SlideShare une entreprise Scribd logo

The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation Strategies

Lumension
Lumension

APTs have become a major topic of conversation – and in some cases, a critical threat – among IT security departments. But the technology and motivation behind APTs has changed significantly since the introduction of Stuxnet, continuing to evolve rapidly to avoid detection. In this special Dark Reading presentation, a leading expert on the origins and directions of APTs will discuss the changing nature of these sophisticated threats – and how you can prepare your enterprise security environment to detect and mitigate these complex and dangerous attacks.

Technologie
1  sur  41
Télécharger pour lire hors ligne
The Evolution of Advanced Persistent Threats: The Current Risks & Mitigation Strategies Sponsored by
Webcast Logistics Optimize your experience today • Enable pop-ups within your browser • Turn on your system’s sound to hear the streaming presentation • Questions? Submit them to the presenters at anytime on the console • Technical problems? Click ―Help‖ or submit a question for assistance
Featured Presenters Our knowledgeable speakers today are: Tom Parker Paul Zimski Chief Technology Vice President Officer and VP Solution Marketing Security Services Lumension FusionX
Tom Parker - CTO
About the Presenter.. • Tom Parker: CTO & VP Security Services – Dark Reading: Advanced Threats SME/Blogger – Over Fifteen Years Securing Multi-National Corporations and Government Institutions – Author of multiple publications on Information Security and Cyber Actor Profiling – Regular speaker at industry events including Blackhat Briefings and SANS Conferences 3/28/2013 5
Threat-Scape Today • 2012 estimated: $338B cost to Global Economy • US “Hemorrhaging” Intellectual Property • Online Hacktivism has made significant comeback • Generally poor understanding of web based vulnerabilities and threats • Dynamic threat intent ranges from organized crime monetization to national strategic objectives 3/28/2013 6
Threat Time Line 2001: EP3 Spy 2001: 2003: SQL 2000: I Love U Plane Code Red Slammer 2009: Operation 2004: MyDoom 2005: Zotob 2008: Conficker Aurora (Discovered) 2011: Operation 2010: Stuxnet 2010: Comment 2011: DuQu Shady Rat (Discovered) Crew Attacks (Discovered) (Discovered) 2013: Comment 2012: Flame Crew Report (Discovered) (Disclosed) 3/28/2013 7
Change in Technical Focus 1990’s: Network Based Attacks 2001 (Code Red) 2003 (Slammer) 2009 (Aurora) 2011 (Shady Rat) 2012: Client Based Attacks 3/28/2013 8
Attackers Response to Defense • Broad use of firewall products – Focus on ‘hard outer shell’ • Microsoft focus on securing network services • Implementation of DEP/ASLR for Services • Lower Service Profile in Default Configurations – Resulting in less network attack surface • Authentication of MSRPC Services – And disabling of guest/default accounts 3/28/2013 9
APT Who? • Originated from US Air Force (circa 2006) • Originally Intended for use regarding China • Public recognition in 2009 (Google/Aurora) • Loss of clear meaning due to marketing use 3/28/2013 10
Dissecting APT Today • Advanced: – Utilizes ‘above average’ TTP’s – Not necessarily just technically advanced • Persistent: – Not a smash and grab effort • Threat – Attempts to coerce technology/users 3/28/2013 11
P A T
Challenges Understanding Advanced Threats • ‘Advanced’ is Subjective – Typically contingent on ones experiences – And knowledge of the threat-spectrum • Sophistication Isn’t always a 1 or 0 – Sophisticated attack preparation – Target intelligence – Target coercion • Pesky Acronyms & Commercialization of Name Space – Clouds understanding of already murky waters 3/28/2013 13
Defining ‘Advanced’ • Sophistication (‘advanced-ness’) is not a 1 or a 0 – Shades of grey • Different attributes of threat differ in sophistication – Attack preparation – Initial entry vector – Exfiltration method – Persistence technologies 3/28/2013 14
It’s good to be SPECIFIC • This is a complex subject area • Generalizations, acronyms etc. counterproductive • Beware of silver-bullet marketing 3/28/2013 15
Threat Spectrum: Tactical Cyber Threats • Surgical By Nature • Highly Specific Targeting • Technologically Sophisticated • High Cost Development • Repeatability Less Significant 3/28/2013 16
Threat Spectrum: Strategic Cyber Threats • Highly Repeatable • General Targeting: – Broad Industry (Energy, Defense etc.) – Groups of Individuals (Politicians, Executives) • Must Have Long-Term Staying Power • Less Sophisticated in Comparison • Low Cost to Develop & Maintain 3/28/2013 17
Threat Spectrum Today • Espionage – Highly Strategic – Industrial Attacks – Government (and DIB) Targets • Organized Crime – Strategic – Financially motivated – Civilian & Private Organization targets 3/28/2013 18
Strategic: Espionage • Highly Strategic • Industrial Attacks – Gas & Oil – Manufacturing • Government (and DIB) Targets – Defense Contractors – Research Organizations – Political & Other High Ranking Figures • Examples: Shady Rat, Aurora, Night Dragon 3/28/2013 19
Strategic: Organized Crime • Strategic • Financially motivated • Civilian & Private Organization targets • Who: – Eastern European Crime Rings – US/Domestic Crime Groups – Mexican Cartels 3/28/2013 20
Tactical: Subversive Operations • Tactical – Typically augmenting other activities (e.g. military) • Motivations vary, often force multiplier • Examples: Estonia, Georgia, Stuxnet • Who? Well funded private entities & governments – US, UK, Israel, Germany, France + ??? 3/28/2013 21
Strategic: Socio-Political Attacks • Strategic: – Often intended to elevate awareness of a topic • Relatively Unsophisticated – Currently favoring lower-hanging fruit via: • SQL Injection, [D]DoS, etc • Examples: – Anonymous, Radical Muslim Groups, Others.. 3/28/2013 22
Threat Scape Summary • Critical not to generalize the threat • No two adversaries are identical – Motivation – Capabilities 3/28/2013 23
Adversaries Under the Microscope • Organized Crime – Fairly well understood today • Monetization Methods • Enterprise organizational structures – Bot herders, skimmers, cash-outs, vuln acquisition • Linkage back to conventional crime rings • And links to state’s & radical groups • Espionage much less well understood 3/28/2013 25
The C-word • Many companies/countries reluctant to call out the C- Word: Largely due to operations/relationships at stake • Large sums of credible evidence in public domain implicating Chinese Adversaries • Little public diplomatic activity between US/China • China Economic and Security Review Commission “Techniques appear consistent with authoritative Chinese military writings“ USCC "This report is untrue and has ulterior motives. It's not worth a comment“ Chinese foreign Ministry spokesperson • Attacks attributed to Chinese Actors – State level participation not publicly proven 3/28/2013 26
Chinese Intelligence Doctrine • More is better! – Large sums of data gathered – Significance of data unrealized – Future analytical efforts realize use of stolen data • Strategy: – Fifty Year Plan – not eight years 3/28/2013 27
Chinese Hacker Communities • High Degree of Safety Behind the Monitor • Cultural Prioritization: 1. Country 2. Self 3. Employer • Extremely active research community – Forums, code sharing, IRC, etc 3/28/2013 28
Finding a smoking gun • Not easy • ROI is not immediate – May be tomorrow – could be in fifty years • Some real-world impacts do exist – Such as M&A activity leveraging stolen data 3/28/2013 29
Adversary Success Factors • Organizations Forgetting the Basics – Poor network segmentation – Excessive account privileges – Third party software patching – Poor asset management practices – Insecure or non existent system base lines – Insecure remote access solutions (end points) – Over reliance on silver bullet solutions 3/28/2013 30
Direction of the Threat • If it isn’t broken.. • While TTP’s aren't static however – overall approach remains • Status quo will remain until defensive posture changes – This process will likely take years • Offence is generally easier than defense – Adversary can adapt more quickly than todays technology 3/28/2013 31
Once we do adapt • Lots left in the funded adversaries tool chest: – Supply chain influences – Insider placement – Resurgence of network based attacks • Particularly against cloud providers – Targeting of more obscure technologies 3/28/2013 32
Disrupting APTs at the Endpoint
What is the APT “Kill Chain”? The ―Kill Chain‖ is simply the phases of an attack progression As defined by security researchers at Lockheed Martin, the ―kill chain‖ of APTs is a methodology comprised of seven links (or steps), according to researchers at global defense company Lockheed Martin Corp.: 1. Reconnaissance—Identify targets. 2. Weaponization— Create customized malware payload. 3. Delivery—Transmit the payload, typically through an email attachment, website or USB drive. 4. Exploitation—Trigger payload, usually via a vulnerability. 5. Installation—Establish foothold to persist within the target. 6. Command and control—―hands on the keyboard‖ access to the environment. 7. Actions on objectives—Execute toward goals, typically to steal data. http://papers.rohanamin.com/wp- content/uploads/papers.rohanamin.com/2011/08/iciw2011.pdf 3
Disrupting APT Payload Delivery on Endpoints Delivery - Transmission of the weapon to the targeted environment. The three most prevalent delivery vectors for • USB blocking w/ Device Control weaponized payloads by APT actors, as • File-type filtering from USB-to-Endpoint observed by the Lockheed Martin • AntiVirus with Heuristics Enabled Computer Incident Response Team (LM- CIRT) for the years 2004-2010, are email • Browser or gateway URL Filtering attachments, websites, and USB removable media. Exploitation - After the weapon is delivered to victim host, exploitation triggers intruders’ code. Most often, • Patch Management, Configuration Management exploitation targets an application or prevent known vulnerabilities operating system vulnerability, but it could also more simply exploit the users • Memory /Buffer Overflow protection / DEP themselves or leverage an operating • End User Security Awareness & Training system feature that auto-executes Installation - Installation of a remote access trojan or backdoor on the victim • Application Control system allows the adversary to maintain persistence inside the environment. 3
Defense-in-Depth Strategy Successful risk mitigation AV Control the Bad starts with a solid vulnerability management foundation, Device Control Control the Flow augmented by additional layered defenses which go beyond the traditional blacklist HD and Media Encryption approach. Control the Data Application Control Control the Gray Patch and Configuration Management Control the Vulnerability Landscape 36
Layered Approach for Mitigation » Maintain strong patch management practices » Enable native memory security controls in Windows including DEP and ASLR to limit the success of generic memory based attacks » Deploy advanced memory-injection attack protection including RMI and Skape/JT to interrupt advanced memory attacks » Utilize application control/whitelisting to defend against unknown payloads » Use Device control to block USB-borne malware » Blacklist outdated plugin versions » Adopt the concept of least privilege for end users
End Users Are Your Weakest Link • Be Aware of What You Share – End User Resource Center http://www.lumension.com/be-aware
More Information • Free Security Scanner Tools • Get a Quote (and more) http://www.lumension.com/endpoint- » Vulnerability Scanner – discover all OS and management-security-suite/buy-now.aspx#2 application vulnerabilities on your network » Application Scanner – discover all the apps being used in your network » Device Scanner – discover all the devices being used in your network http://www.lumension.com/special- offer/premium-security-tools.aspx • Lumension® Endpoint Management and Security Suite » Online Demo Video: http://www.lumension.com/Resources/Demo- Center/Vulnerability-Management.aspx » Free Trial (virtual or download): http://www.lumension.com/endpoint- management-security-suite/free-trial.aspx 39
Questions? Submit questions to the presenters via the on-screen text box Tom Parker Paul Zimski Chief Technology Vice President Officer and VP Solution Marketing Security Services Lumension FusionX
Thank you for attending Please visit our sponsor and any of the resources below: • www.darkreading.com/event • www.lumension.com/special-offer/premium-security-tools.aspx?rpLeadSourceId=L4224

Recommandé

International Cooperative: APT Hunting
International Cooperative: APT HuntingInternational Cooperative: APT Hunting
International Cooperative: APT HuntingJoshua Lawton, MBA
 
[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defence[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defenceOWASP EEE
 
Lastline Case Study
Lastline Case StudyLastline Case Study
Lastline Case StudyLastline, Inc.
 
Kaspersky North American Virus Analyst Summit
Kaspersky North American Virus Analyst SummitKaspersky North American Virus Analyst Summit
Kaspersky North American Virus Analyst SummitPR Americas
 
Spo1 r31 spo1-r31
Spo1 r31 spo1-r31Spo1 r31 spo1-r31
Spo1 r31 spo1-r31SelectedPresentations
 
Real World Defense Strategies for Targeted Endpoint Threats
Real World Defense Strategies for Targeted Endpoint Threats Real World Defense Strategies for Targeted Endpoint Threats
Real World Defense Strategies for Targeted Endpoint Threats Lumension
 
Threat Activity Groups - Dragos
Threat Activity Groups - Dragos Threat Activity Groups - Dragos
Threat Activity Groups - Dragos Dragos, Inc.
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceSyed Peer
 

Recommandé

International Cooperative: APT Hunting
International Cooperative: APT HuntingInternational Cooperative: APT Hunting
International Cooperative: APT HuntingJoshua Lawton, MBA
 
[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defence[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defenceOWASP EEE
 
Lastline Case Study
Lastline Case StudyLastline Case Study
Lastline Case StudyLastline, Inc.
 
Kaspersky North American Virus Analyst Summit
Kaspersky North American Virus Analyst SummitKaspersky North American Virus Analyst Summit
Kaspersky North American Virus Analyst SummitPR Americas
 
Spo1 r31 spo1-r31
Spo1 r31 spo1-r31Spo1 r31 spo1-r31
Spo1 r31 spo1-r31SelectedPresentations
 
Real World Defense Strategies for Targeted Endpoint Threats
Real World Defense Strategies for Targeted Endpoint Threats Real World Defense Strategies for Targeted Endpoint Threats
Real World Defense Strategies for Targeted Endpoint Threats Lumension
 
Threat Activity Groups - Dragos
Threat Activity Groups - Dragos Threat Activity Groups - Dragos
Threat Activity Groups - Dragos Dragos, Inc.
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceSyed Peer
 
Security testing fundamentals - must need basics to learn Penetration Testing
Security testing fundamentals - must need basics to learn Penetration TestingSecurity testing fundamentals - must need basics to learn Penetration Testing
Security testing fundamentals - must need basics to learn Penetration TestingHaribabu Nandyal Padmanaban
 
27 Nov 2013 Cyber defence CDE themed competition presentations
27 Nov 2013 Cyber defence CDE themed competition presentations27 Nov 2013 Cyber defence CDE themed competition presentations
27 Nov 2013 Cyber defence CDE themed competition presentationsDefence and Security Accelerator
 
SOD-Presentation-Des-Moines-10.19.21-v2.pptx
SOD-Presentation-Des-Moines-10.19.21-v2.pptxSOD-Presentation-Des-Moines-10.19.21-v2.pptx
SOD-Presentation-Des-Moines-10.19.21-v2.pptxTamaOlan1
 
ACS Talk (Melbourne) - The future of security
ACS Talk (Melbourne) - The future of securityACS Talk (Melbourne) - The future of security
ACS Talk (Melbourne) - The future of securitysiswarren
 
Cs461 06.risk analysis (1)
Cs461 06.risk analysis (1)Cs461 06.risk analysis (1)
Cs461 06.risk analysis (1)neeraj.sihag
 
How secure are your systems
How secure are your systemsHow secure are your systems
How secure are your systemsCity Unrulyversity
 
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...Graeme Wood
 
Symantec_2-4-5 nov 2010
Symantec_2-4-5 nov 2010Symantec_2-4-5 nov 2010
Symantec_2-4-5 nov 2010Agora Group
 
Challenges2013
Challenges2013Challenges2013
Challenges2013Lancope, Inc.
 
Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?
Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?
Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?Codero
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfssuser4237d4
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfssuser4237d4
 
Monitoring the Data Center
Monitoring the Data CenterMonitoring the Data Center
Monitoring the Data CenterLancope, Inc.
 
Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesAdvanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesNetIQ
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopDigit Oktavianto
 
2016 to 2021
2016 to 20212016 to 2021
2016 to 2021Gregory McCardle
 
Cyber Crimes: The next five years.
Cyber Crimes: The next five years. Cyber Crimes: The next five years.
Cyber Crimes: The next five years. Gregory McCardle
 
Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022PECB
 
Akamai___WebSecurity_eBook_Final
Akamai___WebSecurity_eBook_FinalAkamai___WebSecurity_eBook_Final
Akamai___WebSecurity_eBook_FinalCheryl Goldberg
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...APNIC
 
Using SCCM 2012 r2 to Patch Linux, UNIX and Macs
Using SCCM 2012 r2 to Patch Linux, UNIX and MacsUsing SCCM 2012 r2 to Patch Linux, UNIX and Macs
Using SCCM 2012 r2 to Patch Linux, UNIX and MacsLumension
 
2015 Endpoint and Mobile Security Buyers Guide
2015 Endpoint and Mobile Security Buyers Guide2015 Endpoint and Mobile Security Buyers Guide
2015 Endpoint and Mobile Security Buyers GuideLumension
 

Contenu connexe

Similaire à The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation Strategies

Security testing fundamentals - must need basics to learn Penetration Testing
Security testing fundamentals - must need basics to learn Penetration TestingSecurity testing fundamentals - must need basics to learn Penetration Testing
Security testing fundamentals - must need basics to learn Penetration TestingHaribabu Nandyal Padmanaban
 
27 Nov 2013 Cyber defence CDE themed competition presentations
27 Nov 2013 Cyber defence CDE themed competition presentations27 Nov 2013 Cyber defence CDE themed competition presentations
27 Nov 2013 Cyber defence CDE themed competition presentationsDefence and Security Accelerator
 
SOD-Presentation-Des-Moines-10.19.21-v2.pptx
SOD-Presentation-Des-Moines-10.19.21-v2.pptxSOD-Presentation-Des-Moines-10.19.21-v2.pptx
SOD-Presentation-Des-Moines-10.19.21-v2.pptxTamaOlan1
 
ACS Talk (Melbourne) - The future of security
ACS Talk (Melbourne) - The future of securityACS Talk (Melbourne) - The future of security
ACS Talk (Melbourne) - The future of securitysiswarren
 
Cs461 06.risk analysis (1)
Cs461 06.risk analysis (1)Cs461 06.risk analysis (1)
Cs461 06.risk analysis (1)neeraj.sihag
 
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...Graeme Wood
 
Symantec_2-4-5 nov 2010
Symantec_2-4-5 nov 2010Symantec_2-4-5 nov 2010
Symantec_2-4-5 nov 2010Agora Group
 
Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?
Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?
Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?Codero
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfssuser4237d4
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfssuser4237d4
 
Monitoring the Data Center
Monitoring the Data CenterMonitoring the Data Center
Monitoring the Data CenterLancope, Inc.
 
Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesAdvanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesNetIQ
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopDigit Oktavianto
 
Cyber Crimes: The next five years.
Cyber Crimes: The next five years. Cyber Crimes: The next five years.
Cyber Crimes: The next five years. Gregory McCardle
 
Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022PECB
 
Akamai___WebSecurity_eBook_Final
Akamai___WebSecurity_eBook_FinalAkamai___WebSecurity_eBook_Final
Akamai___WebSecurity_eBook_FinalCheryl Goldberg
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...APNIC
 

Similaire à The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation Strategies (20)

Security testing fundamentals - must need basics to learn Penetration Testing
Security testing fundamentals - must need basics to learn Penetration TestingSecurity testing fundamentals - must need basics to learn Penetration Testing
Security testing fundamentals - must need basics to learn Penetration Testing
 
27 Nov 2013 Cyber defence CDE themed competition presentations
27 Nov 2013 Cyber defence CDE themed competition presentations27 Nov 2013 Cyber defence CDE themed competition presentations
27 Nov 2013 Cyber defence CDE themed competition presentations
 
SOD-Presentation-Des-Moines-10.19.21-v2.pptx
SOD-Presentation-Des-Moines-10.19.21-v2.pptxSOD-Presentation-Des-Moines-10.19.21-v2.pptx
SOD-Presentation-Des-Moines-10.19.21-v2.pptx
 
ACS Talk (Melbourne) - The future of security
ACS Talk (Melbourne) - The future of securityACS Talk (Melbourne) - The future of security
ACS Talk (Melbourne) - The future of security
 
Cs461 06.risk analysis (1)
Cs461 06.risk analysis (1)Cs461 06.risk analysis (1)
Cs461 06.risk analysis (1)
 
How secure are your systems
How secure are your systemsHow secure are your systems
How secure are your systems
 
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
 
Symantec_2-4-5 nov 2010
Symantec_2-4-5 nov 2010Symantec_2-4-5 nov 2010
Symantec_2-4-5 nov 2010
 
Challenges2013
Challenges2013Challenges2013
Challenges2013
 
Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?
Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?
Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdf
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdf
 
Monitoring the Data Center
Monitoring the Data CenterMonitoring the Data Center
Monitoring the Data Center
 
Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesAdvanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective Responses
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
 
2016 to 2021
2016 to 20212016 to 2021
2016 to 2021
 
Cyber Crimes: The next five years.
Cyber Crimes: The next five years. Cyber Crimes: The next five years.
Cyber Crimes: The next five years.
 
Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022
 
Akamai___WebSecurity_eBook_Final
Akamai___WebSecurity_eBook_FinalAkamai___WebSecurity_eBook_Final
Akamai___WebSecurity_eBook_Final
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
 

Plus de Lumension

Using SCCM 2012 r2 to Patch Linux, UNIX and Macs
Using SCCM 2012 r2 to Patch Linux, UNIX and MacsUsing SCCM 2012 r2 to Patch Linux, UNIX and Macs
Using SCCM 2012 r2 to Patch Linux, UNIX and MacsLumension
 
2015 Endpoint and Mobile Security Buyers Guide
2015 Endpoint and Mobile Security Buyers Guide2015 Endpoint and Mobile Security Buyers Guide
2015 Endpoint and Mobile Security Buyers GuideLumension
 
Top 10 Things to Secure on iOS and Android to Protect Corporate Information
Top 10 Things to Secure on iOS and Android to Protect Corporate InformationTop 10 Things to Secure on iOS and Android to Protect Corporate Information
Top 10 Things to Secure on iOS and Android to Protect Corporate InformationLumension
 
2014 BYOD and Mobile Security Survey Preliminary Results
2014 BYOD and Mobile Security Survey Preliminary Results2014 BYOD and Mobile Security Survey Preliminary Results
2014 BYOD and Mobile Security Survey Preliminary ResultsLumension
 
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...Lumension
 
Careto: Unmasking a New Level in APT-ware
Careto: Unmasking a New Level in APT-ware Careto: Unmasking a New Level in APT-ware
Careto: Unmasking a New Level in APT-ware Lumension
 
Securing Your Point of Sale Systems: Stopping Malware and Data Theft
Securing Your Point of Sale Systems: Stopping Malware and Data TheftSecuring Your Point of Sale Systems: Stopping Malware and Data Theft
Securing Your Point of Sale Systems: Stopping Malware and Data TheftLumension
 
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...Lumension
 
2014 Data Protection Maturity Survey: Results and Analysis
2014 Data Protection Maturity Survey: Results and Analysis2014 Data Protection Maturity Survey: Results and Analysis
2014 Data Protection Maturity Survey: Results and AnalysisLumension
 
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint RiskGreatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint RiskLumension
 
Windows XP is Coming to an End: How to Stay Secure Before You Migrate
Windows XP is Coming to an End: How to Stay Secure Before You MigrateWindows XP is Coming to an End: How to Stay Secure Before You Migrate
Windows XP is Coming to an End: How to Stay Secure Before You MigrateLumension
 
Adobe Hacked Again: What Does It Mean for You?
Adobe Hacked Again: What Does It Mean for You? Adobe Hacked Again: What Does It Mean for You?
Adobe Hacked Again: What Does It Mean for You? Lumension
 
APTs: The State of Server Side Risk and Steps to Minimize Risk
APTs: The State of Server Side Risk and Steps to Minimize RiskAPTs: The State of Server Side Risk and Steps to Minimize Risk
APTs: The State of Server Side Risk and Steps to Minimize RiskLumension
 
2014 Ultimate Buyers Guide to Endpoint Security Solutions
2014 Ultimate Buyers Guide to Endpoint Security Solutions2014 Ultimate Buyers Guide to Endpoint Security Solutions
2014 Ultimate Buyers Guide to Endpoint Security SolutionsLumension
 
Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?Lumension
 
Java Insecurity: How to Deal with the Constant Vulnerabilities
Java Insecurity: How to Deal with the Constant VulnerabilitiesJava Insecurity: How to Deal with the Constant Vulnerabilities
Java Insecurity: How to Deal with the Constant VulnerabilitiesLumension
 
BYOD & Mobile Security: How to Respond to the Security Risks
BYOD & Mobile Security: How to Respond to the Security RisksBYOD & Mobile Security: How to Respond to the Security Risks
BYOD & Mobile Security: How to Respond to the Security RisksLumension
 
3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT RiskLumension
 
Defending Your Corporate Endpoints How to Go Beyond Anti-Virus
Defending Your Corporate Endpoints How to Go Beyond Anti-VirusDefending Your Corporate Endpoints How to Go Beyond Anti-Virus
Defending Your Corporate Endpoints How to Go Beyond Anti-VirusLumension
 
2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?Lumension
 

Plus de Lumension (20)

Using SCCM 2012 r2 to Patch Linux, UNIX and Macs
Using SCCM 2012 r2 to Patch Linux, UNIX and MacsUsing SCCM 2012 r2 to Patch Linux, UNIX and Macs
Using SCCM 2012 r2 to Patch Linux, UNIX and Macs
 
2015 Endpoint and Mobile Security Buyers Guide
2015 Endpoint and Mobile Security Buyers Guide2015 Endpoint and Mobile Security Buyers Guide
2015 Endpoint and Mobile Security Buyers Guide
 
Top 10 Things to Secure on iOS and Android to Protect Corporate Information
Top 10 Things to Secure on iOS and Android to Protect Corporate InformationTop 10 Things to Secure on iOS and Android to Protect Corporate Information
Top 10 Things to Secure on iOS and Android to Protect Corporate Information
 
2014 BYOD and Mobile Security Survey Preliminary Results
2014 BYOD and Mobile Security Survey Preliminary Results2014 BYOD and Mobile Security Survey Preliminary Results
2014 BYOD and Mobile Security Survey Preliminary Results
 
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
 
Careto: Unmasking a New Level in APT-ware
Careto: Unmasking a New Level in APT-ware Careto: Unmasking a New Level in APT-ware
Careto: Unmasking a New Level in APT-ware
 
Securing Your Point of Sale Systems: Stopping Malware and Data Theft
Securing Your Point of Sale Systems: Stopping Malware and Data TheftSecuring Your Point of Sale Systems: Stopping Malware and Data Theft
Securing Your Point of Sale Systems: Stopping Malware and Data Theft
 
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
 
2014 Data Protection Maturity Survey: Results and Analysis
2014 Data Protection Maturity Survey: Results and Analysis2014 Data Protection Maturity Survey: Results and Analysis
2014 Data Protection Maturity Survey: Results and Analysis
 
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint RiskGreatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
 
Windows XP is Coming to an End: How to Stay Secure Before You Migrate
Windows XP is Coming to an End: How to Stay Secure Before You MigrateWindows XP is Coming to an End: How to Stay Secure Before You Migrate
Windows XP is Coming to an End: How to Stay Secure Before You Migrate
 
Adobe Hacked Again: What Does It Mean for You?
Adobe Hacked Again: What Does It Mean for You? Adobe Hacked Again: What Does It Mean for You?
Adobe Hacked Again: What Does It Mean for You?
 
APTs: The State of Server Side Risk and Steps to Minimize Risk
APTs: The State of Server Side Risk and Steps to Minimize RiskAPTs: The State of Server Side Risk and Steps to Minimize Risk
APTs: The State of Server Side Risk and Steps to Minimize Risk
 
2014 Ultimate Buyers Guide to Endpoint Security Solutions
2014 Ultimate Buyers Guide to Endpoint Security Solutions2014 Ultimate Buyers Guide to Endpoint Security Solutions
2014 Ultimate Buyers Guide to Endpoint Security Solutions
 
Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?
 
Java Insecurity: How to Deal with the Constant Vulnerabilities
Java Insecurity: How to Deal with the Constant VulnerabilitiesJava Insecurity: How to Deal with the Constant Vulnerabilities
Java Insecurity: How to Deal with the Constant Vulnerabilities
 
BYOD & Mobile Security: How to Respond to the Security Risks
BYOD & Mobile Security: How to Respond to the Security RisksBYOD & Mobile Security: How to Respond to the Security Risks
BYOD & Mobile Security: How to Respond to the Security Risks
 
3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk
 
Defending Your Corporate Endpoints How to Go Beyond Anti-Virus
Defending Your Corporate Endpoints How to Go Beyond Anti-VirusDefending Your Corporate Endpoints How to Go Beyond Anti-Virus
Defending Your Corporate Endpoints How to Go Beyond Anti-Virus
 
2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?
 

Dernier

presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 

Dernier (20)

presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 

The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation Strategies

  • 1. The Evolution of Advanced Persistent Threats: The Current Risks & Mitigation Strategies Sponsored by
  • 2. Webcast Logistics Optimize your experience today • Enable pop-ups within your browser • Turn on your system’s sound to hear the streaming presentation • Questions? Submit them to the presenters at anytime on the console • Technical problems? Click ―Help‖ or submit a question for assistance
  • 3. Featured Presenters Our knowledgeable speakers today are: Tom Parker Paul Zimski Chief Technology Vice President Officer and VP Solution Marketing Security Services Lumension FusionX
  • 5. About the Presenter.. • Tom Parker: CTO & VP Security Services – Dark Reading: Advanced Threats SME/Blogger – Over Fifteen Years Securing Multi-National Corporations and Government Institutions – Author of multiple publications on Information Security and Cyber Actor Profiling – Regular speaker at industry events including Blackhat Briefings and SANS Conferences 3/28/2013 5
  • 6. Threat-Scape Today • 2012 estimated: $338B cost to Global Economy • US “Hemorrhaging” Intellectual Property • Online Hacktivism has made significant comeback • Generally poor understanding of web based vulnerabilities and threats • Dynamic threat intent ranges from organized crime monetization to national strategic objectives 3/28/2013 6
  • 7. Threat Time Line 2001: EP3 Spy 2001: 2003: SQL 2000: I Love U Plane Code Red Slammer 2009: Operation 2004: MyDoom 2005: Zotob 2008: Conficker Aurora (Discovered) 2011: Operation 2010: Stuxnet 2010: Comment 2011: DuQu Shady Rat (Discovered) Crew Attacks (Discovered) (Discovered) 2013: Comment 2012: Flame Crew Report (Discovered) (Disclosed) 3/28/2013 7
  • 8. Change in Technical Focus 1990’s: Network Based Attacks 2001 (Code Red) 2003 (Slammer) 2009 (Aurora) 2011 (Shady Rat) 2012: Client Based Attacks 3/28/2013 8
  • 9. Attackers Response to Defense • Broad use of firewall products – Focus on ‘hard outer shell’ • Microsoft focus on securing network services • Implementation of DEP/ASLR for Services • Lower Service Profile in Default Configurations – Resulting in less network attack surface • Authentication of MSRPC Services – And disabling of guest/default accounts 3/28/2013 9
  • 10. APT Who? • Originated from US Air Force (circa 2006) • Originally Intended for use regarding China • Public recognition in 2009 (Google/Aurora) • Loss of clear meaning due to marketing use 3/28/2013 10
  • 11. Dissecting APT Today • Advanced: – Utilizes ‘above average’ TTP’s – Not necessarily just technically advanced • Persistent: – Not a smash and grab effort • Threat – Attempts to coerce technology/users 3/28/2013 11
  • 12. P A T
  • 13. Challenges Understanding Advanced Threats • ‘Advanced’ is Subjective – Typically contingent on ones experiences – And knowledge of the threat-spectrum • Sophistication Isn’t always a 1 or 0 – Sophisticated attack preparation – Target intelligence – Target coercion • Pesky Acronyms & Commercialization of Name Space – Clouds understanding of already murky waters 3/28/2013 13
  • 14. Defining ‘Advanced’ • Sophistication (‘advanced-ness’) is not a 1 or a 0 – Shades of grey • Different attributes of threat differ in sophistication – Attack preparation – Initial entry vector – Exfiltration method – Persistence technologies 3/28/2013 14
  • 15. It’s good to be SPECIFIC • This is a complex subject area • Generalizations, acronyms etc. counterproductive • Beware of silver-bullet marketing 3/28/2013 15
  • 16. Threat Spectrum: Tactical Cyber Threats • Surgical By Nature • Highly Specific Targeting • Technologically Sophisticated • High Cost Development • Repeatability Less Significant 3/28/2013 16
  • 17. Threat Spectrum: Strategic Cyber Threats • Highly Repeatable • General Targeting: – Broad Industry (Energy, Defense etc.) – Groups of Individuals (Politicians, Executives) • Must Have Long-Term Staying Power • Less Sophisticated in Comparison • Low Cost to Develop & Maintain 3/28/2013 17
  • 18. Threat Spectrum Today • Espionage – Highly Strategic – Industrial Attacks – Government (and DIB) Targets • Organized Crime – Strategic – Financially motivated – Civilian & Private Organization targets 3/28/2013 18
  • 19. Strategic: Espionage • Highly Strategic • Industrial Attacks – Gas & Oil – Manufacturing • Government (and DIB) Targets – Defense Contractors – Research Organizations – Political & Other High Ranking Figures • Examples: Shady Rat, Aurora, Night Dragon 3/28/2013 19
  • 20. Strategic: Organized Crime • Strategic • Financially motivated • Civilian & Private Organization targets • Who: – Eastern European Crime Rings – US/Domestic Crime Groups – Mexican Cartels 3/28/2013 20
  • 21. Tactical: Subversive Operations • Tactical – Typically augmenting other activities (e.g. military) • Motivations vary, often force multiplier • Examples: Estonia, Georgia, Stuxnet • Who? Well funded private entities & governments – US, UK, Israel, Germany, France + ??? 3/28/2013 21
  • 22. Strategic: Socio-Political Attacks • Strategic: – Often intended to elevate awareness of a topic • Relatively Unsophisticated – Currently favoring lower-hanging fruit via: • SQL Injection, [D]DoS, etc • Examples: – Anonymous, Radical Muslim Groups, Others.. 3/28/2013 22
  • 23. Threat Scape Summary • Critical not to generalize the threat • No two adversaries are identical – Motivation – Capabilities 3/28/2013 23
  • 24.
  • 25. Adversaries Under the Microscope • Organized Crime – Fairly well understood today • Monetization Methods • Enterprise organizational structures – Bot herders, skimmers, cash-outs, vuln acquisition • Linkage back to conventional crime rings • And links to state’s & radical groups • Espionage much less well understood 3/28/2013 25
