital Signature - Mobile Data Protection - Archiving & backup ACCESS CONTROL - Multifactorial Authentication - Remote Access - Role and account management - PKI SECURITY MANAGEMENT - Events & Incidents Management - Policies monitoring and enforcement - Risk Control & Compliance - Change Control MSS & MDR - Network Security - Endpoint Security - Incident Management - Thread Protection - Vulnerabilities Management - Active Response - Forensic and Research PROFESSIONAL SERVICES - Penetration Testing - Technical Audit - Compliance Audit - Consulting - Dynamic Application Analyze - Source Code Assessment ENGINEERING SERVICES - Technologies Integration - Evaluation and Tech Consulting - Technical Support (up to 24x7) - Extended Warranty and NBD service TRAINING SERVICES - Certified Security Trainings - Vendor Trainings - Custom Training Programs - Cybersecurity Special Trainings ADVANCED SERVICES - Cybersecurity forensics - Malware analysis - Research & Investigation About ISSP

AUDIT SOC Services Tech Solutions Prof services IOC`s Discovery Incident Detection ATM Security Compliance as a Service Data Audit Incident Response Counter-FRAUD Compliance Audit Application Security Remediation SCADA Security Consulting OSINT Forensics Access and Behavior Assume Compromise Detect & Respond Faster Not just IT OT, IOT, Physical Increased Regulation

Information Systems Security Partners Competitive Advantages First mover advantage Customers from Ukraine, which in fact became a testing-ground for cyberattacks, and the region connected to ISSP SOC deliver the most recent threat intelligence data continuously enhancing Database. Ecosystem for scaling ISSP`s extensive solutions and services portfolio producing synergy effects and internal intelligence. Maintaining technical operations in Ukraine makes possible to acquire and retain talented engineers at lower costs. World-class expertise ISSP has grew a worldclass expertise in all key cybersecurity by delivering a wide range of cybersecurity services, including industry-specific, like counter-fraud and industrial control systems security.

Information Systems Security Partners Contact us 6 Oleny Telihy St, 04112, Kyiv, Ukraine West Side Business Center Tel:+38 044 594 80 18 www.isspgroup.com About ISSP

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback