SlideShare une entreprise Scribd logo

Cyber Security

NC Military Business Center
NC Military Business Center
TechnologieBusiness
1  sur  34
Télécharger pour lire hors ligne
North Carolina Federal Advanced Technologies Symposium May 9, 2013 Cyber Security Panel Hosted by: Office of Senator Richard Burr NC Military Business Center NC Military Foundation Institute for Defense & Business University of North Carolina System Reception Sponsor: Bronze Sponsor:
Science of Security Configuration Analytics– Know your network! Professor Ehab Al-Shaer, Director of Cyber Defense Network Assurability Center University of North Carolina Charlotte ealshaer@uncc.edu www.cyberdna.uncc.edu Cyber Security Panel NC Federal Advanced technologies Symposium May 9, 2013
About CyberDNA Research • Vision: Making Cybersecurity measurable, provable and usable • Research Team: – Multi-disciplinary team of 11 faculty members and 35 PhD students Areas – security, networking, data mining, economics, power and control, behavior science/HCI. • Active Funding: > 8.2M from NSF, NSA, ARO, AFRL, DHS, Bank of America, BB&T, DTCC, Duke Energy, Cisco, Intel • Prof. Al-Shaer was featured as Subject Matter Expert (SME) in Security Configuration Analytics and Automation [DoD Information Assurance Newsletter, 2011]. • NSF Industry/University Collaborative Research Center on (Security) Configuration Analytics and Automation (CCAA) Lead by UNC Charlotte and George Mason Univ – Members include NSA, NIST, Bank of America, BB&T, DTCC, MITRE, Northrop Grumman • Tools and Technology transfer projects for Cisco, Intel, Duke Energy, .. • Research Long and solid track record on many areas particularly – Security configuration analytics (verification and synthesis) for enterprise, cloud and smart grid – Security metrics and risk estimation – Agility and resiliency for Cyber, clouds and Cyber-Physical
4 Why Cybersecurity is Hard? • Attack Detection (alone) Can not Deliver – Learning-based = Knowing the attack OR Knowing the Deviation Threshold  Easily Evadable – Insufficient for attack avoidance • Cybersecurity = Attack Prediction • Attack Prediction is a Hard Problem – Learning-driven vs. Prediction-driven • Feature selection vs. information integration & analytics – Scalable and accurate models of both system behavior and adversary strategies. – System complexity and adversary sophistication are increasingly growing.
6 The Need for Security Configuration Analytics • December 2008 report from Center for Strategic and International Studies "Securing Cyberspace for the 44th Presidency" states that "inappropriate or incorrect security configurations were responsible for 80% of Air Force vulnerabilities" • May 2008 report from Juniper Networks "What is Behind Network Downtime?" states that "human factors [are] responsible for 50 to 80 percent of network device outages". • BT/Gartner[3] has estimated that 65% of cyber-attacks exploit systems with vulnerabilities introduced by configuration errors. The Yankee Group[4] has noted that configuration errors cause 62% of network downtime. • A 2009 report[5] by BT and Huawei discusses how service outages caused by “the human factor” themselves cause more than 30% of network outages, “a major concern for carriers and causes big revenue-loss.
7 Ehab Al-Shaer , Science of Security Configuration Complexity of Configuration Analytics • Scale – thousands of devices and million of rules. • Distributed, yet Inter-dependent Devices and Rules. • Policy semantic gap -- device roles (e.g., Rule-order semantics vs. recursive ACL, single-trigger vs. multi-trigger policies) • Multi-level and multi-layer Network configuration – Overlay networks, groups/domains in cloud (e.g., EC2/VPC, security groups) – network access control, OS, application level etc • Dynamic changes in networks and threat • Security design trade-offs: risk vs mission, usability, cost, and performance [Source: Security Analytics and Automation, DoD IA Newsletter, Oct 2011] 7
8 NSF Center on Security Analytics & Automation– The Big Picture ANALYTICS Predominately Manual Management Practices Defensive Actions Logs and Sensor Data Security Requirements & Policies Enterprise Polices & Configuration MEASURABLE SECURITY Analytics & Automation AUTOMATED DEFENSE RESILIENCY COST-EFFECTIVE HARDENING Analytics Automation Integration action System
9 Policy Violation Threat Prediction Risk Estimation ConfigChecker: Security Analytics Magic Box [ICNP09] Risk Mitigation Attack DiagnosisAgility Actions Resiliency measure ConfigChecker
Golden Technology Services © 2012 Golden Technology Services _________________________________________________________________________ GOLDEN TECHNOLOGY SERVICES Delivering Business Impact with Advanced Technology Solutions
_________________________________________________________________________ © 2012 Golden Technology Services Cyber attacks are increasingly impacting both private sector and U.S. government information networks and systems May 15, 2013 11 Sources: IBM Corporation,PwC
_________________________________________________________________________ © 2012 Golden Technology Services Proof points: Targeted attacks shake businesses & governments May 15, 2013 12 Source: IBM Corp., 2011 Year-EndX-Force Trend and Risk Report.
_________________________________________________________________________ © 2012 Golden Technology Services The Power of Cyber Knowing • Everyday, cyber thieves run their reconnaissance on networks and servers, and afterward know more about an organization’s IT security than they do. • How Can The Cyber Thieves Know More About a Business IT Security Than They Do? – They are super intelligent and their IT budget is significantly larger than most. – They know there is limited to no risk of them ever being identified or caught. – Their goal is simple - either to steal money, intellectual assets or both. – Due to advertising, they have developed a work-around to bypass all of the readily available and known IT security products and services - yes, all of them. – Lastly, some of the security solutions used are manufactured or developed by some of the nation states. • The Market Needs To Add an Additional Security Layer to Their Network – The market needs a service that is innovative in dealing with these very aggressive cyber actors and threats. – The market needs a tool that is 100% designed, manufactured and assembled with integrity and trust in the US. – The market needs a tool and service that are not advertised. This is important for US national security, and financial services companies and others.
_________________________________________________________________________ © 2012 Golden Technology Services Yet most U.S. SMBs can improve their online security practices May 15, 2013 14 Source: “2012 National Small Business Study,” National Cyber Security Alliance, Sept. 2012
_________________________________________________________________________ © 2012 Golden Technology Services What Are You Going To Do? 1) “Online Cyber Training” - training, risk assessment and policy management tools that prepare employees for the current threat environment. • More than 50% of all security incidents originate from successful social engineering efforts. • Training, testing and tracking the workforce offers a high return on investment. • Training can be completed from anywhere, anytime, including at home. • The FTC Safeguards Rule mandates the creation of a Written Information Security Program (WISP). • Service contains a comprehensive library of Data Security Policies that can be used as templates for the development of an organization’s WISP. 2) Cyber Detection - automatically detects and terminates threats that evade signatures and blacklists. • Can find previously unknown and hidden threats within hours of deployment. • Monitors servers, desktops, iOS and Android devices – employees & contractors • Provides an alert so action can be taken immediately. 3) IP Address Blocking - blocks 3 million vetted and blacklisted IP addresses • Blocks bi-directionally – Web Portal for each appliance to see what is being blocked • Newly identified and vetted IP addresses are sent up to 4 times an hour to customer
CYBER SECURITY • Intrusion detection - focused on protecting against attack vectors based on software or hardware vulnerabilities. • Firewall configuration, patch management, anti-virus technologies and intrusion detection log monitoring. • Masquerade Threat - access through the use of stolen, highjacked or forged logon IDs and passwords. • Security gaps in programs, or through bypassing the authentication mechanism. • Insider Threat – valid credentials or permissions (bad actor) @2013 SECURBORATION, INC. COMPANY PROPRIETARY 16
INTRUSION DETECTION • Traditional protection technologies have matured • National Vulnerability Database (http://nvd.nist.gov) vulnerability disclosures across the industry in 1H2011 were down 37.1% from 2H2008[1] • Class of tools • e-Sentinel • Host Based Security System @2013 SECURBORATION, INC. COMPANY PROPRIETARY 17 VulnerabilityDisclosures
MASQUERADE THREAT • Recent trends indicate that stealing or forging log-in credentials has become a common methodology for achieving unauthorized access • User Behavior • Identify deviations from expected behavior • Access to applications over system access • Utilize logs to monitor behavior • New class of tools INSIDER THREAT • Bad Actors • User Behavior (threshold of bad behavior) • Identify deviations from expected behavior • Access to applications over system access • Access to Multifunction-Printers • Utilize logs to monitor behavior • New class of tools THREAT CLASSES @2013 SECURBORATION, INC. COMPANY PROPRIETARY 18 C-SAMS
CYBER SEMANTIC ACCOUNT MANAGEMENT SERVICE (CSAMS) @2013 SECURBORATION, INC. COMPANY PROPRIETARY 19 • Cyber Defense • Insider / Masquerade Threat Focus: Identity theft; Exfiltration; Credential amplification • Whitelist Oriented: When are there observable shifts in agent behavior from “normal” to “abnormal”? • Model-driven: • Enterprise Architecture • Business Process Modeling • Business Process Execution Language (BPEL) • Web Ontology Language (OWL)
CYBER SEMANTIC ACCOUNT MANAGEMENT SERVICE (CSAMS) @2013 SECURBORATION, INC. COMPANY PROPRIETARY 20 Actual Behaviors GCCC Merged Log Files End User Publishes Events That Indicate Behavior Outside the Norm Detects Anomalous Behavior by Comparing Expected vs. Actual Legacy Future CSV
21 About Signalscape Signalscape offers security solutions and vulnerability analysis to the DoD, Law Enforcement, and Cyber Communities. Our expertise ranges from miniature single board wireless solutions for one-time mission critical applications to fully integrated wireless surveillance, tracking, and data transport platforms. Specifically, Signalscape specializes in Audio and Video Wireless Data Detection, Collection, and Transport including: • Wireless Sensors (Audio and Video) • Mobility Systems (Cellular Data Transport) • Software Defined Radio (SDR) Visit us at www.signalscape.com.
Challenges Facing DoD, LE, and Cyber Communities Two issues facing DoD, Law Enforcement, and Cyber Communities include: • Detecting and analyzing audio and video streams embedded in massive amounts of wireless network traffic (both encrypted and unencrypted) • Deploying Smart, Wireless, Audio and Video Sensors Signalscape provides Wireless Video Collection and Analytics capabilities both from a defensive and offensive point of view. Specifically two key wireless video topics of interest to the IC and Cyber Community: • Video Detection and Vulnerability Analysis • Video Sensing 22
Video Detection and Vulnerability Analysis • Packet payload inspection (if unencrypted) • Detection of encrypted audio and video streams via traffic pattern classification algorithms based on machine learning • Network vulnerability analysis Video Sensing • Smart Sensing – On-board analytics and storage • Power Management – Avoid transmission until sensor detects event of interest • Utilize time-shifted transmission • Post collection egress (log in and download data at less than real- time speeds) 23
24 Wireless Audio/Video Security Platform (WASP) • Wireless (900 MHz, 2.4 GHz, cellular) retrieval of HD video, HD images and audio • On-board ARM processor plus DSP to run application software in parallel with video algorithms. • CDMA/GSM Wireless Link • 2.4GHz Wireless Link (higher data rates, third-party product integration) • IP Gateway Infrastructure • DVR Capability (record, playback on-demand) • Camera analytics (face detection, wide dynamic range processing, motion detection)
WASP System Architecture 25 RF to IP Video GatewayWASP Ethernet INTERNET Satellite Internet Terminal LoS IP Radio Local User Remote Users
OnWire Capabilities  Area of Expertise • Identity, Access, & Federation Management • Federated Trust (SAML/XSLT/ Web Services) • 2-Factor Authentication • PKI / Smart Cards  Professional Services • Systems Engineering • Development • Integration Services • Consulting Services 26  Cloud Services • Federated SSO • Identity and Access Management as a Service • Consulting Services
Gartner’s Nexus of “Forces”  The Gartner Group has coined the phrase Nexus of Forces to refer to four technology areas having a profound affect on IT  The forces of the Nexus are intertwined to create a user-driven ecosystem of modern computing. • Information is the context for delivering enhanced social and mobile experiences. • Mobile devices are a platform for effective social networking and new ways of work. • Social links people to their work and each other in new and unexpected ways. • Cloud enables delivery of information and functionality to users and systems.  User adoption of these technologies means that IT organizations must adapt their security posture to account for these forces. 27
Security Implications 28 Diagram Source: Gartner (June 2012) Callouts Source: OnWire (April 2013) Data Leakage (corp data migrates to public cloud) Data Leakage (data cached on device) Unpredictable platform type (user chooses platform) Unpredictable app behavior (user owns the app) Blurring of work and private data Privacy Issues Attack Target – honeypot of data Attack Target – honeypot of data Access Control Issues Phishing target (large number of unsophisticated users)
IAM Vision & OnWire’s Expertise Key Themes Standardized IAM and Compliance Expand IAM vertically to provide identity & access intelligence to the business; Integrate horizontally to enforce user access to data, app, and infrastructure Secure Cloud, Mobile, Social Collaboration Enhance context-based access control for cloud, mobile and SaaS access, as well as integration with proofing, validation & authentication solutions IAM Governance and Insider Threat Continue to develop Privileged Identity Management (PIM) capabilities and enhanced Identity and Role management
IBM Security Products  Information • InfoSphere Guardium - Activity monitor, data encryption, vulnerability assessment • Key Lifecycle Manager (managing signing and encryption keys)  Mobile • Endpoint Management (Endpoint Manager for Mobile Devices) • IAM (Access Manager for Cloud and Mobile, Identity Manager, Federated Identity Manager) • Network Security (Mobile Connect)  Cloud • Application Security (Rational Appscan, Policy Manager) • Infrastructure Security (Host Protection, Virtual Server Protection, Network Intrusion Prevention System) • IAM (Access Manager for Cloud and Mobile, Identity Manager, Federated Identity Manager)  Social • QRadar Security Intelligence Platform • Application Security (Rational Appscan, Policy Manager) • IAM (Access Manager, Identity Manager, Federated Identity Manager) 30
Cyber Security: A New Domain for Intelligence Analysis MARK VASUDEVAN PRESIDENT VSI
About VSi • VSi, based in Winston-Salem, NC, specializes in web-based intelligence and analytical software applications • VSi’s MIDaS™, (U.S. Patents Nos. 6,877,006; 7,167,864; 7,720,861; 8,082,268) is a browser-based, ad-hoc, multi- dimensional analytical tool for users and analysts • VSi’s patents have been licensed to IBM and Oracle • VSi’s MIDaS™ links distributed disparate data sources to produce user-defined analytical views • VSi’s MIDaS™ uses a fine-grained security model that implements multi-level security capability • VSi’s MIDaS™ delivers its capabilities without writing any code
IDENTIFICATION OF PROBLEM – NOT A NEW PROBLEM ; A NEW DOMAIN • Analysis – Multi-INT Fusion: HUMINT, COMINT, IMINT ELINT • Perimeter Security, Sensors – Access,Authentication and Authorization • Pattern Analysis – Intrusion patterns • Inference capability • Information dissemination – Reporting • Strategic andTactical/Imminent threat assessment • Collaboration – Functional Defeat Models • Design of intrusion protection and vulnerability minimization
NEW TECHNOLOGY – MULTI-USE • Re-use existing resources to develop new intelligence • Analysis tools should be flexible to be used for multiple purposes – Intelligence Analysis; Target Centric Analysis; Threat Assessment • Data source agnostic - Structured and Unstructured data fusion • Collaborative “System-of-Systems” model development • Analysis should focus on the requirements of the Analyst and Field Operator – Flexible ; Near RealTime • Comprehensive visualization – Geospatial; Network-graph; temporal; 3D • Multi-level security - Information dissemination; Reporting
WHAT DOES VSi’s MIDaS™ LOOK LIKE?

Recommandé

GSA's Presentation on Improving Cyber Security Through Acquisition
GSA's Presentation on Improving Cyber Security Through AcquisitionGSA's Presentation on Improving Cyber Security Through Acquisition
GSA's Presentation on Improving Cyber Security Through AcquisitionGovernment Technology and Services Coalition
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurityMatthew Rosenquist
 
Key Cyber Security Issues for Government Contractors
Key Cyber Security Issues for Government ContractorsKey Cyber Security Issues for Government Contractors
Key Cyber Security Issues for Government ContractorsGovernment Technology and Services Coalition
 
security_assessment_slides
security_assessment_slidessecurity_assessment_slides
security_assessment_slidesSteve Arnold
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMatthew Rosenquist
 
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 Trends
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 TrendsCybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 Trends
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 TrendsIvanti
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...at MicroFocus Italy ❖✔
 
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...Government Technology and Services Coalition
 

Contenu connexe

Tendances

Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill
Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir GillEliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill
Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir GillTheAnfieldGroup
 
The Future of Cyber Security - Matthew Rosenquist
The Future of Cyber Security - Matthew RosenquistThe Future of Cyber Security - Matthew Rosenquist
The Future of Cyber Security - Matthew RosenquistMatthew Rosenquist
 
NIST releases SP 800-160 Multi-discplinary approach to cybersecurity
NIST releases SP 800-160 Multi-discplinary approach to cybersecurityNIST releases SP 800-160 Multi-discplinary approach to cybersecurity
NIST releases SP 800-160 Multi-discplinary approach to cybersecurityDavid Sweigert
 
Happiest Minds Technologies- ComplianceVigil Solution Overview
Happiest Minds Technologies- ComplianceVigil Solution OverviewHappiest Minds Technologies- ComplianceVigil Solution Overview
Happiest Minds Technologies- ComplianceVigil Solution OverviewHappiest Minds Technologies
 
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat GapRetail Security: Closing the Threat Gap
Retail Security: Closing the Threat GapTripwire
 
Using a Cognitive Analytic Approach to Enhance Cybersecurity on Oil and Gas O...
Using a Cognitive Analytic Approach to Enhance Cybersecurity on Oil and Gas O...Using a Cognitive Analytic Approach to Enhance Cybersecurity on Oil and Gas O...
Using a Cognitive Analytic Approach to Enhance Cybersecurity on Oil and Gas O...SparkCognition
 
Critical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyCritical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyFidelis Cybersecurity
 
Retail security-services--client-presentation
Retail security-services--client-presentationRetail security-services--client-presentation
Retail security-services--client-presentationJoseph Schorr
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'aFahmi Albaheth
 
The Security Challenge: What's Next?
The Security Challenge: What's Next?The Security Challenge: What's Next?
The Security Challenge: What's Next?Cognizant
 
Vulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyVulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyNandita Nityanandam
 
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...Matthew Rosenquist
 
2008: Web Application Security Tutorial
2008: Web Application Security Tutorial2008: Web Application Security Tutorial
2008: Web Application Security TutorialNeil Matatall
 
Ivanti Threat Thursday for April 30
Ivanti Threat Thursday for April 30Ivanti Threat Thursday for April 30
Ivanti Threat Thursday for April 30Ivanti
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsIBM Security
 
A New Approach to Healthcare Security
A New Approach to Healthcare SecurityA New Approach to Healthcare Security
A New Approach to Healthcare SecurityAngel Villar Garea
 

Tendances (20)

Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill
Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir GillEliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill
Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill
 
The Future of Cyber Security - Matthew Rosenquist
The Future of Cyber Security - Matthew RosenquistThe Future of Cyber Security - Matthew Rosenquist
The Future of Cyber Security - Matthew Rosenquist
 
Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016
 
Robert Nichols: Cybersecurity for Government Contractors
Robert Nichols: Cybersecurity for Government ContractorsRobert Nichols: Cybersecurity for Government Contractors
Robert Nichols: Cybersecurity for Government Contractors
 
NIST releases SP 800-160 Multi-discplinary approach to cybersecurity
NIST releases SP 800-160 Multi-discplinary approach to cybersecurityNIST releases SP 800-160 Multi-discplinary approach to cybersecurity
NIST releases SP 800-160 Multi-discplinary approach to cybersecurity
 
Happiest Minds Technologies- ComplianceVigil Solution Overview
Happiest Minds Technologies- ComplianceVigil Solution OverviewHappiest Minds Technologies- ComplianceVigil Solution Overview
Happiest Minds Technologies- ComplianceVigil Solution Overview
 
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat GapRetail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
 
Using a Cognitive Analytic Approach to Enhance Cybersecurity on Oil and Gas O...
Using a Cognitive Analytic Approach to Enhance Cybersecurity on Oil and Gas O...Using a Cognitive Analytic Approach to Enhance Cybersecurity on Oil and Gas O...
Using a Cognitive Analytic Approach to Enhance Cybersecurity on Oil and Gas O...
 
Critical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyCritical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You Buy
 
Retail security-services--client-presentation
Retail security-services--client-presentationRetail security-services--client-presentation
Retail security-services--client-presentation
 
System of security controls
System of security controlsSystem of security controls
System of security controls
 
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 YrsFinto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
 
The Security Challenge: What's Next?
The Security Challenge: What's Next?The Security Challenge: What's Next?
The Security Challenge: What's Next?
 
Vulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyVulnerability Testing Services Case Study
Vulnerability Testing Services Case Study
 
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...
 
2008: Web Application Security Tutorial
2008: Web Application Security Tutorial2008: Web Application Security Tutorial
2008: Web Application Security Tutorial
 
Ivanti Threat Thursday for April 30
Ivanti Threat Thursday for April 30Ivanti Threat Thursday for April 30
Ivanti Threat Thursday for April 30
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
 
A New Approach to Healthcare Security
A New Approach to Healthcare SecurityA New Approach to Healthcare Security
A New Approach to Healthcare Security
 

En vedette

Anti-Phishing Phil: The Design and Evaluation of a Game That Teaches People N...
Anti-Phishing Phil: The Design and Evaluation of a Game That Teaches People N...Anti-Phishing Phil: The Design and Evaluation of a Game That Teaches People N...
Anti-Phishing Phil: The Design and Evaluation of a Game That Teaches People N...Jason Hong
 
Non-Motorized Transport Forum and Mapping Workshop
Non-Motorized Transport Forum and Mapping WorkshopNon-Motorized Transport Forum and Mapping Workshop
Non-Motorized Transport Forum and Mapping WorkshopiBoP Asia
 
Reusable Learning Objects: Designing and Archiving
Reusable Learning Objects: Designing and ArchivingReusable Learning Objects: Designing and Archiving
Reusable Learning Objects: Designing and ArchivingIshan Abeywardena, Ph.D.
 
Moo cs for professional development tcea feb 2015
Moo cs for professional development tcea feb 2015Moo cs for professional development tcea feb 2015
Moo cs for professional development tcea feb 2015Kay Abernathy, Ed.D.
 
UTS Library future service model (with notes)
UTS Library future service model (with notes)UTS Library future service model (with notes)
UTS Library future service model (with notes)Mal Booth
 

En vedette (6)

Anti-Phishing Phil: The Design and Evaluation of a Game That Teaches People N...
Anti-Phishing Phil: The Design and Evaluation of a Game That Teaches People N...Anti-Phishing Phil: The Design and Evaluation of a Game That Teaches People N...
Anti-Phishing Phil: The Design and Evaluation of a Game That Teaches People N...
 
Non-Motorized Transport Forum and Mapping Workshop
Non-Motorized Transport Forum and Mapping WorkshopNon-Motorized Transport Forum and Mapping Workshop
Non-Motorized Transport Forum and Mapping Workshop
 
Data Ownership: Who Owns 'My Data'?
Data Ownership: Who Owns 'My Data'?Data Ownership: Who Owns 'My Data'?
Data Ownership: Who Owns 'My Data'?
 
Reusable Learning Objects: Designing and Archiving
Reusable Learning Objects: Designing and ArchivingReusable Learning Objects: Designing and Archiving
Reusable Learning Objects: Designing and Archiving
 
Moo cs for professional development tcea feb 2015
Moo cs for professional development tcea feb 2015Moo cs for professional development tcea feb 2015
Moo cs for professional development tcea feb 2015
 
UTS Library future service model (with notes)
UTS Library future service model (with notes)UTS Library future service model (with notes)
UTS Library future service model (with notes)
 

Similaire à Cyber Security

Walls of Steel, Doors of Wood - Relevance of Application Security
Walls of Steel, Doors of Wood - Relevance of Application SecurityWalls of Steel, Doors of Wood - Relevance of Application Security
Walls of Steel, Doors of Wood - Relevance of Application SecurityAbdul Jaleel
 
Protecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareProtecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareCloudera, Inc.
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsFrederic Roy-Gobeil, CPA, CGA, M.Tax.
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsSchneider Electric
 
Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16Dave Darnell
 
Zero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital AgeZero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital AgeArnold Antoo
 
Accenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber ResilienceAccenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber Resilienceaccenture
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftOSIsoft, LLC
 
Accenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber ResilienceAccenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber Resilienceaccenture
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)Norm Barber
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSantiago Cavanna
 
MBT Webinar: Does the security of your business data keep you up at night?
MBT Webinar: Does the security of your business data keep you up at night? MBT Webinar: Does the security of your business data keep you up at night?
MBT Webinar: Does the security of your business data keep you up at night? Jorge García
 
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...IRJET Journal
 
IRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear AttacksIRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear AttacksIRJET Journal
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service PresentationWilliam McBorrough
 
Best Practices to Cybersecurity Vulnerability Management,.pdf
Best Practices to Cybersecurity Vulnerability Management,.pdfBest Practices to Cybersecurity Vulnerability Management,.pdf
Best Practices to Cybersecurity Vulnerability Management,.pdfTuan Yang
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfJustinBrown267905
 
Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance EnergyTech2015
 

Similaire à Cyber Security (20)

Walls of Steel, Doors of Wood - Relevance of Application Security
Walls of Steel, Doors of Wood - Relevance of Application SecurityWalls of Steel, Doors of Wood - Relevance of Application Security
Walls of Steel, Doors of Wood - Relevance of Application Security
 
Protecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareProtecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomware
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of Things
 
Zero Trust and Data Security
Zero Trust and Data SecurityZero Trust and Data Security
Zero Trust and Data Security
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutions
 
Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16
 
Zero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital AgeZero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital Age
 
Accenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber ResilienceAccenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber Resilience
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
 
Accenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber ResilienceAccenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber Resilience
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
 
CCA study group
CCA study groupCCA study group
CCA study group
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago Cavanna
 
MBT Webinar: Does the security of your business data keep you up at night?
MBT Webinar: Does the security of your business data keep you up at night? MBT Webinar: Does the security of your business data keep you up at night?
MBT Webinar: Does the security of your business data keep you up at night?
 
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
 
IRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear AttacksIRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear Attacks
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
 
Best Practices to Cybersecurity Vulnerability Management,.pdf
Best Practices to Cybersecurity Vulnerability Management,.pdfBest Practices to Cybersecurity Vulnerability Management,.pdf
Best Practices to Cybersecurity Vulnerability Management,.pdf
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
 
Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance
 

Plus de NC Military Business Center

Fort Bragg Small Business Outreach Event_March 18, 14
Fort Bragg Small Business Outreach Event_March 18, 14Fort Bragg Small Business Outreach Event_March 18, 14
Fort Bragg Small Business Outreach Event_March 18, 14NC Military Business Center
 
FEDCON Summit: Bonding & Surety for Federal Construction Projects
FEDCON Summit: Bonding & Surety for Federal Construction ProjectsFEDCON Summit: Bonding & Surety for Federal Construction Projects
FEDCON Summit: Bonding & Surety for Federal Construction ProjectsNC Military Business Center
 
FEDCON Summit: Change Orders & Contract Disruptions/Delays
FEDCON Summit: Change Orders & Contract Disruptions/DelaysFEDCON Summit: Change Orders & Contract Disruptions/Delays
FEDCON Summit: Change Orders & Contract Disruptions/DelaysNC Military Business Center
 
FEDCON Summit: Change Orders & Contract Disruptions/Delays
FEDCON Summit: Change Orders & Contract Disruptions/DelaysFEDCON Summit: Change Orders & Contract Disruptions/Delays
FEDCON Summit: Change Orders & Contract Disruptions/DelaysNC Military Business Center
 
FEDCON Summit: Department of Transportation Construction Opportunities
FEDCON Summit: Department of Transportation Construction OpportunitiesFEDCON Summit: Department of Transportation Construction Opportunities
FEDCON Summit: Department of Transportation Construction OpportunitiesNC Military Business Center
 
FEDCON Summit: Labor Laws & Affirmative Action for Federal Contracts
FEDCON Summit: Labor Laws & Affirmative Action for Federal ContractsFEDCON Summit: Labor Laws & Affirmative Action for Federal Contracts
FEDCON Summit: Labor Laws & Affirmative Action for Federal ContractsNC Military Business Center
 
FEDCON Summit: Waste and Pollution Reduction Programs, Projects & Industry Ex...
FEDCON Summit: Waste and Pollution Reduction Programs, Projects & Industry Ex...FEDCON Summit: Waste and Pollution Reduction Programs, Projects & Industry Ex...
FEDCON Summit: Waste and Pollution Reduction Programs, Projects & Industry Ex...NC Military Business Center
 
FEDCON Summit: Installation Energy Programs, Projects & Industry Experience
FEDCON Summit: Installation Energy Programs, Projects & Industry ExperienceFEDCON Summit: Installation Energy Programs, Projects & Industry Experience
FEDCON Summit: Installation Energy Programs, Projects & Industry ExperienceNC Military Business Center
 
FEDCON Summit: Water, Wastewater and Stormwater Programs, Projects & Industry...
FEDCON Summit: Water, Wastewater and Stormwater Programs, Projects & Industry...FEDCON Summit: Water, Wastewater and Stormwater Programs, Projects & Industry...
FEDCON Summit: Water, Wastewater and Stormwater Programs, Projects & Industry...NC Military Business Center
 
FEDCON Summit: Environmental Engineering & Remediation Industry Panel
FEDCON Summit: Environmental Engineering & Remediation Industry PanelFEDCON Summit: Environmental Engineering & Remediation Industry Panel
FEDCON Summit: Environmental Engineering & Remediation Industry PanelNC Military Business Center
 
Human/Social Sciences/Cultural & Behavioral Dynamics and Advanced Analytics
Human/Social Sciences/Cultural & Behavioral Dynamics and Advanced AnalyticsHuman/Social Sciences/Cultural & Behavioral Dynamics and Advanced Analytics
Human/Social Sciences/Cultural & Behavioral Dynamics and Advanced AnalyticsNC Military Business Center
 

Plus de NC Military Business Center (20)

Camp Lejeune Small Business Outreach Event
Camp Lejeune Small Business Outreach EventCamp Lejeune Small Business Outreach Event
Camp Lejeune Small Business Outreach Event
 
MCAS Cherry Point Small Business Outreach Event
MCAS Cherry Point Small Business Outreach EventMCAS Cherry Point Small Business Outreach Event
MCAS Cherry Point Small Business Outreach Event
 
Spawar slides
Spawar slidesSpawar slides
Spawar slides
 
Fort Bragg Small Business Outreach Event_March 18, 14
Fort Bragg Small Business Outreach Event_March 18, 14Fort Bragg Small Business Outreach Event_March 18, 14
Fort Bragg Small Business Outreach Event_March 18, 14
 
FEDCON Summit: Bonding & Surety for Federal Construction Projects
FEDCON Summit: Bonding & Surety for Federal Construction ProjectsFEDCON Summit: Bonding & Surety for Federal Construction Projects
FEDCON Summit: Bonding & Surety for Federal Construction Projects
 
FEDCON Summit: Change Orders & Contract Disruptions/Delays
FEDCON Summit: Change Orders & Contract Disruptions/DelaysFEDCON Summit: Change Orders & Contract Disruptions/Delays
FEDCON Summit: Change Orders & Contract Disruptions/Delays
 
FEDCON Summit: Change Orders & Contract Disruptions/Delays
FEDCON Summit: Change Orders & Contract Disruptions/DelaysFEDCON Summit: Change Orders & Contract Disruptions/Delays
FEDCON Summit: Change Orders & Contract Disruptions/Delays
 
FEDCON Summit: Department of Transportation Construction Opportunities
FEDCON Summit: Department of Transportation Construction OpportunitiesFEDCON Summit: Department of Transportation Construction Opportunities
FEDCON Summit: Department of Transportation Construction Opportunities
 
FEDCON Summit: Labor Laws & Affirmative Action for Federal Contracts
FEDCON Summit: Labor Laws & Affirmative Action for Federal ContractsFEDCON Summit: Labor Laws & Affirmative Action for Federal Contracts
FEDCON Summit: Labor Laws & Affirmative Action for Federal Contracts
 
FEDCON Summit: Waste and Pollution Reduction Programs, Projects & Industry Ex...
FEDCON Summit: Waste and Pollution Reduction Programs, Projects & Industry Ex...FEDCON Summit: Waste and Pollution Reduction Programs, Projects & Industry Ex...
FEDCON Summit: Waste and Pollution Reduction Programs, Projects & Industry Ex...
 
