Monthly Cyber Threat Briefing

Similar documents
DHS Cybersecurity: Services for State and Local Officials. February 2017

Federal Civilian Executive branch State, Local, Tribal, Territorial government (SLTT) Private Sector (PS) Unclassified / Business Networks

Education Network Security

Water Information Sharing and Analysis Center

Keys to a more secure data environment

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

Information Security Controls Policy

SECURITY & PRIVACY DOCUMENTATION

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

Homeland Security Perspectives: Oregon Fire District Directors Association October 25, 2018

HIPAA COMPLIANCE WHAT YOU NEED TO DO TO ENSURE YOU HAVE CYBERSECURITY COVERED

Ensuring System Protection throughout the Operational Lifecycle

CSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague

CYBER SECURITY AND MITIGATING RISKS

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

Medical Device Cybersecurity: FDA Perspective

The Common Controls Framework BY ADOBE

Election Infrastructure Security: The How and Why of It

Cyber Risks in the Boardroom Conference

Information Governance, the Next Evolution of Privacy and Security

CYBERSECURITY IN THE POST ACUTE ARENA AGENDA

Cyber Security & Homeland Security:

FRAMEWORK MAPPING HITRUST CSF V9 TO ISO 27001/27002:2013. Visit us online at Flank.org to learn more.

2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report

Altius IT Policy Collection Compliance and Standards Matrix

David Missouri VP- Governance ISACA

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

10/18/2016. Preparing Your Organization for a HHS OIG Information Security Audit. Models for Risk Assessment

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045

HIPAA Security and Privacy Policies & Procedures

Critical Cyber Asset Identification Security Management Controls

CCISO Blueprint v1. EC-Council

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

CyberUSA Government Cyber Opportunities for your Region: The Federal Agenda - Federal, Grants & Resources Available to Support Community Cyber

EXCERPT. NIST Special Publication R1. Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

Altius IT Policy Collection Compliance and Standards Matrix

1. Post for 45-day comment period and pre-ballot review. 7/26/ Conduct initial ballot. 8/30/2010

DHS Election Task Force Updates. Geoff Hale, Elections Task Force

CYBERSECURITY RISK LOWERING CHECKLIST

Real-world Practices for Incident Response Feb 2017 Keyaan Williams Sr. Consultant

Employee Security Awareness Training Program

University of Pittsburgh Security Assessment Questionnaire (v1.7)

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

Cybersecurity. Overview. Define Cyber Security Importance of Cyber Security 2017 Cyber Trends Top 10 Cyber Security Controls

Department of Management Services REQUEST FOR INFORMATION

CYBERSECURITY. Recent OCR Actions & Cyber Awareness Newsletters. Claire C. Rosston

Protecting your data. EY s approach to data privacy and information security

Checklist: Credit Union Information Security and Privacy Policies

Security+ SY0-501 Study Guide Table of Contents

Statement for the Record

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

Defensible Security DefSec 101

Transforming Security Part 2: From the Device to the Data Center

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV

Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey

End-to-End Trust, Segmentation and Segregation in the IIoT

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

NYDFS Cybersecurity Regulations

NEN The Education Network

Digital Health Cyber Security Centre

Does a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA?

Managing IT & Election Systems. U.S. Election Assistance Commission 1

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Sneak Peak at CIS Critical Security Controls V 7 Release Date: March Presented by Kelli Tarala Principal Consultant Enclave Security

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations

Watson Developer Cloud Security Overview

Cyber Security Program

RAPID7 INFORMATION SECURITY. An Overview of Rapid7 s Internal Security Practices and Procedures

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

Designing and Building a Cybersecurity Program

Cybersecurity for Health Care Providers

Information Security Policy

SECURITY PRACTICES OVERVIEW

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

New York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief

Cybersecurity and Hospitals: A Board Perspective

A HIPAA Compliance and Enforcement Update from the HHS Office for Civil Rights Session #24, 10:00 a.m. 11:00 a.m. March 6, 2018 Roger Severino, MSPP,

Incident Response Table Tops

the SWIFT Customer Security

CoreMax Consulting s Cyber Security Roadmap

Welcome to the CyberSecure My Business Webinar Series We will begin promptly at 2pm EDT All speakers will be muted until that time

ISO27001 Preparing your business with Snare

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

Defining Computer Security Incident Response Teams

Defending Our Digital Density.

Security by Default: Enabling Transformation Through Cyber Resilience

CERT Symposium: Cyber Security Incident Management for Health Information Exchanges

Cybersecurity in Government

The Insider Threat Center: Thwarting the Evil Insider

DHS Hackers and the Lawyers Who Advise Them

Homeland Security and Cyber Infrastructure Resilience

Cybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security

Mapping BeyondTrust Solutions to

Cybersecurity The Evolving Landscape

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

PROFESSIONAL SERVICES (Solution Brief)

Transcription:

Monthly Cyber Threat Briefing January 2016 1

Presenters David Link, PM Risk and Vulnerability Assessments, NCATS Ed Cabrera: VP Cybersecurity Strategy, Trend Micro Jason Trost: VP Threat Research, ThreatStream Steve Penn: Sr. Director CSF Education, HITRUST 2

NCCIC/US-CERT: NATIONAL CYBERSECURITY ASSESSMENTS AND TECHNICAL SERVICES CAPABILITY BRIEF 3

NCATS Program Overview Offer Full-Scope Red Team/Penetration Testing Capabilities through two primary programs: Risk and Vulnerability Assessment (RVA) and Cyber Hygiene Focus is on proactive engagements with stakeholders to improve their cybersecurity posture, limit exposure, reduce rates of exploitation Offers a full suite of tailored threat, vulnerability and risk assessment services and penetration testing capabilities to stakeholders Acts as a trusted advisor and provides independent review and recommendations for cybersecurity improvement 4

Objectives and Benefits Provide Enhanced Situational Awareness and Data Visibility to Leadership Types of information: Vulnerabilities Mitigations Operating Systems Applications Trending and Comparison Data Federal, SLTT, PS 5

Stakeholder Groups Federal Civilian Executive Branch State, Local, Tribal, Territorial Government (SLTT) Private Sector (PS) Unclassified / Business Networks FY15 Current Stakeholders Cyber Hygiene Mandatory for Federal Optional for SLTT and PS Service Fed SLTT PS Total RVA 24 10 12 46 Risk and Vulnerability Assessments Optional for Federal, SLTT and PS Cyber Hygiene 126 41 33 200 6

Services and Capabilities Service Description Internal/External to Customer Network Program Vulnerability Scanning Conduct Vulnerability Assessments Both Cyber Hygiene/RVA Penetration Testing Exploit weakness or test responses in systems, applications, network and security controls Both RVA Social Engineering Crafted e-mail at targeted audience to test Security Awareness/Used as an attack vector to internal network External RVA Wireless Discovery & Identification Identify wireless signals (to include identification of rogue wireless devices) and exploit access points Internal RVA Web Application Scanning and Testing Identify web application vulnerabilities Both Cyber Hygiene/RVA Database Scanning Security Scan of database settings and controls Internal RVA Operating System Scanning Security Scan of Operating System to do Compliance Checks (ex. FDCC/USGCB) Internal RVA 7

RVA Process Pre ROE Agency contacted Briefed on NCATS services Service Service is requested Schedule Confirmed ROE Distributed/Agency signs ROE Pre-Assessment Minimum 2 weeks Pre-Assessment Package Distributed Receive Completed Pre-Assessment Package Conduct Pre-Assessment Teleconference Receive Pre-Assessment Artifacts (1 week) Assessment 2 weeks Off-Site Assessment Activities On-Site Assessment Activities Reporting 3 weeks Draft Report Started/Completed Submit Draft Report to Agency Receive Draft Report with Agency Comments Q&A Process Started/Completed Post-Assessment 1 week Final Draft Completed Final Report Delivered to Customer Assessment Out brief 8

Cyber Hygiene Activities Scanning Identify Active hosts, Operating System and Services Vulnerabilities and weaknesses Common configuration errors Improperly signed Domains Expired SSL Certificates Understand how external systems and infrastructure appear to potential attackers Past and Present Use Federal Response to Heartbleed OMB: M-15-01 Identification of publicly available vulnerabilities DHS Binding Operational Directive Individual Stakeholder persistent scans and exposure status 2800+ Reports delivered this Fiscal Year 185 Stakeholders and growing 9

Technical Output: Sample Snapshots 10

Questions? NCATS_INFO@hq.dhs.gov 11

TREND MICRO: DEEP DISCOVERY VARIOUS HEALTH PROVIDER FINDINGS 12

Total Point of Entry Detections: 1 Month Period Health Provider A: 5100 Health Provider B: 1747 Health Provider C: 581 Health Provider D: 1925 Health Provider E: 945510 Health Provider F: 7905 13

Point of Entry Example: Healthcare A Point of Entry 14

Top Malware Detected Example: Healthcare B 15

Multi-Staged Example: Healthcare C 16

Ransomware Example: Healthcare D 17

Malicious Flash Result Example: Healthcare E 18

Trend Micro Threat Connect Trend Micro Threat Connect assisted with the removal of this and many other forms of malware. 19