  • 26. The C-word • Many companies/countries reluctant to call out the C- Word: Largely due to operations/relationships at stake • Large sums of credible evidence in public domain implicating Chinese Adversaries • Little public diplomatic activity between US/China • China Economic and Security Review Commission “Techniques appear consistent with authoritative Chinese military writings“ USCC "This report is untrue and has ulterior motives. It's not worth a comment“ Chinese foreign Ministry spokesperson • Attacks attributed to Chinese Actors – State level participation not publicly proven 3/28/2013 26
  • 27. Chinese Intelligence Doctrine • More is better! – Large sums of data gathered – Significance of data unrealized – Future analytical efforts realize use of stolen data • Strategy: – Fifty Year Plan – not eight years 3/28/2013 27
  • 28. Chinese Hacker Communities • High Degree of Safety Behind the Monitor • Cultural Prioritization: 1. Country 2. Self 3. Employer • Extremely active research community – Forums, code sharing, IRC, etc 3/28/2013 28
  • 29. Finding a smoking gun • Not easy • ROI is not immediate – May be tomorrow – could be in fifty years • Some real-world impacts do exist – Such as M&A activity leveraging stolen data 3/28/2013 29
  • 30. Adversary Success Factors • Organizations Forgetting the Basics – Poor network segmentation – Excessive account privileges – Third party software patching – Poor asset management practices – Insecure or non existent system base lines – Insecure remote access solutions (end points) – Over reliance on silver bullet solutions 3/28/2013 30
  • 31. Direction of the Threat • If it isn’t broken.. • While TTP’s aren't static however – overall approach remains • Status quo will remain until defensive posture changes – This process will likely take years • Offence is generally easier than defense – Adversary can adapt more quickly than todays technology 3/28/2013 31
  • 32. Once we do adapt • Lots left in the funded adversaries tool chest: – Supply chain influences – Insider placement – Resurgence of network based attacks • Particularly against cloud providers – Targeting of more obscure technologies 3/28/2013 32
  • 34. What is the APT “Kill Chain”? The ―Kill Chain‖ is simply the phases of an attack progression As defined by security researchers at Lockheed Martin, the ―kill chain‖ of APTs is a methodology comprised of seven links (or steps), according to researchers at global defense company Lockheed Martin Corp.: 1. Reconnaissance—Identify targets. 2. Weaponization— Create customized malware payload. 3. Delivery—Transmit the payload, typically through an email attachment, website or USB drive. 4. Exploitation—Trigger payload, usually via a vulnerability. 5. Installation—Establish foothold to persist within the target. 6. Command and control—―hands on the keyboard‖ access to the environment. 7. Actions on objectives—Execute toward goals, typically to steal data. http://papers.rohanamin.com/wp- content/uploads/papers.rohanamin.com/2011/08/iciw2011.pdf 3
  • 35. Disrupting APT Payload Delivery on Endpoints Delivery - Transmission of the weapon to the targeted environment. The three most prevalent delivery vectors for • USB blocking w/ Device Control weaponized payloads by APT actors, as • File-type filtering from USB-to-Endpoint observed by the Lockheed Martin • AntiVirus with Heuristics Enabled Computer Incident Response Team (LM- CIRT) for the years 2004-2010, are email • Browser or gateway URL Filtering attachments, websites, and USB removable media. Exploitation - After the weapon is delivered to victim host, exploitation triggers intruders’ code. Most often, • Patch Management, Configuration Management exploitation targets an application or prevent known vulnerabilities operating system vulnerability, but it could also more simply exploit the users • Memory /Buffer Overflow protection / DEP themselves or leverage an operating • End User Security Awareness & Training system feature that auto-executes Installation - Installation of a remote access trojan or backdoor on the victim • Application Control system allows the adversary to maintain persistence inside the environment. 3
  • 36. Defense-in-Depth Strategy Successful risk mitigation AV Control the Bad starts with a solid vulnerability management foundation, Device Control Control the Flow augmented by additional layered defenses which go beyond the traditional blacklist HD and Media Encryption approach. Control the Data Application Control Control the Gray Patch and Configuration Management Control the Vulnerability Landscape 36
  • 37. Layered Approach for Mitigation » Maintain strong patch management practices » Enable native memory security controls in Windows including DEP and ASLR to limit the success of generic memory based attacks » Deploy advanced memory-injection attack protection including RMI and Skape/JT to interrupt advanced memory attacks » Utilize application control/whitelisting to defend against unknown payloads » Use Device control to block USB-borne malware » Blacklist outdated plugin versions » Adopt the concept of least privilege for end users
  • 38. End Users Are Your Weakest Link • Be Aware of What You Share – End User Resource Center http://www.lumension.com/be-aware
  • 39. More Information • Free Security Scanner Tools • Get a Quote (and more) http://www.lumension.com/endpoint- » Vulnerability Scanner – discover all OS and management-security-suite/buy-now.aspx#2 application vulnerabilities on your network » Application Scanner – discover all the apps being used in your network » Device Scanner – discover all the devices being used in your network http://www.lumension.com/special- offer/premium-security-tools.aspx • Lumension® Endpoint Management and Security Suite » Online Demo Video: http://www.lumension.com/Resources/Demo- Center/Vulnerability-Management.aspx » Free Trial (virtual or download): http://www.lumension.com/endpoint- management-security-suite/free-trial.aspx 39
  • 40. Questions? Submit questions to the presenters via the on-screen text box Tom Parker Paul Zimski Chief Technology Vice President Officer and VP Solution Marketing Security Services Lumension FusionX
  • 41. Thank you for attending Please visit our sponsor and any of the resources below: • www.darkreading.com/event • www.lumension.com/special-offer/premium-security-tools.aspx?rpLeadSourceId=L4224