SlideShare a Scribd company logo

The Threat Landscape & Network Security Measures

Carl B. Forkner, Ph.D.
Carl B. Forkner, Ph.D.

Presentation to the Sunland Village Computer Club, Mesa, AZ, February 1, 2016.

Presentations & Public Speaking
1 of 31
Download to read offline
The Threat Landscape and Network Security Measures Carl B. Forkner February 1, 2016
2 Table of Contents • Key Terms • The Threat Landscape • Network Security Overview • Evolving and Future Threats
The Threat Landscape
4 Key Terms – Threat Landscape • APT. An advanced persistent threat (APT) is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time. • Bot. An Internet bot, also known as web robot, WWW robot or simply bot, is a software application that runs automated tasks over the Internet. • Botnet. A botnet is a number of Internet computers that, although their owners are unaware of it, have been set up to forward transmissions (including spam or viruses) to other computers on the Internet. • Drive-by. A drive-by download refers to the unintentional download of a virus or malicious software (malware) onto your computer or mobile device.
5 Key Terms – Threat Landscape • Exploit. A piece of software, a segment of data, or command sequences that takes advantage of a vulnerability. • IP/PII. – IP stands for Internet Protocol, or the address commonly used to identify the origin of an Internet transmission—i.e. your device. – PII stand for Personally Identifiable Information, sometimes referred to as “Personal Information,” and is often equated in the U.S. with “Privacy Act Information.” • Malvertising. This is the use of online advertising to spread malware. • Phishing. Phishing is an e-mail fraud method in which the perpetrator sends out legitimate-looking email in an attempt to gather personal and financial information from recipients.
6 Key Terms – Threat Landscape  Malware. Malware is a category of malicious code that includes viruses, worms, and Trojan horses. – Virus. A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are man-made. – Worm. Computer worms are similar to viruses in that they replicate functional copies of themselves and can cause the same type of damage. – Trojan. A Trojan [horse] is a program in which malicious or harmful code is contained inside apparently harmless programming or data in such a way that it can get control and do its chosen form of damage.  Vulnerability. In cybersecurity, vulnerability refers to a flaw in a system that can leave it open to attack.  Watering Hole. The watering hole attack vector targets specific groups by infecting frequently visited websites with malware.
7 The Threat Landscape • The crime: – Motive, means, & opportunity • The technology explosion and a dynamic environment – The changing face of threat vectors
8 The Network Security Battle of Minds Hacker Economy and Threats Network Security Measures
9 Who are the Adversaries? • Previously – Attention seekers – Many independent operators • New breed of attackers – Hacktivists – Profit-driven organizations – Rival corporations – Rival political nations
10 Ranking Adversaries Threat Level User Error Users making Mistakes with Configurations which May bring down Critical resources. Opportunistic Hacker These attackers are usually script kiddies driven by notoriety. Insider Threat Attackers are typically disgruntled employees or ex-employees. Hacktivists Attackers that have a political agenda to get awareness to it. Organized Crime Mass attacks driven by profits. Government Sponsored Targeted attacks and well funded.
11 What are they after? • IP • Credit Cards & Bank info • PII – Identity Theft • Shutting down competition • Being the next Wikileaks • Pure profit • Sabotage
12 The Threat Landscape • Some Major Victims of Network Attacks:
13 The Threat Landscape • Threat Timeline Fall 2013 – Summer 2014
14 Organizational Hacking is Rewarding • Education, training, tech support • Storefront for hacking tools and zero-day exploits/vulnerability information • Sophisticated organization • Backed by governments • Supported by currencies like Bitcoin • Obscured through anonymous networks like TOR
15 Anatomy of an Attack ‒ The Hacker’s Point of View Keep safe  Evade Law Enforcement and defensive measures Define target Sub – Zero Research target Build or acquire tools Test tools + detection Planning Obtain credentials Strengthen footprint Initial intrusion getting in Outbound communication initiated Exfiltration data Initial intrusion getting out Survive
16 Hacker Tools • 2 main categories: – Social Engineering – The Techniques – Malware – The Tools
17 The Tactics of Social Engineering • Spoofing • Phishing • Spearphishing • Watering-hole attacks • Phone calls/impersonation • Malvertising • Social Media links
18 Known Viruses still a threat • Why are the old threats still working? – Unpatched systems – Old OS versions – AV/AM signatures not up to date – SMB, small agencies, partnerships lack security spending but still have network access
19 Kill Chain of an Advanced Attack Spam Malicious Email Malicious Web SiteExploit Malware Command & Control Center Bots leverage legitimate IPs to pass filters. Social engineering fools recipient. Malicious Link Bot Commands & Stolen Data Fast flux stays ahead of web ratings Zero-days pass IPS Compression passes static inspection Encrypted communication passes controls
20 What are Advanced Persistent Threats? • Advanced Persistent Threats (APT): – Advanced – Using organized methods, advanced malware, buying new tools constantly developed – Persistant – Patient. Using more social engineering combined with malware and codes. Can be very hard to detect, with expectation of higher payout. – Threats – Designed to attack deliberate choices of target. Credit Card info is cheap on the open market. Now it’s about business disruption, massive identity theft, IP theft, spying.
21 The Advanced Threat Lifecycle - The Threat Manufacturing/Recon - Scan for vulnerabilities - Design phishing emails - Customize malware, etc. Command & Control 1 4 Threat Vector Extraction - Package - Encrypt - Stage 2 3 Communication - Hide, Disarm - Spread, Move, Morph - Dial Home, Update - Recruit - Gather targeted data Infection ….and more
Network Security Measures
23 What is Security Intelligence? • Security intelligence represents knowledge of the identity, capabilities, and intentions of adversaries engaged in espionage, sabotage, or theft online. – Operational (indicators of compromise) – Tactical (understanding tools, techniques) – Strategic (understanding who, their intentions, and capabilities)
24 Key Terms – Security Measures • Application Control. Protects managed desktops and servers by allowing or denying network application usage based on policies established by the network administrator. • ATP. Advanced Threat Protection (ATP) relies on multiple types of security technologies, products, and research -- each performing a different role, but still working seamlessly together -- to combat these attacks from network core through the end user device. • AV/AM. Anti-virus/Anti-malware (AV/AM) provides protection against virus, spyware, and other types of malware attacks in web, email, and file transfer traffic. • IPS. Intrusion Prevention System (IPS) protects networks from threats by blocking attacks that might otherwise take advantage of network vulnerabilities and unpatched systems.
25 Key Terms – Security Measures • NGFW. Next Generation Firewall (NGFW) provides multi-layered capabilities in a single firewall appliance instead of a basic firewall and numerous add-on appliances. • Sandboxing. Sandboxing refers to the process of analyzing files in a contained environment to identify previously unknown threats and uncovering the full attack lifecycle. • UTM. Unified Threat Management (UTM) provides administrators the ability to monitor and manage multiple, complex security-related applications and infrastructure components through a single management console. • Web Filtering. Web Filtering technology gives you the option to explicitly allow web sites, or to pass web traffic uninspected both to and from known-good web sites in order to accelerate traffic flows.
26 Infrastructure Evolution • From closed networks to a global information grid • From governments & corporations to housewives & children 1985 1991 1995 2000 200219991967 200719761970 2004 2013-14
27 The Importance of Network Security • What is Modern Network Security? – User-friendly, but threat-unfriendly – Unique…just like everyone else – Maintaining balance, relevance, and Unified Threat Management (UTM) Servers Users VPN IPS Firewall AV/AM Anti-Spam URL Filters Legacy Systems UTM Servers
28 The Advanced Threat Lifecycle – Breaking the Chain Pt 1 Manufacturing/Recon - Scan for vulnerabilities - Design phishing emails - Customize malware, etc. Command & Control 1 4 Threat Vector Extraction - Package - Encrypt - Stage 2 3 Communication - Hide, Disarm - Spread, Move, Morph - Dial Home, Update - Recruit - Gather targeted data Infection
29 The Advanced Threat Lifecycle – Breaking the Chain Pt 2 Manufacturing/Recon - Scan for vulnerabilities - Design phishing emails - Customize malware, etc. Command & Control 1 4 Threat Vector Extraction - Package - Encrypt - Stage 2 3 Communication - Hide, Disarm - Spread, Move, Morph - Dial Home, Update - Recruit - Gather targeted data Infection
30 Advanced Threats • Hackers: – Experience + Resources = Increased Threats • Advanced Threat Protection • Advanced Threats & Network Security: Continuing Evolution…
The Threat Landscape and Network Security Measures Carl B. Forkner February 1, 2016

Recommended

April2010 Sales Presentation
April2010 Sales PresentationApril2010 Sales Presentation
April2010 Sales Presentation
toddpruner
 
Measure Network Performance, Security and Stability
Measure Network Performance, Security and StabilityMeasure Network Performance, Security and Stability
Measure Network Performance, Security and Stability
Ixia
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
AlienVault
 
Planning your 2015 Threat Detection Strategy with a Broken Crystal Ball
Planning your 2015 Threat Detection Strategy with a Broken Crystal BallPlanning your 2015 Threat Detection Strategy with a Broken Crystal Ball
Planning your 2015 Threat Detection Strategy with a Broken Crystal Ball
AlienVault
 
Is Antivirus (AV) Dead or Just Missing in Action
Is Antivirus (AV) Dead or Just Missing in Action Is Antivirus (AV) Dead or Just Missing in Action
Is Antivirus (AV) Dead or Just Missing in Action
Quick Heal Technologies Ltd.
 
Endpoint Security Evasion
Endpoint Security EvasionEndpoint Security Evasion
Endpoint Security Evasion
Invincea, Inc.
 
What is Next-Generation Antivirus?
What is Next-Generation Antivirus?What is Next-Generation Antivirus?
What is Next-Generation Antivirus?
Ryan G. Murphy
 
Alienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworks
AlienVault
 

Recommended

April2010 Sales Presentation
April2010 Sales PresentationApril2010 Sales Presentation
April2010 Sales Presentation
toddpruner
 
Measure Network Performance, Security and Stability
Measure Network Performance, Security and StabilityMeasure Network Performance, Security and Stability
Measure Network Performance, Security and Stability
Ixia
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
AlienVault
 
Planning your 2015 Threat Detection Strategy with a Broken Crystal Ball
Planning your 2015 Threat Detection Strategy with a Broken Crystal BallPlanning your 2015 Threat Detection Strategy with a Broken Crystal Ball
Planning your 2015 Threat Detection Strategy with a Broken Crystal Ball
AlienVault
 
Is Antivirus (AV) Dead or Just Missing in Action
Is Antivirus (AV) Dead or Just Missing in Action Is Antivirus (AV) Dead or Just Missing in Action
Is Antivirus (AV) Dead or Just Missing in Action
Quick Heal Technologies Ltd.
 
Endpoint Security Evasion
Endpoint Security EvasionEndpoint Security Evasion
Endpoint Security Evasion
Invincea, Inc.
 
What is Next-Generation Antivirus?
What is Next-Generation Antivirus?What is Next-Generation Antivirus?
What is Next-Generation Antivirus?
Ryan G. Murphy
 
Alienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworks
AlienVault
 
Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USM
AlienVault
 
Safeguard your enterprise against ransomware
Safeguard your enterprise against ransomwareSafeguard your enterprise against ransomware
Safeguard your enterprise against ransomware
Quick Heal Technologies Ltd.
 
Demo how to detect ransomware with alien vault usm_gg
Demo how to detect ransomware with alien vault usm_ggDemo how to detect ransomware with alien vault usm_gg
Demo how to detect ransomware with alien vault usm_gg
AlienVault
 
The Importance of Endpoint Protection - Featuring SEP 14
The Importance of Endpoint Protection - Featuring SEP 14The Importance of Endpoint Protection - Featuring SEP 14
The Importance of Endpoint Protection - Featuring SEP 14
Aventis Systems, Inc.
 
FireEye
FireEyeFireEye
FireEye
gigamon
 
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
Risk Analysis Consultants, s.r.o.
 
Top Tactics For Endpoint Security
Top Tactics For Endpoint SecurityTop Tactics For Endpoint Security
Top Tactics For Endpoint Security
Ben Rothke
 
How Malware Works
How Malware WorksHow Malware Works
How Malware Works
AlienVault
 
Stop Attacks and Mitigate Risk with Application and Device Control
Stop Attacks and Mitigate Risk with Application and Device ControlStop Attacks and Mitigate Risk with Application and Device Control
Stop Attacks and Mitigate Risk with Application and Device Control
Symantec
 
Panda Security - Endpoint Protection
Panda Security - Endpoint ProtectionPanda Security - Endpoint Protection
Panda Security - Endpoint Protection
Panda Security
 
Webinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWebinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on Utilities
WPICPE
 
Creating Correlation Rules in AlienVault
Creating Correlation Rules in AlienVaultCreating Correlation Rules in AlienVault
Creating Correlation Rules in AlienVault
AlienVault
 
Next Generation Firewalls
Next Generation FirewallsNext Generation Firewalls
Next Generation Firewalls
The eCore Group
 
Insider Threats: How to Spot Trouble Quickly with AlienVault USM
Insider Threats: How to Spot Trouble Quickly with AlienVault USMInsider Threats: How to Spot Trouble Quickly with AlienVault USM
Insider Threats: How to Spot Trouble Quickly with AlienVault USM
AlienVault
 
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsMeltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
AlienVault
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVault
AlienVault
 
Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response
Adrian Guthrie
 
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
James Anderson
 
Incident response live demo slides final
Incident response live demo slides finalIncident response live demo slides final
Incident response live demo slides final
AlienVault
 
Info Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentInfo Security - Vulnerability Assessment
Info Security - Vulnerability Assessment
Marcelo Silva
 
M1_Introduction_IPS.pptx
M1_Introduction_IPS.pptxM1_Introduction_IPS.pptx
M1_Introduction_IPS.pptx
imanuelantoniussohir
 
Lecture 7---Security (1).pdf
Lecture 7---Security (1).pdfLecture 7---Security (1).pdf
Lecture 7---Security (1).pdf
ZeeshanMajeed15
 

More Related Content

What's hot

Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USM
AlienVault
 
Demo how to detect ransomware with alien vault usm_gg
Demo how to detect ransomware with alien vault usm_ggDemo how to detect ransomware with alien vault usm_gg
Demo how to detect ransomware with alien vault usm_gg
AlienVault
 
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
Risk Analysis Consultants, s.r.o.
 
How Malware Works
How Malware WorksHow Malware Works
How Malware Works
AlienVault
 
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsMeltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
AlienVault
 
Incident response live demo slides final
Incident response live demo slides finalIncident response live demo slides final
Incident response live demo slides final
AlienVault
 

What's hot (20)

Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USM
 
Safeguard your enterprise against ransomware
Safeguard your enterprise against ransomwareSafeguard your enterprise against ransomware
Safeguard your enterprise against ransomware
 
Demo how to detect ransomware with alien vault usm_gg
Demo how to detect ransomware with alien vault usm_ggDemo how to detect ransomware with alien vault usm_gg
Demo how to detect ransomware with alien vault usm_gg
 
The Importance of Endpoint Protection - Featuring SEP 14
The Importance of Endpoint Protection - Featuring SEP 14The Importance of Endpoint Protection - Featuring SEP 14
The Importance of Endpoint Protection - Featuring SEP 14
 
FireEye
FireEyeFireEye
FireEye
 
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
 
Top Tactics For Endpoint Security
Top Tactics For Endpoint SecurityTop Tactics For Endpoint Security
Top Tactics For Endpoint Security
 
How Malware Works
How Malware WorksHow Malware Works
How Malware Works
 
Stop Attacks and Mitigate Risk with Application and Device Control
Stop Attacks and Mitigate Risk with Application and Device ControlStop Attacks and Mitigate Risk with Application and Device Control
Stop Attacks and Mitigate Risk with Application and Device Control
 
Panda Security - Endpoint Protection
Panda Security - Endpoint ProtectionPanda Security - Endpoint Protection
Panda Security - Endpoint Protection
 
Webinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWebinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on Utilities
 
Creating Correlation Rules in AlienVault
Creating Correlation Rules in AlienVaultCreating Correlation Rules in AlienVault
Creating Correlation Rules in AlienVault
 
Next Generation Firewalls
Next Generation FirewallsNext Generation Firewalls
Next Generation Firewalls
 
Insider Threats: How to Spot Trouble Quickly with AlienVault USM
Insider Threats: How to Spot Trouble Quickly with AlienVault USMInsider Threats: How to Spot Trouble Quickly with AlienVault USM
Insider Threats: How to Spot Trouble Quickly with AlienVault USM
 
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsMeltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVault
 
Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response
 
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
 
Incident response live demo slides final
Incident response live demo slides finalIncident response live demo slides final
Incident response live demo slides final
 
Info Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentInfo Security - Vulnerability Assessment
Info Security - Vulnerability Assessment
 

Similar to The Threat Landscape & Network Security Measures

LIS3353 SP12 Week 9
LIS3353 SP12 Week 9LIS3353 SP12 Week 9
LIS3353 SP12 Week 9
Amanda Case
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat Landscape
Aaron White
 
Lecture 3 Security terminologies.pdf
Lecture 3 Security terminologies.pdfLecture 3 Security terminologies.pdf
Lecture 3 Security terminologies.pdf
AsmaaLafi1
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdf
ssuser4237d4
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdf
ssuser4237d4
 
Types-of-Cyber-Attacks-E-book.pdf
Types-of-Cyber-Attacks-E-book.pdfTypes-of-Cyber-Attacks-E-book.pdf
Types-of-Cyber-Attacks-E-book.pdf
ANUSREEASHOK5
 

Similar to The Threat Landscape & Network Security Measures (20)

M1_Introduction_IPS.pptx
M1_Introduction_IPS.pptxM1_Introduction_IPS.pptx
M1_Introduction_IPS.pptx
 
Lecture 7---Security (1).pdf
Lecture 7---Security (1).pdfLecture 7---Security (1).pdf
Lecture 7---Security (1).pdf
 
Materi Keamanan Siber Prinsip Keamanan Jaringan.pptx
Materi Keamanan Siber Prinsip Keamanan Jaringan.pptxMateri Keamanan Siber Prinsip Keamanan Jaringan.pptx
Materi Keamanan Siber Prinsip Keamanan Jaringan.pptx
 
LIS3353 SP12 Week 9
LIS3353 SP12 Week 9LIS3353 SP12 Week 9
LIS3353 SP12 Week 9
 
Orientation 28 sep education purpose only.pptx
Orientation 28 sep education purpose only.pptxOrientation 28 sep education purpose only.pptx
Orientation 28 sep education purpose only.pptx
 
Cyber Security: A Hands on review
Cyber Security: A Hands on reviewCyber Security: A Hands on review
Cyber Security: A Hands on review
 
Cyber security
Cyber securityCyber security
Cyber security
 
Web hacking 1.0
Web hacking 1.0Web hacking 1.0
Web hacking 1.0
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat Landscape
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptx
 
CyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topicCyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topic
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
 
Cyber security # Lec 1
Cyber security # Lec 1Cyber security # Lec 1
Cyber security # Lec 1
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptx
 
Lecture 3 Security terminologies.pdf
Lecture 3 Security terminologies.pdfLecture 3 Security terminologies.pdf
Lecture 3 Security terminologies.pdf
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APT
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdf
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdf
 
Types-of-Cyber-Attacks-E-book.pdf
Types-of-Cyber-Attacks-E-book.pdfTypes-of-Cyber-Attacks-E-book.pdf
Types-of-Cyber-Attacks-E-book.pdf
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganised
 

More from Carl B. Forkner, Ph.D.

More from Carl B. Forkner, Ph.D. (20)

Dynamic Worldwide Training Consultants (DWWTC) Company Profile
Dynamic Worldwide Training Consultants (DWWTC) Company ProfileDynamic Worldwide Training Consultants (DWWTC) Company Profile
Dynamic Worldwide Training Consultants (DWWTC) Company Profile
 
Dynamic Worldwide Training Consultants - Fall 2017
Dynamic Worldwide Training Consultants - Fall 2017Dynamic Worldwide Training Consultants - Fall 2017
Dynamic Worldwide Training Consultants - Fall 2017
 
What's New in Social Media...and What it Means to Your Career
What's New in Social Media...and What it Means to Your CareerWhat's New in Social Media...and What it Means to Your Career
What's New in Social Media...and What it Means to Your Career
 
What's New in Social Sedia and What it Means to Your Career
What's New in Social Sedia and What it Means to Your CareerWhat's New in Social Sedia and What it Means to Your Career
What's New in Social Sedia and What it Means to Your Career
 
Social Media Job Search
Social Media Job SearchSocial Media Job Search
Social Media Job Search
 
Operation Enduring Freedom
Operation Enduring FreedomOperation Enduring Freedom
Operation Enduring Freedom
 
Social Media: Your Job Search Secret Weapon
Social Media: Your Job Search Secret WeaponSocial Media: Your Job Search Secret Weapon
Social Media: Your Job Search Secret Weapon
 
LinkedIn for Business
LinkedIn for BusinessLinkedIn for Business
LinkedIn for Business
 
Social Media Security: What to Watch out for...
Social Media Security: What to Watch out for...Social Media Security: What to Watch out for...
Social Media Security: What to Watch out for...
 
The Social Media Job Search
The Social Media Job SearchThe Social Media Job Search
The Social Media Job Search
 
Linked in seminar for asu hh humphrey fellows (sep 8 2014)
Linked in seminar for asu hh humphrey fellows (sep 8 2014)Linked in seminar for asu hh humphrey fellows (sep 8 2014)
Linked in seminar for asu hh humphrey fellows (sep 8 2014)
 
Creating & Optimizing your LinkedIn Presence
Creating & Optimizing your LinkedIn PresenceCreating & Optimizing your LinkedIn Presence
Creating & Optimizing your LinkedIn Presence
 
Organizing for Dissertation Success
Organizing for Dissertation SuccessOrganizing for Dissertation Success
Organizing for Dissertation Success
 
National Defense, International Security, & Globalization in the Post-Cold Wa...
National Defense, International Security, & Globalization in the Post-Cold Wa...National Defense, International Security, & Globalization in the Post-Cold Wa...
National Defense, International Security, & Globalization in the Post-Cold Wa...
 
LInkedIn & More for Networking & Job Searches
LInkedIn & More for Networking & Job SearchesLInkedIn & More for Networking & Job Searches
LInkedIn & More for Networking & Job Searches
 
Social Media Security: What to Watch out for...
Social Media Security: What to Watch out for...Social Media Security: What to Watch out for...
Social Media Security: What to Watch out for...
 
Promoting Your Future with LinkedIn
Promoting Your Future with LinkedInPromoting Your Future with LinkedIn
Promoting Your Future with LinkedIn
 
Social Media Job Search
Social Media Job SearchSocial Media Job Search
Social Media Job Search
 
Linked in Seminar for ASU H.H.Humphrey Fellows (Sep 14 2015)
Linked in Seminar for ASU H.H.Humphrey Fellows (Sep 14 2015)Linked in Seminar for ASU H.H.Humphrey Fellows (Sep 14 2015)
Linked in Seminar for ASU H.H.Humphrey Fellows (Sep 14 2015)
 
Success through Networking
Success through NetworkingSuccess through Networking
Success through Networking
 

Recently uploaded

Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoUncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac Folorunso
Kayode Fayemi
 
Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verified
Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verifiedSector 62, Noida Call girls :8448380779 Noida Escorts | 100% verified
Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verified
Delhi Call girls
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New Nigeria
Kayode Fayemi
 
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
amilabibi1
 
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Delhi Call girls
 
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxChiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
raffaeleoman
 

Recently uploaded (18)

Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoUncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac Folorunso
 
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdfAWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
 
Digital collaboration with Microsoft 365 as extension of Drupal
Digital collaboration with Microsoft 365 as extension of DrupalDigital collaboration with Microsoft 365 as extension of Drupal
Digital collaboration with Microsoft 365 as extension of Drupal
 
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510
 
My Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle BaileyMy Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle Bailey
 
Causes of poverty in France presentation.pptx
Causes of poverty in France presentation.pptxCauses of poverty in France presentation.pptx
Causes of poverty in France presentation.pptx
 
Aesthetic Colaba Mumbai Cst Call girls 📞 7738631006 Grant road Call Girls ❤️-...
Aesthetic Colaba Mumbai Cst Call girls 📞 7738631006 Grant road Call Girls ❤️-...Aesthetic Colaba Mumbai Cst Call girls 📞 7738631006 Grant road Call Girls ❤️-...
Aesthetic Colaba Mumbai Cst Call girls 📞 7738631006 Grant road Call Girls ❤️-...
 
Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verified
Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verifiedSector 62, Noida Call girls :8448380779 Noida Escorts | 100% verified
Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verified
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New Nigeria
 
Dreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video TreatmentDreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video Treatment
 
Report Writing Webinar Training
Report Writing Webinar TrainingReport Writing Webinar Training
Report Writing Webinar Training
 
Dreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio IIIDreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio III
 
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdfThe workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
 
ICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdfICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdf
 
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
 
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
 
lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.
 
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxChiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
 

The Threat Landscape & Network Security Measures

  • 1. The Threat Landscape and Network Security Measures Carl B. Forkner February 1, 2016
  • 2. 2 Table of Contents • Key Terms • The Threat Landscape • Network Security Overview • Evolving and Future Threats
  • 4. 4 Key Terms – Threat Landscape • APT. An advanced persistent threat (APT) is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time. • Bot. An Internet bot, also known as web robot, WWW robot or simply bot, is a software application that runs automated tasks over the Internet. • Botnet. A botnet is a number of Internet computers that, although their owners are unaware of it, have been set up to forward transmissions (including spam or viruses) to other computers on the Internet. • Drive-by. A drive-by download refers to the unintentional download of a virus or malicious software (malware) onto your computer or mobile device.
  • 5. 5 Key Terms – Threat Landscape • Exploit. A piece of software, a segment of data, or command sequences that takes advantage of a vulnerability. • IP/PII. – IP stands for Internet Protocol, or the address commonly used to identify the origin of an Internet transmission—i.e. your device. – PII stand for Personally Identifiable Information, sometimes referred to as “Personal Information,” and is often equated in the U.S. with “Privacy Act Information.” • Malvertising. This is the use of online advertising to spread malware. • Phishing. Phishing is an e-mail fraud method in which the perpetrator sends out legitimate-looking email in an attempt to gather personal and financial information from recipients.
  • 6. 6 Key Terms – Threat Landscape  Malware. Malware is a category of malicious code that includes viruses, worms, and Trojan horses. – Virus. A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are man-made. – Worm. Computer worms are similar to viruses in that they replicate functional copies of themselves and can cause the same type of damage. – Trojan. A Trojan [horse] is a program in which malicious or harmful code is contained inside apparently harmless programming or data in such a way that it can get control and do its chosen form of damage.  Vulnerability. In cybersecurity, vulnerability refers to a flaw in a system that can leave it open to attack.  Watering Hole. The watering hole attack vector targets specific groups by infecting frequently visited websites with malware.
  • 7. 7 The Threat Landscape • The crime: – Motive, means, & opportunity • The technology explosion and a dynamic environment – The changing face of threat vectors
  • 8. 8 The Network Security Battle of Minds Hacker Economy and Threats Network Security Measures
  • 9. 9 Who are the Adversaries? • Previously – Attention seekers – Many independent operators • New breed of attackers – Hacktivists – Profit-driven organizations – Rival corporations – Rival political nations
  • 10. 10 Ranking Adversaries Threat Level User Error Users making Mistakes with Configurations which May bring down Critical resources. Opportunistic Hacker These attackers are usually script kiddies driven by notoriety. Insider Threat Attackers are typically disgruntled employees or ex-employees. Hacktivists Attackers that have a political agenda to get awareness to it. Organized Crime Mass attacks driven by profits. Government Sponsored Targeted attacks and well funded.
  • 11. 11 What are they after? • IP • Credit Cards & Bank info • PII – Identity Theft • Shutting down competition • Being the next Wikileaks • Pure profit • Sabotage
  • 12. 12 The Threat Landscape • Some Major Victims of Network Attacks:
  • 13. 13 The Threat Landscape • Threat Timeline Fall 2013 – Summer 2014
  • 14. 14 Organizational Hacking is Rewarding • Education, training, tech support • Storefront for hacking tools and zero-day exploits/vulnerability information • Sophisticated organization • Backed by governments • Supported by currencies like Bitcoin • Obscured through anonymous networks like TOR
  • 15. 15 Anatomy of an Attack ‒ The Hacker’s Point of View Keep safe  Evade Law Enforcement and defensive measures Define target Sub – Zero Research target Build or acquire tools Test tools + detection Planning Obtain credentials Strengthen footprint Initial intrusion getting in Outbound communication initiated Exfiltration data Initial intrusion getting out Survive
  • 16. 16 Hacker Tools • 2 main categories: – Social Engineering – The Techniques – Malware – The Tools
  • 17. 17 The Tactics of Social Engineering • Spoofing • Phishing • Spearphishing • Watering-hole attacks • Phone calls/impersonation • Malvertising • Social Media links
