SlideShare une entreprise Scribd logo

Coordinating EU cybersecurity through information sharing

DFLABS SRL
DFLABS SRL

The document discusses the need for improved coordination and information sharing between EU member states to address targeted and persistent cyber attacks. It outlines common tactics used by adversaries, including initial weak intrusions, spreading malware to undermine security monitoring and exfiltrate data while avoiding detection. The document argues for consolidating knowledge of adversaries across borders, establishing standards for secure information exchange, and properly containing incidents to effectively eradicate intruders.

Technologie
1  sur  12
Télécharger pour lire hors ligne
Targeted  &  Persistent  Attacks  in  EU   The  need  for  coordination  and  information   sharing  between  EU  member  states     Eoghan  Casey,  CASEITE  &  DFLabs  
      2012  Copyright  Eoghan  Casey  and  CASEITE   All  rights  reserved   Attack  against  RSA  -­‐  http://blogs.rsa.com/rivner/anatomy-­‐of-­‐an-­‐attack/  
Large-­‐scale  credit  card  robbery   Initial  intrusion  into  regional  office   Weak  internal  security   Servers  with  well  known  vulnerabilities   Unrestricted  access  to  central  servers   Weak  egress  filtering   File  transfer  permitted  from  central  servers  to  Internet   Weak  system  monitoring   Intruder  created  account  on  central  server   Installed  sniffer  on  server   Sniffer  and  file  transfer  log  files  created  on  server   Weak  network  monitoring   Network  level  logs  recorded  file  transfers   2012  Copyright  Eoghan  Casey  and  CASEITE   All  rights  reserved  
Coordinated  Linux  intrusions   Attacker's  modus  operandi   Repository  of  stolen  SSH  credentials   Privilege  escalation   LKM  rootkits  &  tricky  backdoor   Trojanized  SSH  daemon   Resilient  C2  and  exfiltration   Destroy  digital  evidence   2012  Copyright  Eoghan  Casey  and  CASEITE   All  rights  reserved  
Common  mistakes   1)  Underestimating  the  adversary   Too  quick  to  containment     2)  Lack  of  evidence   No  centralized  logging  infrastructure     3)  Improper  evidence  handling   Update  antivirus  and  scan  compromised  systems   2012  Copyright  Eoghan  Casey  and  CASEITE   All  rights  reserved  
Know  the  adversary   Initial  intrusions  not  necessarily  sophisticated   Spear  phishing  or  vulnerable  servers   Once  inside,  they  spread  virulently   Inside  out  attacks  circumvent  egress  filtering   Undermine  security  monitoring   File  system  tampering   Multiple  malware  versions  with  custom  packing   Blend  in  with  normal  traffic   Encrypt  command,  control  and  exfiltration   2012  Copyright  Eoghan  Casey  and  CASEITE   All  rights  reserved  
Quick  containment?   Current  recommendation:   When an incident has been detected and analyzed, it is important to contain it before the spread of the incident overwhelms resources or the damage increases. Most incidents require containment, so it is important to consider it early in the course of handling each incident. - NIST SP800-61 Rev. 1, page 3-19 2012  Copyright  Eoghan  Casey  and  CASEITE   All  rights  reserved  
Managing  a  data  breach  effectively     2012  Copyright  Eoghan  Casey  and  CASEITE   All  rights  reserved  
Effective  eradication  of  intruders     2012  Copyright  Eoghan  Casey  and  CASEITE   All  rights  reserved  
Cross  border  information  sharing   Same  attackers  targeting     all  EU  member  states  >         Consolidate  adversary  knowledge   Trust  between  government  and  industry   Confidentiality  agreements   More  information  to  examine  the  better   Sanitize  what  is  shared  to  protect  victims   2012  Copyright  Eoghan  Casey  and  CASEITE   All  rights  reserved  
Information  exchange  standards   STIX    Structured  Threat  Information  eXpression   2012  Copyright  Eoghan  Casey  and  CASEITE   All  rights  reserved   STIX  Whitepaper  -­‐  makingsecuritymeasurable.mitre.org/docs/STIX-­‐Whitepaper.pdf  
Get  in  touch     Eoghan  Casey   DFLabs  Business  Partner   Risk  Prevention  and  Response  Co-­‐manager     eoghan@dflabs.com   www.dflabs.com   2012  Copyright  Eoghan  Casey  and  CASEITE   All  rights  reserved  

Recommandé

Tech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of RansomwareTech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of Ransomwaremarketingunitrends
 
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy [Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy Nur Shiqim Chok
 
Cisco Connect 2018 Indonesia - Cybersecurity Strategy
Cisco Connect 2018 Indonesia - Cybersecurity StrategyCisco Connect 2018 Indonesia - Cybersecurity Strategy
Cisco Connect 2018 Indonesia - Cybersecurity StrategyNetworkCollaborators
 
Why Your Approach To Data Governance Needs a Major Update
Why Your Approach To Data Governance Needs a Major UpdateWhy Your Approach To Data Governance Needs a Major Update
Why Your Approach To Data Governance Needs a Major UpdateDelphix
 
Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?marketingunitrends
 
The GDPR and What It Means to You
The GDPR and What It Means to YouThe GDPR and What It Means to You
The GDPR and What It Means to YouDelphix
 
Darren Rawlinson - Dealing with Cyber Threats in an Enterprise Mobile World
Darren Rawlinson - Dealing with Cyber Threats in an Enterprise Mobile WorldDarren Rawlinson - Dealing with Cyber Threats in an Enterprise Mobile World
Darren Rawlinson - Dealing with Cyber Threats in an Enterprise Mobile WorldPro Mrkt
 
Skyport Systems: Securing Your Biggest IT Risk: Microsoft Active Directory
Skyport Systems: Securing Your Biggest IT Risk: Microsoft Active DirectorySkyport Systems: Securing Your Biggest IT Risk: Microsoft Active Directory
Skyport Systems: Securing Your Biggest IT Risk: Microsoft Active DirectorySkyport Systems
 

Recommandé

Tech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of RansomwareTech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of Ransomwaremarketingunitrends
 
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy [Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy Nur Shiqim Chok
 
Cisco Connect 2018 Indonesia - Cybersecurity Strategy
Cisco Connect 2018 Indonesia - Cybersecurity StrategyCisco Connect 2018 Indonesia - Cybersecurity Strategy
Cisco Connect 2018 Indonesia - Cybersecurity StrategyNetworkCollaborators
 
Why Your Approach To Data Governance Needs a Major Update
Why Your Approach To Data Governance Needs a Major UpdateWhy Your Approach To Data Governance Needs a Major Update
Why Your Approach To Data Governance Needs a Major UpdateDelphix
 
Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?marketingunitrends
 
The GDPR and What It Means to You
The GDPR and What It Means to YouThe GDPR and What It Means to You
The GDPR and What It Means to YouDelphix
 
Darren Rawlinson - Dealing with Cyber Threats in an Enterprise Mobile World
Darren Rawlinson - Dealing with Cyber Threats in an Enterprise Mobile WorldDarren Rawlinson - Dealing with Cyber Threats in an Enterprise Mobile World
Darren Rawlinson - Dealing with Cyber Threats in an Enterprise Mobile WorldPro Mrkt
 
Skyport Systems: Securing Your Biggest IT Risk: Microsoft Active Directory
Skyport Systems: Securing Your Biggest IT Risk: Microsoft Active DirectorySkyport Systems: Securing Your Biggest IT Risk: Microsoft Active Directory
Skyport Systems: Securing Your Biggest IT Risk: Microsoft Active DirectorySkyport Systems
 
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]Stanton Viaduc
 
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...NetworkCollaborators
 
Cisco Connect 2018 Malaysia - Cisco services-guiding your digital transformation
Cisco Connect 2018 Malaysia - Cisco services-guiding your digital transformationCisco Connect 2018 Malaysia - Cisco services-guiding your digital transformation
Cisco Connect 2018 Malaysia - Cisco services-guiding your digital transformationNetworkCollaborators
 
David Tweedale - The Evolving Threat Landscape #midscybersecurity18
David Tweedale - The Evolving Threat Landscape #midscybersecurity18David Tweedale - The Evolving Threat Landscape #midscybersecurity18
David Tweedale - The Evolving Threat Landscape #midscybersecurity18Pro Mrkt
 
Cisco Connect 2018 Vietnam - data center transformation - vn
Cisco Connect 2018 Vietnam - data center transformation - vnCisco Connect 2018 Vietnam - data center transformation - vn
Cisco Connect 2018 Vietnam - data center transformation - vnNetworkCollaborators
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyVeriato
 
Security Kung Fu: SIEM Solutions
Security Kung Fu: SIEM SolutionsSecurity Kung Fu: SIEM Solutions
Security Kung Fu: SIEM SolutionsJoshua Berman
 
Moving Beyond Zero Trust
Moving Beyond Zero TrustMoving Beyond Zero Trust
Moving Beyond Zero Trustscoopnewsgroup
 
A Migration Imperative With Windows 10 Enterprise-Grade Security
A Migration Imperative With Windows 10 Enterprise-Grade SecurityA Migration Imperative With Windows 10 Enterprise-Grade Security
A Migration Imperative With Windows 10 Enterprise-Grade SecurityInsight
 
Cyber supply chain risk management ASDE
Cyber supply chain risk management ASDECyber supply chain risk management ASDE
Cyber supply chain risk management ASDEEngineers Australia
 
Security Kung Fu: Firewall Logs
Security Kung Fu: Firewall LogsSecurity Kung Fu: Firewall Logs
Security Kung Fu: Firewall LogsJoshua Berman
 
Cisco Connect 2018 Philippines - security keynote
Cisco Connect 2018 Philippines - security keynoteCisco Connect 2018 Philippines - security keynote
Cisco Connect 2018 Philippines - security keynoteNetworkCollaborators
 
GDPR Fast Start
GDPR Fast StartGDPR Fast Start
GDPR Fast StartDelphix
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterSpanning Cloud Apps
 
Security Kung Fu: SIEM Solutions
Security Kung Fu: SIEM SolutionsSecurity Kung Fu: SIEM Solutions
Security Kung Fu: SIEM SolutionsSolarWinds
 
Protect your company from zero-day with ESET Dynamic Threat Defense
Protect your company from zero-day with ESET Dynamic Threat DefenseProtect your company from zero-day with ESET Dynamic Threat Defense
Protect your company from zero-day with ESET Dynamic Threat DefenseAdi Saputra
 
Security is Hard
Security is HardSecurity is Hard
Security is HardMike Murray
 
Applying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksApplying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksFidelis Cybersecurity
 
Adam Maskatiya - Redefining Security in an Era of Digital Transformation #mid...
Adam Maskatiya - Redefining Security in an Era of Digital Transformation #mid...Adam Maskatiya - Redefining Security in an Era of Digital Transformation #mid...
Adam Maskatiya - Redefining Security in an Era of Digital Transformation #mid...Pro Mrkt
 
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Shawn Tuma
 
Information Security Intelligence
Information Security IntelligenceInformation Security Intelligence
Information Security Intelligenceguest08b1e6
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4Rodrigo Piovesana
 

Contenu connexe

Tendances

HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]Stanton Viaduc
 
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...NetworkCollaborators
 
Cisco Connect 2018 Malaysia - Cisco services-guiding your digital transformation
Cisco Connect 2018 Malaysia - Cisco services-guiding your digital transformationCisco Connect 2018 Malaysia - Cisco services-guiding your digital transformation
Cisco Connect 2018 Malaysia - Cisco services-guiding your digital transformationNetworkCollaborators
 
David Tweedale - The Evolving Threat Landscape #midscybersecurity18
David Tweedale - The Evolving Threat Landscape #midscybersecurity18David Tweedale - The Evolving Threat Landscape #midscybersecurity18
David Tweedale - The Evolving Threat Landscape #midscybersecurity18Pro Mrkt
 
Cisco Connect 2018 Vietnam - data center transformation - vn
Cisco Connect 2018 Vietnam - data center transformation - vnCisco Connect 2018 Vietnam - data center transformation - vn
Cisco Connect 2018 Vietnam - data center transformation - vnNetworkCollaborators
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyVeriato
 
Security Kung Fu: SIEM Solutions
Security Kung Fu: SIEM SolutionsSecurity Kung Fu: SIEM Solutions
Security Kung Fu: SIEM SolutionsJoshua Berman
 