FEDCON Summit: Installation Energy Programs, Projects & Industry Experience
FEDCON Summit: Installation Energy Programs, Projects & Industry ExperienceFEDCON Summit: Installation Energy Programs, Projects & Industry Experience
FEDCON Summit: Installation Energy Programs, Projects & Industry Experience
 
FEDCON Summit: Water, Wastewater and Stormwater Programs, Projects & Industry...
FEDCON Summit: Water, Wastewater and Stormwater Programs, Projects & Industry...FEDCON Summit: Water, Wastewater and Stormwater Programs, Projects & Industry...
FEDCON Summit: Water, Wastewater and Stormwater Programs, Projects & Industry...
 
FEDCON Summit: Environmental Engineering & Remediation Industry Panel
FEDCON Summit: Environmental Engineering & Remediation Industry PanelFEDCON Summit: Environmental Engineering & Remediation Industry Panel
FEDCON Summit: Environmental Engineering & Remediation Industry Panel
 
FEDCON Summit: Marine Corps Installations East
FEDCON Summit: Marine Corps Installations EastFEDCON Summit: Marine Corps Installations East
FEDCON Summit: Marine Corps Installations East
 
FEDCON Summit: NCMBC Tools for Contractors
FEDCON Summit: NCMBC Tools for ContractorsFEDCON Summit: NCMBC Tools for Contractors
FEDCON Summit: NCMBC Tools for Contractors
 
FEDCON Summit: Public Private Ventures
FEDCON Summit: Public Private VenturesFEDCON Summit: Public Private Ventures
FEDCON Summit: Public Private Ventures
 
FEDCON Summit: Teaming Arrangements
FEDCON Summit: Teaming ArrangementsFEDCON Summit: Teaming Arrangements
FEDCON Summit: Teaming Arrangements
 
FEDCON Summit: Veterans Affairs
FEDCON Summit: Veterans AffairsFEDCON Summit: Veterans Affairs
FEDCON Summit: Veterans Affairs
 
Medical Technologies
Medical TechnologiesMedical Technologies
Medical Technologies
 
Human/Social Sciences/Cultural & Behavioral Dynamics and Advanced Analytics
Human/Social Sciences/Cultural & Behavioral Dynamics and Advanced AnalyticsHuman/Social Sciences/Cultural & Behavioral Dynamics and Advanced Analytics
Human/Social Sciences/Cultural & Behavioral Dynamics and Advanced Analytics
 

Dernier

Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsYoss Cohen
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Karmanjay Verma
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Jeffrey Haguewood
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Français Patch Tuesday - Avril
Français Patch Tuesday - AvrilFrançais Patch Tuesday - Avril
Français Patch Tuesday - AvrilIvanti
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFMichael Gough
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Nikki Chapple
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 

Dernier (20)

Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platforms
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Français Patch Tuesday - Avril
Français Patch Tuesday - AvrilFrançais Patch Tuesday - Avril
Français Patch Tuesday - Avril
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDF
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 