  • 18. 18 Known Viruses still a threat • Why are the old threats still working? – Unpatched systems – Old OS versions – AV/AM signatures not up to date – SMB, small agencies, partnerships lack security spending but still have network access
  • 19. 19 Kill Chain of an Advanced Attack Spam Malicious Email Malicious Web SiteExploit Malware Command & Control Center Bots leverage legitimate IPs to pass filters. Social engineering fools recipient. Malicious Link Bot Commands & Stolen Data Fast flux stays ahead of web ratings Zero-days pass IPS Compression passes static inspection Encrypted communication passes controls
  • 20. 20 What are Advanced Persistent Threats? • Advanced Persistent Threats (APT): – Advanced – Using organized methods, advanced malware, buying new tools constantly developed – Persistant – Patient. Using more social engineering combined with malware and codes. Can be very hard to detect, with expectation of higher payout. – Threats – Designed to attack deliberate choices of target. Credit Card info is cheap on the open market. Now it’s about business disruption, massive identity theft, IP theft, spying.
  • 21. 21 The Advanced Threat Lifecycle - The Threat Manufacturing/Recon - Scan for vulnerabilities - Design phishing emails - Customize malware, etc. Command & Control 1 4 Threat Vector Extraction - Package - Encrypt - Stage 2 3 Communication - Hide, Disarm - Spread, Move, Morph - Dial Home, Update - Recruit - Gather targeted data Infection ….and more
  • 23. 23 What is Security Intelligence? • Security intelligence represents knowledge of the identity, capabilities, and intentions of adversaries engaged in espionage, sabotage, or theft online. – Operational (indicators of compromise) – Tactical (understanding tools, techniques) – Strategic (understanding who, their intentions, and capabilities)
  • 24. 24 Key Terms – Security Measures • Application Control. Protects managed desktops and servers by allowing or denying network application usage based on policies established by the network administrator. • ATP. Advanced Threat Protection (ATP) relies on multiple types of security technologies, products, and research -- each performing a different role, but still working seamlessly together -- to combat these attacks from network core through the end user device. • AV/AM. Anti-virus/Anti-malware (AV/AM) provides protection against virus, spyware, and other types of malware attacks in web, email, and file transfer traffic. • IPS. Intrusion Prevention System (IPS) protects networks from threats by blocking attacks that might otherwise take advantage of network vulnerabilities and unpatched systems.
  • 25. 25 Key Terms – Security Measures • NGFW. Next Generation Firewall (NGFW) provides multi-layered capabilities in a single firewall appliance instead of a basic firewall and numerous add-on appliances. • Sandboxing. Sandboxing refers to the process of analyzing files in a contained environment to identify previously unknown threats and uncovering the full attack lifecycle. • UTM. Unified Threat Management (UTM) provides administrators the ability to monitor and manage multiple, complex security-related applications and infrastructure components through a single management console. • Web Filtering. Web Filtering technology gives you the option to explicitly allow web sites, or to pass web traffic uninspected both to and from known-good web sites in order to accelerate traffic flows.
  • 26. 26 Infrastructure Evolution • From closed networks to a global information grid • From governments & corporations to housewives & children 1985 1991 1995 2000 200219991967 200719761970 2004 2013-14
  • 27. 27 The Importance of Network Security • What is Modern Network Security? – User-friendly, but threat-unfriendly – Unique…just like everyone else – Maintaining balance, relevance, and Unified Threat Management (UTM) Servers Users VPN IPS Firewall AV/AM Anti-Spam URL Filters Legacy Systems UTM Servers
  • 28. 28 The Advanced Threat Lifecycle – Breaking the Chain Pt 1 Manufacturing/Recon - Scan for vulnerabilities - Design phishing emails - Customize malware, etc. Command & Control 1 4 Threat Vector Extraction - Package - Encrypt - Stage 2 3 Communication - Hide, Disarm - Spread, Move, Morph - Dial Home, Update - Recruit - Gather targeted data Infection
  • 29. 29 The Advanced Threat Lifecycle – Breaking the Chain Pt 2 Manufacturing/Recon - Scan for vulnerabilities - Design phishing emails - Customize malware, etc. Command & Control 1 4 Threat Vector Extraction - Package - Encrypt - Stage 2 3 Communication - Hide, Disarm - Spread, Move, Morph - Dial Home, Update - Recruit - Gather targeted data Infection
  • 30. 30 Advanced Threats • Hackers: – Experience + Resources = Increased Threats • Advanced Threat Protection • Advanced Threats & Network Security: Continuing Evolution…
  • 31. The Threat Landscape and Network Security Measures Carl B. Forkner February 1, 2016