Moving Beyond Zero Trust
Moving Beyond Zero TrustMoving Beyond Zero Trust
Moving Beyond Zero Trustscoopnewsgroup
 
A Migration Imperative With Windows 10 Enterprise-Grade Security
A Migration Imperative With Windows 10 Enterprise-Grade SecurityA Migration Imperative With Windows 10 Enterprise-Grade Security
A Migration Imperative With Windows 10 Enterprise-Grade SecurityInsight
 
Cyber supply chain risk management ASDE
Cyber supply chain risk management ASDECyber supply chain risk management ASDE
Cyber supply chain risk management ASDEEngineers Australia
 
Security Kung Fu: Firewall Logs
Security Kung Fu: Firewall LogsSecurity Kung Fu: Firewall Logs
Security Kung Fu: Firewall LogsJoshua Berman
 
Cisco Connect 2018 Philippines - security keynote
Cisco Connect 2018 Philippines - security keynoteCisco Connect 2018 Philippines - security keynote
Cisco Connect 2018 Philippines - security keynoteNetworkCollaborators
 
GDPR Fast Start
GDPR Fast StartGDPR Fast Start
GDPR Fast StartDelphix
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterSpanning Cloud Apps
 
Security Kung Fu: SIEM Solutions
Security Kung Fu: SIEM SolutionsSecurity Kung Fu: SIEM Solutions
Security Kung Fu: SIEM SolutionsSolarWinds
 
Protect your company from zero-day with ESET Dynamic Threat Defense
Protect your company from zero-day with ESET Dynamic Threat DefenseProtect your company from zero-day with ESET Dynamic Threat Defense
Protect your company from zero-day with ESET Dynamic Threat DefenseAdi Saputra
 
Security is Hard
Security is HardSecurity is Hard
Security is HardMike Murray
 
Applying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksApplying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksFidelis Cybersecurity
 
Adam Maskatiya - Redefining Security in an Era of Digital Transformation #mid...
Adam Maskatiya - Redefining Security in an Era of Digital Transformation #mid...Adam Maskatiya - Redefining Security in an Era of Digital Transformation #mid...
Adam Maskatiya - Redefining Security in an Era of Digital Transformation #mid...Pro Mrkt
 
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Shawn Tuma
 

Tendances (20)

HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
HOW TO PREPARE FOR AND RESPOND TO A RANDSOMWARE ATTACK [Webinar]
 
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...
 
Cisco Connect 2018 Malaysia - Cisco services-guiding your digital transformation
Cisco Connect 2018 Malaysia - Cisco services-guiding your digital transformationCisco Connect 2018 Malaysia - Cisco services-guiding your digital transformation
Cisco Connect 2018 Malaysia - Cisco services-guiding your digital transformation
 
David Tweedale - The Evolving Threat Landscape #midscybersecurity18
David Tweedale - The Evolving Threat Landscape #midscybersecurity18David Tweedale - The Evolving Threat Landscape #midscybersecurity18
David Tweedale - The Evolving Threat Landscape #midscybersecurity18
 
Cisco Connect 2018 Vietnam - data center transformation - vn
Cisco Connect 2018 Vietnam - data center transformation - vnCisco Connect 2018 Vietnam - data center transformation - vn
Cisco Connect 2018 Vietnam - data center transformation - vn
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your Company
 
Security Kung Fu: SIEM Solutions
Security Kung Fu: SIEM SolutionsSecurity Kung Fu: SIEM Solutions
Security Kung Fu: SIEM Solutions
 
Moving Beyond Zero Trust
Moving Beyond Zero TrustMoving Beyond Zero Trust
Moving Beyond Zero Trust
 
A Migration Imperative With Windows 10 Enterprise-Grade Security
A Migration Imperative With Windows 10 Enterprise-Grade SecurityA Migration Imperative With Windows 10 Enterprise-Grade Security
A Migration Imperative With Windows 10 Enterprise-Grade Security
 
Cyber supply chain risk management ASDE
Cyber supply chain risk management ASDECyber supply chain risk management ASDE
Cyber supply chain risk management ASDE
 
Security Kung Fu: Firewall Logs
Security Kung Fu: Firewall LogsSecurity Kung Fu: Firewall Logs
Security Kung Fu: Firewall Logs
 
Cisco Connect 2018 Philippines - security keynote
Cisco Connect 2018 Philippines - security keynoteCisco Connect 2018 Philippines - security keynote
Cisco Connect 2018 Philippines - security keynote
 
GDPR Fast Start
GDPR Fast StartGDPR Fast Start
GDPR Fast Start
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware Disaster
 
Security Kung Fu: SIEM Solutions
Security Kung Fu: SIEM SolutionsSecurity Kung Fu: SIEM Solutions
Security Kung Fu: SIEM Solutions
 
Protect your company from zero-day with ESET Dynamic Threat Defense
Protect your company from zero-day with ESET Dynamic Threat DefenseProtect your company from zero-day with ESET Dynamic Threat Defense
Protect your company from zero-day with ESET Dynamic Threat Defense
 
Security is Hard
Security is HardSecurity is Hard
Security is Hard
 
Applying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksApplying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacks
 
Adam Maskatiya - Redefining Security in an Era of Digital Transformation #mid...
Adam Maskatiya - Redefining Security in an Era of Digital Transformation #mid...Adam Maskatiya - Redefining Security in an Era of Digital Transformation #mid...
Adam Maskatiya - Redefining Security in an Era of Digital Transformation #mid...
 
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
 

Similaire à Coordinating EU cybersecurity through information sharing

Information Security Intelligence
Information Security IntelligenceInformation Security Intelligence
Information Security Intelligenceguest08b1e6
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4Rodrigo Piovesana
 
From SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardFrom SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardEMC
 
RSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APTRSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APTLee Wei Yeong
 
Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesAdvanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesNetIQ
 
Anti evasion and evader - klaus majewski
Anti evasion and evader - klaus majewskiAnti evasion and evader - klaus majewski
Anti evasion and evader - klaus majewskiStonesoft
 
Transforming the Way People Work with Syncplicity
Transforming the Way People Work with SyncplicityTransforming the Way People Work with Syncplicity
Transforming the Way People Work with SyncplicityEMC
 
F5 Networks- Why Legacy Security Systems are Failing
F5 Networks- Why Legacy Security Systems are FailingF5 Networks- Why Legacy Security Systems are Failing
F5 Networks- Why Legacy Security Systems are FailingGlobal Business Events
 
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...Skybox Security
 
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.Tripwire
 
Ciso Platform Webcast: Shadow Data Exposed
Ciso Platform Webcast: Shadow Data ExposedCiso Platform Webcast: Shadow Data Exposed
Ciso Platform Webcast: Shadow Data ExposedElastica Inc.
 
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02Mark Evertz
 
Best practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWSBest practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWSAmazon Web Services
 
Closing Often Missed Vulnerabilities that Leave Organizations Exposed
Closing Often Missed Vulnerabilities that Leave Organizations ExposedClosing Often Missed Vulnerabilities that Leave Organizations Exposed
Closing Often Missed Vulnerabilities that Leave Organizations ExposedSecPod
 
Closing Often Missed Vulnerabilities that Leave Organizations Exposed
Closing Often Missed Vulnerabilities that Leave Organizations ExposedClosing Often Missed Vulnerabilities that Leave Organizations Exposed
Closing Often Missed Vulnerabilities that Leave Organizations ExposedSecPod
 
Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurAnticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurSkybox Security
 
Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Mukesh Chinta
 

Similaire à Coordinating EU cybersecurity through information sharing (20)

Information Security Intelligence
Information Security IntelligenceInformation Security Intelligence
Information Security Intelligence
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4
 
From SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardFrom SIEM to SA: The Path Forward
From SIEM to SA: The Path Forward
 
Cases
CasesCases
Cases
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
RSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APTRSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APT
 
Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesAdvanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective Responses
 
Anti evasion and evader - klaus majewski
Anti evasion and evader - klaus majewskiAnti evasion and evader - klaus majewski
Anti evasion and evader - klaus majewski
 
Transforming the Way People Work with Syncplicity
Transforming the Way People Work with SyncplicityTransforming the Way People Work with Syncplicity
Transforming the Way People Work with Syncplicity
 
F5 Networks- Why Legacy Security Systems are Failing
F5 Networks- Why Legacy Security Systems are FailingF5 Networks- Why Legacy Security Systems are Failing
F5 Networks- Why Legacy Security Systems are Failing
 
NetWitness
NetWitnessNetWitness
NetWitness
 
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
 
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
 
Ciso Platform Webcast: Shadow Data Exposed
Ciso Platform Webcast: Shadow Data ExposedCiso Platform Webcast: Shadow Data Exposed
Ciso Platform Webcast: Shadow Data Exposed
 
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
 
Best practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWSBest practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWS
 
Closing Often Missed Vulnerabilities that Leave Organizations Exposed
Closing Often Missed Vulnerabilities that Leave Organizations ExposedClosing Often Missed Vulnerabilities that Leave Organizations Exposed
Closing Often Missed Vulnerabilities that Leave Organizations Exposed
 
Closing Often Missed Vulnerabilities that Leave Organizations Exposed
Closing Often Missed Vulnerabilities that Leave Organizations ExposedClosing Often Missed Vulnerabilities that Leave Organizations Exposed
Closing Often Missed Vulnerabilities that Leave Organizations Exposed
 
Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurAnticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
 
Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6
 

Plus de DFLABS SRL

Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...DFLABS SRL
 
DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFLABS SRL
 
Data Breach e Garante Privacy: Problemi e soluzioni
Data Breach e Garante Privacy: Problemi e soluzioniData Breach e Garante Privacy: Problemi e soluzioni
Data Breach e Garante Privacy: Problemi e soluzioniDFLABS SRL
 
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...DFLABS SRL
 
L'evoluzione degli standard in materia di computer forensics e investigazioni...
L'evoluzione degli standard in materia di computer forensics e investigazioni...L'evoluzione degli standard in materia di computer forensics e investigazioni...
L'evoluzione degli standard in materia di computer forensics e investigazioni...DFLABS SRL
 
Dario Forte's SST Moscow Keynote
Dario Forte's SST Moscow KeynoteDario Forte's SST Moscow Keynote
Dario Forte's SST Moscow KeynoteDFLABS SRL
 
Using Encase for Digital Investigations
Using Encase for Digital InvestigationsUsing Encase for Digital Investigations
Using Encase for Digital InvestigationsDFLABS SRL
 
Iamers presentation-2
Iamers presentation-2Iamers presentation-2
Iamers presentation-2DFLABS SRL
 
IT GRC, Soluzioni Risk Management
IT GRC, Soluzioni Risk ManagementIT GRC, Soluzioni Risk Management
IT GRC, Soluzioni Risk ManagementDFLABS SRL
 
PTK 1.0 official presentation
PTK 1.0 official presentationPTK 1.0 official presentation
PTK 1.0 official presentationDFLABS SRL
 

Plus de DFLABS SRL (11)

Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
 
DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013
 
Data Breach e Garante Privacy: Problemi e soluzioni
Data Breach e Garante Privacy: Problemi e soluzioniData Breach e Garante Privacy: Problemi e soluzioni
Data Breach e Garante Privacy: Problemi e soluzioni
 
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
 
L'evoluzione degli standard in materia di computer forensics e investigazioni...
L'evoluzione degli standard in materia di computer forensics e investigazioni...L'evoluzione degli standard in materia di computer forensics e investigazioni...
L'evoluzione degli standard in materia di computer forensics e investigazioni...
 
Dario Forte's SST Moscow Keynote
Dario Forte's SST Moscow KeynoteDario Forte's SST Moscow Keynote
Dario Forte's SST Moscow Keynote
 
Using Encase for Digital Investigations
Using Encase for Digital InvestigationsUsing Encase for Digital Investigations
Using Encase for Digital Investigations
 
Iamers presentation-2
Iamers presentation-2Iamers presentation-2
Iamers presentation-2
 
IT GRC, Soluzioni Risk Management
IT GRC, Soluzioni Risk ManagementIT GRC, Soluzioni Risk Management
IT GRC, Soluzioni Risk Management
 
PTK 1.0 official presentation
PTK 1.0 official presentationPTK 1.0 official presentation
PTK 1.0 official presentation
 
D.I.M.
D.I.M.D.I.M.
D.I.M.
 