Cyber Security

  • 1. North Carolina Federal Advanced Technologies Symposium May 9, 2013 Cyber Security Panel Hosted by: Office of Senator Richard Burr NC Military Business Center NC Military Foundation Institute for Defense & Business University of North Carolina System Reception Sponsor: Bronze Sponsor:
  • 2. Science of Security Configuration Analytics– Know your network! Professor Ehab Al-Shaer, Director of Cyber Defense Network Assurability Center University of North Carolina Charlotte ealshaer@uncc.edu www.cyberdna.uncc.edu Cyber Security Panel NC Federal Advanced technologies Symposium May 9, 2013
  • 3. About CyberDNA Research • Vision: Making Cybersecurity measurable, provable and usable • Research Team: – Multi-disciplinary team of 11 faculty members and 35 PhD students Areas – security, networking, data mining, economics, power and control, behavior science/HCI. • Active Funding: > 8.2M from NSF, NSA, ARO, AFRL, DHS, Bank of America, BB&T, DTCC, Duke Energy, Cisco, Intel • Prof. Al-Shaer was featured as Subject Matter Expert (SME) in Security Configuration Analytics and Automation [DoD Information Assurance Newsletter, 2011]. • NSF Industry/University Collaborative Research Center on (Security) Configuration Analytics and Automation (CCAA) Lead by UNC Charlotte and George Mason Univ – Members include NSA, NIST, Bank of America, BB&T, DTCC, MITRE, Northrop Grumman • Tools and Technology transfer projects for Cisco, Intel, Duke Energy, .. • Research Long and solid track record on many areas particularly – Security configuration analytics (verification and synthesis) for enterprise, cloud and smart grid – Security metrics and risk estimation – Agility and resiliency for Cyber, clouds and Cyber-Physical
  • 4. 4 Why Cybersecurity is Hard? • Attack Detection (alone) Can not Deliver – Learning-based = Knowing the attack OR Knowing the Deviation Threshold  Easily Evadable – Insufficient for attack avoidance • Cybersecurity = Attack Prediction • Attack Prediction is a Hard Problem – Learning-driven vs. Prediction-driven • Feature selection vs. information integration & analytics – Scalable and accurate models of both system behavior and adversary strategies. – System complexity and adversary sophistication are increasingly growing.
  • 5. 6 The Need for Security Configuration Analytics • December 2008 report from Center for Strategic and International Studies "Securing Cyberspace for the 44th Presidency" states that "inappropriate or incorrect security configurations were responsible for 80% of Air Force vulnerabilities" • May 2008 report from Juniper Networks "What is Behind Network Downtime?" states that "human factors [are] responsible for 50 to 80 percent of network device outages". • BT/Gartner[3] has estimated that 65% of cyber-attacks exploit systems with vulnerabilities introduced by configuration errors. The Yankee Group[4] has noted that configuration errors cause 62% of network downtime. • A 2009 report[5] by BT and Huawei discusses how service outages caused by “the human factor” themselves cause more than 30% of network outages, “a major concern for carriers and causes big revenue-loss.
  • 6. 7 Ehab Al-Shaer , Science of Security Configuration Complexity of Configuration Analytics • Scale – thousands of devices and million of rules. • Distributed, yet Inter-dependent Devices and Rules. • Policy semantic gap -- device roles (e.g., Rule-order semantics vs. recursive ACL, single-trigger vs. multi-trigger policies) • Multi-level and multi-layer Network configuration – Overlay networks, groups/domains in cloud (e.g., EC2/VPC, security groups) – network access control, OS, application level etc • Dynamic changes in networks and threat • Security design trade-offs: risk vs mission, usability, cost, and performance [Source: Security Analytics and Automation, DoD IA Newsletter, Oct 2011] 7
  • 7. 8 NSF Center on Security Analytics & Automation– The Big Picture ANALYTICS Predominately Manual Management Practices Defensive Actions Logs and Sensor Data Security Requirements & Policies Enterprise Polices & Configuration MEASURABLE SECURITY Analytics & Automation AUTOMATED DEFENSE RESILIENCY COST-EFFECTIVE HARDENING Analytics Automation Integration action System
  • 8. 9 Policy Violation Threat Prediction Risk Estimation ConfigChecker: Security Analytics Magic Box [ICNP09] Risk Mitigation Attack DiagnosisAgility Actions Resiliency measure ConfigChecker
  • 9. Golden Technology Services © 2012 Golden Technology Services _________________________________________________________________________ GOLDEN TECHNOLOGY SERVICES Delivering Business Impact with Advanced Technology Solutions
  • 10. _________________________________________________________________________ © 2012 Golden Technology Services Cyber attacks are increasingly impacting both private sector and U.S. government information networks and systems May 15, 2013 11 Sources: IBM Corporation,PwC
  • 11. _________________________________________________________________________ © 2012 Golden Technology Services Proof points: Targeted attacks shake businesses & governments May 15, 2013 12 Source: IBM Corp., 2011 Year-EndX-Force Trend and Risk Report.
  • 12. _________________________________________________________________________ © 2012 Golden Technology Services The Power of Cyber Knowing • Everyday, cyber thieves run their reconnaissance on networks and servers, and afterward know more about an organization’s IT security than they do. • How Can The Cyber Thieves Know More About a Business IT Security Than They Do? – They are super intelligent and their IT budget is significantly larger than most. – They know there is limited to no risk of them ever being identified or caught. – Their goal is simple - either to steal money, intellectual assets or both. – Due to advertising, they have developed a work-around to bypass all of the readily available and known IT security products and services - yes, all of them. – Lastly, some of the security solutions used are manufactured or developed by some of the nation states. • The Market Needs To Add an Additional Security Layer to Their Network – The market needs a service that is innovative in dealing with these very aggressive cyber actors and threats. – The market needs a tool that is 100% designed, manufactured and assembled with integrity and trust in the US. – The market needs a tool and service that are not advertised. This is important for US national security, and financial services companies and others.
  • 13. _________________________________________________________________________ © 2012 Golden Technology Services Yet most U.S. SMBs can improve their online security practices May 15, 2013 14 Source: “2012 National Small Business Study,” National Cyber Security Alliance, Sept. 2012
  • 14. _________________________________________________________________________ © 2012 Golden Technology Services What Are You Going To Do? 1) “Online Cyber Training” - training, risk assessment and policy management tools that prepare employees for the current threat environment. • More than 50% of all security incidents originate from successful social engineering efforts. • Training, testing and tracking the workforce offers a high return on investment. • Training can be completed from anywhere, anytime, including at home. • The FTC Safeguards Rule mandates the creation of a Written Information Security Program (WISP). • Service contains a comprehensive library of Data Security Policies that can be used as templates for the development of an organization’s WISP. 2) Cyber Detection - automatically detects and terminates threats that evade signatures and blacklists. • Can find previously unknown and hidden threats within hours of deployment. • Monitors servers, desktops, iOS and Android devices – employees & contractors • Provides an alert so action can be taken immediately. 3) IP Address Blocking - blocks 3 million vetted and blacklisted IP addresses • Blocks bi-directionally – Web Portal for each appliance to see what is being blocked • Newly identified and vetted IP addresses are sent up to 4 times an hour to customer
  • 15. CYBER SECURITY • Intrusion detection - focused on protecting against attack vectors based on software or hardware vulnerabilities. • Firewall configuration, patch management, anti-virus technologies and intrusion detection log monitoring. • Masquerade Threat - access through the use of stolen, highjacked or forged logon IDs and passwords. • Security gaps in programs, or through bypassing the authentication mechanism. • Insider Threat – valid credentials or permissions (bad actor) @2013 SECURBORATION, INC. COMPANY PROPRIETARY 16