Questions? 20

Backup Slide 21

THREATSTREAM: EXTORTION TRENDS IN CYBER 22

Cyber Extortion Cyber - of, relating to, or involving computers or computer networks (as the Internet). Merriam-Webster Extortion - The crime of getting money from someone by the use of force or threats. Merriam-Webster 23

Ransomware 24

Mitigating Ransomware Traditional Antivirus Network IDS / IPS Web Filtering Workstation Restrictions Policy Employee Education 25

DDoS Extortion Initial Ransom Email Brief DDoS Attack Follow-up Ransom Email [Example DDoS Extortion Events] Additional DoS Activity 26

Mitigating DDoS Extortion Traditional DoS Mitigation Strategies Identifying potential threat emails Public web monitoring 27

Extortion With Breach Data Targeting Organizations Targeting Individuals 28

Mitigating Extortion With Breach Data Policy Employee Education Review public breach data 29

Monetizing 30

HITRUST: THREAT CORRELATION REPORT 31

CSF Controls Related to Threats CSF Control for Suspicious IP addresses, Command and Control, Infection Vectors Control Reference: *01.i Policy on the Use of Network Services Control Text: Users shall only be provided access to internal and external network services that they have been specifically authorized to use. Authentication and authorization mechanisms shall be applied to users and equipment. Implementation Requirement: The organization shall specify the networks and network services to which users are authorized access. 32

CSF Controls Related to Threats CSF Control for Employee Education Control Reference: *02.e Information Security Awareness, Education and Training Control Text: All employees of the organization and contractors and third party users shall receive appropriate awareness training and regular updates in organizational policies and procedures, as relevant for their job function. Implementation Requirement: Awareness training shall commence with a formal induction process designed to introduce the organization's security and privacy policies, state and federal laws, and expectations before access to information or services is granted and no later than 60 days after the date the employee is hired. Ongoing training shall include security and privacy requirements (e.g., objective, scope, roles and responsibilities, coordination, compliance, legal responsibilities and business controls) 33

CSF Controls Related to Threats CSF Control for Monitoring System Use (network monitoring) Control Reference: *09.ab Monitoring System Use Control Text: Procedures for monitoring use of information processing systems and facilities shall be established to check for use and effectiveness of implemented controls. The results of the monitoring activities shall be reviewed regularly. Implementation Requirement: The organization shall employ automated tools to support near real-time analysis of events and maintain an audit log to track prohibited sources and services. Inbound and outbound communications shall be monitored at an organization-defined frequency for unusual or unauthorized activities or conditions. 34

CSF Controls Related to Threats CSF Control for Network Security Management (network monitoring) Control Reference: *09.m Network Controls Control Text: Networks shall be managed and controlled in order to protect the organization from threats and to maintain security for the systems and applications using the network, including information in transit. Implementation Requirement: Technical controls shall be implemented to safeguard the confidentiality and integrity of covered information passing over the organization's network and to/from public networks. Technical tools and solutions shall be implemented and used to identify the vulnerabilities and mitigate the threats, including intrusion detection system (IDS), and vulnerability scanning. The organization shall employ tools and techniques, such as an IDS, to monitor events on the information system, detect attacks, and provide identification of unauthorized use of the system. 35

CSF Controls Related to Threats CSF Control for malicious attachments Control Reference: *09.j Controls Against Malicious Code Control Text: Detection, prevention, and recovery controls shall be implemented to protect against malicious code, and appropriate user awareness procedures on malicious code shall be provided. Implementation Requirement: Protection against malicious code shall be based on malicious code detection and repair software, security awareness, and appropriate system access and change management controls. 36

CSF Controls Related to Threats CSF Control for Removable Media Control Reference: *09.o Management of Removable Media Control Text: Formal procedures shall be documented and implemented for the management of removable media. Implementation Requirement: The organization shall formally establish and enforce controls for the management of removable media and laptops including restrictions on the type of media and usage, and registration of certain types of media including laptops. (disable autorun, sanitize media before connecting) 37

CSF Controls Related to Threats CSF Control for Vulnerability Patching (Top Exploits) Control Reference: *10.m Control of technical vulnerabilities Control Text: Timely information about technical vulnerabilities of systems being used shall be obtained; the organization's exposure to such vulnerabilities evaluated; and appropriate measures taken to address the associated risk Implementation Requirement: Specific information needed to support technical vulnerability management includes the software vendor, version numbers, current state of deployment (e.g. what software is installed on what systems) and the person(s) within Appropriate, timely action shall be taken in response to the identification of potential technical vulnerabilities. Once a potential technical vulnerability has been identified, the organization shall identify the associated risks and the actions to be taken. Such action shall involve patching of vulnerable systems and/or applying other controls. 38

QUESTIONS? 39

Visit for more information To view our latest documents, visit the Content Spotlight 40

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback