ANATOMY OF AN ATTACK!

Similar documents
Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Managing an Active Incident Response Case. Paul Underwood, COO

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

Security Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management

Building Resilience in a Digital Enterprise

Changing face of endpoint security

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

CS 356 Operating System Security. Fall 2013

The GenCyber Program. By Chris Ralph

Presenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.

K12 Cybersecurity Roadmap

ACM Retreat - Today s Topics:

2. INTRUDER DETECTION SYSTEMS

Cisco Cyber Range. Paul Qiu Senior Solutions Architect

Cyber Security Stress Test SUMMARY REPORT

Endpoint Protection : Last line of defense?

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

OA Cyber Security Plan FY 2018 (Abridged)

ABB Ability Cyber Security Services Protection against cyber threats takes ability

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Data Communication. Chapter # 5: Networking Threats. By: William Stalling

Why Should You Care About Control System Cybersecurity. Tim Conway ICS.SANS.ORG

External Supplier Control Obligations. Cyber Security

You will discuss topics related to ethical hacking, information risks, and security techniques which hackers will seek to circumvent.

Take Risks in Life, Not with Your Security

Smart Attacks require Smart Defence Moving Target Defence

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Advanced Ethical Hacking & Penetration Testing. Ethical Hacking

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

The prevent of advanced persistent threat

How Cyber-Criminals Steal and Profit from your Data

Security Audit What Why

HikCentral V1.3 for Windows Hardening Guide

align security instill confidence

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

Catching up with today's malicious actors. Current security posture and future possible actions. OWASP EEE Bucharest Event 2015 Adrian Ifrim

How Breaches Really Happen

Advanced Endpoint Protection

the SWIFT Customer Security

An Operational Cyber Security Perspective on Emerging Challenges. Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL)

IC32E - Pre-Instructional Survey

Security by Default: Enabling Transformation Through Cyber Resilience

Daxko s PCI DSS Responsibilities

QuickBooks Online Security White Paper July 2017

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Cybersecurity Today Avoid Becoming a News Headline

Agenda: Insurance Academy Event

Getting over Ransomware - Plan your Strategy for more Advanced Threats

Application Whitelisting and Active Analysis Nick Levay, Chief Security Officer, Bit9

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo

ENTERPRISE ENDPOINT PROTECTION BUYER S GUIDE

Chapter 4. Network Security. Part I

THE ACCENTURE CYBER DEFENSE SOLUTION

PrecisionAccess Trusted Access Control

Attackers Process. Compromise the Root of the Domain Network: Active Directory

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

Today s Security Threats: Emerging Issues Keeping CFOs Up at Night Understanding & Protecting Against Information Security Breaches

Process System Security. Process System Security

Security Issues and Best Practices for Water Facilities

Education Network Security

Cisco Security Exposed Through the Cyber Kill Chain

A practical guide to IT security

HikCentral V.1.1.x for Windows Hardening Guide

2017 Annual Meeting of Members and Board of Directors Meeting

Service Provider View of Cyber Security. July 2017

Comptia.Certkey.SY0-401.v by.SANFORD.362q. Exam Code: SY Exam Name: CompTIA Security+ Certification Exam

Network Security. Multi-Layer Approach to Security. Protection, Detection, and Remediation. Clay Ostlund Business Development Manager

Strategy is Key: How to Successfully Defend and Protect. Session # CS1, February 19, 2017 Karl West, CISO, Intermountain Healthcare

Cybersecurity The Evolving Landscape

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

Penetration Testing! The Nitty Gritty. Jeremy Conway Partner/CTO

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

Designing and Building a Cybersecurity Program

Critical Hygiene for Preventing Major Breaches

How to Improve Your. Cyber Health. Cybersecurity Ten Best Practices For a Healthy Network

Sage Data Security Services Directory

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Carbon Black PCI Compliance Mapping Checklist

Cyber security tips and self-assessment for business

CIT 480: Securing Computer Systems. Putting It All Together

Cyber Criminal Methods & Prevention Techniques. By

A Measurement Companion to the CIS Critical Security Controls (Version 6) October