Dernier

Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 

Dernier (20)

Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 

Coordinating EU cybersecurity through information sharing

  • 1. Targeted  &  Persistent  Attacks  in  EU   The  need  for  coordination  and  information   sharing  between  EU  member  states     Eoghan  Casey,  CASEITE  &  DFLabs  
  • 2.       2012  Copyright  Eoghan  Casey  and  CASEITE   All  rights  reserved   Attack  against  RSA  -­‐  http://blogs.rsa.com/rivner/anatomy-­‐of-­‐an-­‐attack/  
  • 3. Large-­‐scale  credit  card  robbery   Initial  intrusion  into  regional  office   Weak  internal  security   Servers  with  well  known  vulnerabilities   Unrestricted  access  to  central  servers   Weak  egress  filtering   File  transfer  permitted  from  central  servers  to  Internet   Weak  system  monitoring   Intruder  created  account  on  central  server   Installed  sniffer  on  server   Sniffer  and  file  transfer  log  files  created  on  server   Weak  network  monitoring   Network  level  logs  recorded  file  transfers   2012  Copyright  Eoghan  Casey  and  CASEITE   All  rights  reserved  
  • 4. Coordinated  Linux  intrusions   Attacker's  modus  operandi   Repository  of  stolen  SSH  credentials   Privilege  escalation   LKM  rootkits  &  tricky  backdoor   Trojanized  SSH  daemon   Resilient  C2  and  exfiltration   Destroy  digital  evidence   2012  Copyright  Eoghan  Casey  and  CASEITE   All  rights  reserved  
  • 5. Common  mistakes   1)  Underestimating  the  adversary   Too  quick  to  containment     2)  Lack  of  evidence   No  centralized  logging  infrastructure     3)  Improper  evidence  handling   Update  antivirus  and  scan  compromised  systems   2012  Copyright  Eoghan  Casey  and  CASEITE   All  rights  reserved  
  • 6. Know  the  adversary   Initial  intrusions  not  necessarily  sophisticated   Spear  phishing  or  vulnerable  servers   Once  inside,  they  spread  virulently   Inside  out  attacks  circumvent  egress  filtering   Undermine  security  monitoring   File  system  tampering   Multiple  malware  versions  with  custom  packing   Blend  in  with  normal  traffic   Encrypt  command,  control  and  exfiltration   2012  Copyright  Eoghan  Casey  and  CASEITE   All  rights  reserved  
  • 7. Quick  containment?   Current  recommendation:   When an incident has been detected and analyzed, it is important to contain it before the spread of the incident overwhelms resources or the damage increases. Most incidents require containment, so it is important to consider it early in the course of handling each incident. - NIST SP800-61 Rev. 1, page 3-19 2012  Copyright  Eoghan  Casey  and  CASEITE   All  rights  reserved  
  • 8. Managing  a  data  breach  effectively     2012  Copyright  Eoghan  Casey  and  CASEITE   All  rights  reserved  
  • 9. Effective  eradication  of  intruders     2012  Copyright  Eoghan  Casey  and  CASEITE   All  rights  reserved  
  • 10. Cross  border  information  sharing   Same  attackers  targeting     all  EU  member  states  >         Consolidate  adversary  knowledge   Trust  between  government  and  industry   Confidentiality  agreements   More  information  to  examine  the  better   Sanitize  what  is  shared  to  protect  victims   2012  Copyright  Eoghan  Casey  and  CASEITE   All  rights  reserved  
  • 11. Information  exchange  standards   STIX    Structured  Threat  Information  eXpression   2012  Copyright  Eoghan  Casey  and  CASEITE   All  rights  reserved   STIX  Whitepaper  -­‐  makingsecuritymeasurable.mitre.org/docs/STIX-­‐Whitepaper.pdf  
  • 12. Get  in  touch     Eoghan  Casey   DFLabs  Business  Partner   Risk  Prevention  and  Response  Co-­‐manager     eoghan@dflabs.com   www.dflabs.com   2012  Copyright  Eoghan  Casey  and  CASEITE   All  rights  reserved