  • 16. INTRUSION DETECTION • Traditional protection technologies have matured • National Vulnerability Database (http://nvd.nist.gov) vulnerability disclosures across the industry in 1H2011 were down 37.1% from 2H2008[1] • Class of tools • e-Sentinel • Host Based Security System @2013 SECURBORATION, INC. COMPANY PROPRIETARY 17 VulnerabilityDisclosures
  • 17. MASQUERADE THREAT • Recent trends indicate that stealing or forging log-in credentials has become a common methodology for achieving unauthorized access • User Behavior • Identify deviations from expected behavior • Access to applications over system access • Utilize logs to monitor behavior • New class of tools INSIDER THREAT • Bad Actors • User Behavior (threshold of bad behavior) • Identify deviations from expected behavior • Access to applications over system access • Access to Multifunction-Printers • Utilize logs to monitor behavior • New class of tools THREAT CLASSES @2013 SECURBORATION, INC. COMPANY PROPRIETARY 18 C-SAMS
  • 18. CYBER SEMANTIC ACCOUNT MANAGEMENT SERVICE (CSAMS) @2013 SECURBORATION, INC. COMPANY PROPRIETARY 19 • Cyber Defense • Insider / Masquerade Threat Focus: Identity theft; Exfiltration; Credential amplification • Whitelist Oriented: When are there observable shifts in agent behavior from “normal” to “abnormal”? • Model-driven: • Enterprise Architecture • Business Process Modeling • Business Process Execution Language (BPEL) • Web Ontology Language (OWL)
  • 19. CYBER SEMANTIC ACCOUNT MANAGEMENT SERVICE (CSAMS) @2013 SECURBORATION, INC. COMPANY PROPRIETARY 20 Actual Behaviors GCCC Merged Log Files End User Publishes Events That Indicate Behavior Outside the Norm Detects Anomalous Behavior by Comparing Expected vs. Actual Legacy Future CSV
  • 20. 21 About Signalscape Signalscape offers security solutions and vulnerability analysis to the DoD, Law Enforcement, and Cyber Communities. Our expertise ranges from miniature single board wireless solutions for one-time mission critical applications to fully integrated wireless surveillance, tracking, and data transport platforms. Specifically, Signalscape specializes in Audio and Video Wireless Data Detection, Collection, and Transport including: • Wireless Sensors (Audio and Video) • Mobility Systems (Cellular Data Transport) • Software Defined Radio (SDR) Visit us at www.signalscape.com.
  • 21. Challenges Facing DoD, LE, and Cyber Communities Two issues facing DoD, Law Enforcement, and Cyber Communities include: • Detecting and analyzing audio and video streams embedded in massive amounts of wireless network traffic (both encrypted and unencrypted) • Deploying Smart, Wireless, Audio and Video Sensors Signalscape provides Wireless Video Collection and Analytics capabilities both from a defensive and offensive point of view. Specifically two key wireless video topics of interest to the IC and Cyber Community: • Video Detection and Vulnerability Analysis • Video Sensing 22
  • 22. Video Detection and Vulnerability Analysis • Packet payload inspection (if unencrypted) • Detection of encrypted audio and video streams via traffic pattern classification algorithms based on machine learning • Network vulnerability analysis Video Sensing • Smart Sensing – On-board analytics and storage • Power Management – Avoid transmission until sensor detects event of interest • Utilize time-shifted transmission • Post collection egress (log in and download data at less than real- time speeds) 23
  • 23. 24 Wireless Audio/Video Security Platform (WASP) • Wireless (900 MHz, 2.4 GHz, cellular) retrieval of HD video, HD images and audio • On-board ARM processor plus DSP to run application software in parallel with video algorithms. • CDMA/GSM Wireless Link • 2.4GHz Wireless Link (higher data rates, third-party product integration) • IP Gateway Infrastructure • DVR Capability (record, playback on-demand) • Camera analytics (face detection, wide dynamic range processing, motion detection)
  • 24. WASP System Architecture 25 RF to IP Video GatewayWASP Ethernet INTERNET Satellite Internet Terminal LoS IP Radio Local User Remote Users
  • 25. OnWire Capabilities  Area of Expertise • Identity, Access, & Federation Management • Federated Trust (SAML/XSLT/ Web Services) • 2-Factor Authentication • PKI / Smart Cards  Professional Services • Systems Engineering • Development • Integration Services • Consulting Services 26  Cloud Services • Federated SSO • Identity and Access Management as a Service • Consulting Services
  • 26. Gartner’s Nexus of “Forces”  The Gartner Group has coined the phrase Nexus of Forces to refer to four technology areas having a profound affect on IT  The forces of the Nexus are intertwined to create a user-driven ecosystem of modern computing. • Information is the context for delivering enhanced social and mobile experiences. • Mobile devices are a platform for effective social networking and new ways of work. • Social links people to their work and each other in new and unexpected ways. • Cloud enables delivery of information and functionality to users and systems.  User adoption of these technologies means that IT organizations must adapt their security posture to account for these forces. 27
  • 27. Security Implications 28 Diagram Source: Gartner (June 2012) Callouts Source: OnWire (April 2013) Data Leakage (corp data migrates to public cloud) Data Leakage (data cached on device) Unpredictable platform type (user chooses platform) Unpredictable app behavior (user owns the app) Blurring of work and private data Privacy Issues Attack Target – honeypot of data Attack Target – honeypot of data Access Control Issues Phishing target (large number of unsophisticated users)
  • 28. IAM Vision & OnWire’s Expertise Key Themes Standardized IAM and Compliance Expand IAM vertically to provide identity & access intelligence to the business; Integrate horizontally to enforce user access to data, app, and infrastructure Secure Cloud, Mobile, Social Collaboration Enhance context-based access control for cloud, mobile and SaaS access, as well as integration with proofing, validation & authentication solutions IAM Governance and Insider Threat Continue to develop Privileged Identity Management (PIM) capabilities and enhanced Identity and Role management
  • 29. IBM Security Products  Information • InfoSphere Guardium - Activity monitor, data encryption, vulnerability assessment • Key Lifecycle Manager (managing signing and encryption keys)  Mobile • Endpoint Management (Endpoint Manager for Mobile Devices) • IAM (Access Manager for Cloud and Mobile, Identity Manager, Federated Identity Manager) • Network Security (Mobile Connect)  Cloud • Application Security (Rational Appscan, Policy Manager) • Infrastructure Security (Host Protection, Virtual Server Protection, Network Intrusion Prevention System) • IAM (Access Manager for Cloud and Mobile, Identity Manager, Federated Identity Manager)  Social • QRadar Security Intelligence Platform • Application Security (Rational Appscan, Policy Manager) • IAM (Access Manager, Identity Manager, Federated Identity Manager) 30
  • 30. Cyber Security: A New Domain for Intelligence Analysis MARK VASUDEVAN PRESIDENT VSI
  • 31. About VSi • VSi, based in Winston-Salem, NC, specializes in web-based intelligence and analytical software applications • VSi’s MIDaS™, (U.S. Patents Nos. 6,877,006; 7,167,864; 7,720,861; 8,082,268) is a browser-based, ad-hoc, multi- dimensional analytical tool for users and analysts • VSi’s patents have been licensed to IBM and Oracle • VSi’s MIDaS™ links distributed disparate data sources to produce user-defined analytical views • VSi’s MIDaS™ uses a fine-grained security model that implements multi-level security capability • VSi’s MIDaS™ delivers its capabilities without writing any code
  • 32. IDENTIFICATION OF PROBLEM – NOT A NEW PROBLEM ; A NEW DOMAIN • Analysis – Multi-INT Fusion: HUMINT, COMINT, IMINT ELINT • Perimeter Security, Sensors – Access,Authentication and Authorization • Pattern Analysis – Intrusion patterns • Inference capability • Information dissemination – Reporting • Strategic andTactical/Imminent threat assessment • Collaboration – Functional Defeat Models • Design of intrusion protection and vulnerability minimization
  • 33. NEW TECHNOLOGY – MULTI-USE • Re-use existing resources to develop new intelligence • Analysis tools should be flexible to be used for multiple purposes – Intelligence Analysis; Target Centric Analysis; Threat Assessment • Data source agnostic - Structured and Unstructured data fusion • Collaborative “System-of-Systems” model development • Analysis should focus on the requirements of the Analyst and Field Operator – Flexible ; Near RealTime • Comprehensive visualization – Geospatial; Network-graph; temporal; 3D • Multi-level security - Information dissemination; Reporting
  • 34. WHAT DOES VSi’s MIDaS™ LOOK LIKE?