IBM Security Network Protection Solutions

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief

Entertaining & Effective Security Awareness Training

SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE

NIST Cybersecurity Framework Protect / Maintenance and Protective Technology

Cyber Security. Our part of the journey

2016 Tri-State CF Partnership Webinar Series. Cyber Crime Trends a State of the Union April 7, 2016

ACS / Computer Security And Privacy. Fall 2018 Mid-Term Review

Information Security Controls Policy

10 FOCUS AREAS FOR BREACH PREVENTION

WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX

The Information Age has brought enormous

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

Transcription:

ANATOMY OF AN ATTACK! Are Your Crown Jewels Safe? Dom Kapac, Security Evangelist

WHAT DO WE MEAN BY CROWN JEWELS? Crown jewels for most organizations are critical infrastructure and data Data is a valuable asset to both individuals and organizations Data is also valuable to hackers who want to get access to it You do not get to choose whether you are a target You are targeted whether you have something of value; or There is the perception that you do

WHAT DO WE MEAN BY CROWN JEWELS? How do hackers accomplish this goal? Compromise of humans, servers, and other systems What are steps you can take to defend against the majority of intrusions? Identify the crown jewels for your organization Identify what security controls are presently in place Determine whether this is consistent with your risk appetite

CYBER KILL CHAIN 1) Reconnaissance: gathering information about the target that will identify the attack vector and make the attack more likely to be successful 2) Weaponization: developing exploits with payloads such as malware and decoys 3) Delivery: phishing attacks, infected websites, USB drives, etc 4) Exploitation: activation of exploit code 5) Installation: delivering payloads, establish persistence and backdoors 6) Command and Control: internal network reconnaissance, understand network architecture, traffic flows 7) Actions on Target: expand compromise, maintain Persistence, ex-filtrate data

CYBER KILL CHAIN

HOW DO HACKERS ACHIEVE ACCESS? Exploiting vulnerabilities found within the code of applications and operating systems Client side or phishing attacks often using social engineering tactics Malware and other payloads

WHAT IS A VULNERABILITY A vulnerability is a flaw or bug in code of applications or systems some vulnerabilities are easier to exploit than others A vulnerability can also be a person who is unaware of security practices (social engineering the human element) This presentation covers vulnerabilities in applications and systems How are vulnerabilities exploited? What tools are used?

WHAT IS AN EXPLOIT? Code that is used to exploit a vulnerability within a system in order to gain access When an exploit is successful, the attacker can drop payloads such as malware Exploits can be used to gain unauthorized access but also to cause a denialof-service condition

WHAT IS A PAYLOAD? A payload is any code or tool that allows interactions with the system after a successful attack This is also referred to as a shell Tools to gain access to other systems within the network Tools to maintain access and extract data Malware

Vulnerability à Exploit à Payload ANATOMY OF AN ATTACK!

HOW TO DEFEND AGAINST THESE ATTACKS! No-one is immune Today s threats are more sophisticated and targeted than ever Doing the basics will prevent 80% of the problems You are likely to be judged more on how you respond to the problem than whether you had an incident

Observe core security principles strong authentication least privilege separation of duties defense in depth non-repudiation HOW TO DEFEND AGAINST THESE ATTACKS! Implement non-technical security controls information security policy, information classification build a risk register and identify crown jewels incident response plan security education and awareness

HOW TO DEFEND AGAINST THESE ATTACKS! Deploy technical security controls firewalls, VPN intrusion prevention web content filtering email content filtering anti-virus hardened systems, disable unnecessary services Hygiene level controls such as the above are not enough multi-factor authentication restrict administrator privileges encryption patch operating systems and applications application white-listing vulnerability scanning

HOW TO DEFEND AGAINST THESE ATTACKS! Other necessary steps change default passwords do not use shared accounts disable unnecessary services enable logging, review logs encrypt sensitive information ensure vendors are adhering to security best practices

NOW FOR THE REAL FUN! <LIVE DEMONSTRATION>

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback