SlideShare une entreprise Scribd logo

Getting ahead of compromise

CMR WORLD TECH
CMR WORLD TECH

Getting ahead of compromise

Données & analyses
1  sur  8
Télécharger pour lire hors ligne
Cyber Intelligence: WHITE PAPER Getting Ahead of Compromise
Cyber Intelligence: Getting Ahead of Compromise Executive Summary As cyber threats become an inevitable part of the fabric of the enterprise’s digital environments, and targeted attacks are increasingly subtle and manipulative, the limitations of traditional security controls have been exposed. The defender is challenged with enhancing their visibility and insights into their own organizations’ systems, in order to regain the advantage and inform critical, timely decision-making. Cyber intelligence is central to this challenge, providing total visibility and tailored, real-time insights into emerging anomalies – as opposed to feeds of old news about previous threats. This intelligence-based approach is at the heart of the new generation of cyber defense, based on skilled people and cutting- edge ‘immune system’ technologies engaged in an ongoing process of learning, understanding and dealing with developing issues, before they turn into crises. “Gaining ongoing insight into ecosystem vulnerabilities and threats helps anticipate and plan for risks that might sideline others who are less informed” PWC “Darktrace provides us with absolute visibility into what is happening in real time. We can now pinpoint and target our security resources” Louis Kangurs, Virgin Trains
White Paper 3 Staying open for business The breach of the network perimeter is now assumed as inevitable by today’s security professional. This is the new reality, in which network boundary technologies, while playing a critical role in a layered defensive strategy, are insufficient to defeat the targeted attacker. It is accepted that breaches are unavoidable, and that it is a case of ‘when’ rather than ‘if’. In this new world, the challenge has changed. As well as defending the boundary, the modern business needs to address the threat within, and develop an intelligence-led approach to detecting live threat within a complex information environment. Modern organizations are dependent on their ability to do business in an open and connected marketplace. The lifeblood of the enterprise is its data, and in order to drive growth, this diverse data must flow beyond and around traditional network boundaries. It is constantly moving between the organization and its customers, suppliers, staff, partners and so on. The challenge of the CISO today is to protect data that is ‘out there’ in the wild. Indeed, the very improvements that have enabled enterprises to thrive in the last ten years – connectivity, digitization, innovation – are the very things that have exposed them to the most risk. Today’s security professionals understand the balance that must be struck when considering the staff of an organization. Employees need to be trusted as valuable assets but they also represent a significant threat to the integrity of the enterprise’s data and, whether malicious or negligent, their behaviors elevate risk. While there may be a temptation to tighten these controls and introduce more stringent policies, the reality of doing business means that people will always find a way around barriers that hinder them. Anyone will tell you that you can cure any disease if you kill the patient. As businesses, we cannot afford to suffocate ourselves with laborious and impracticable security controls under the illusion that we are more ‘secure’ as a result, at the expense of our ability to be competitive, agile and efficient. The challenge to today’s security professionals is to protect the enterprise’s most valuable assets while continuing to enable data to support growth. Staying open for business within the context of an ever- changing threat landscape requires a balance between risk and benefit. The balance required is never completely stable or static, but constantly being readjusted to keep the scales equally weighted. It is a challenge that requires a subtle approach, based on a mentality of intelligence over security. Whereas cyber security assumes that defensive measures must work 100% of the time, cyber intelligence provides evidence-based insights that directly inform decision-making, surfacing high-priority issues over less significant ones, and giving the organization the best possible oversight and understanding of its own state of health, in order to implement the best treatment plan.
4 order to minimize the chances of being uncovered. Indeed, the average time that it takes to detect a malicious cyber- crime attack stands at 170 days, with advanced attackers involving insiders taking 259 days on average to detect. During this time, the adversary gradually builds up an understanding of the network and its architecture that informs the steps they take to move around the network laterally and carry out the tailored attack. While the defending organization is constantly distracted by day-to- day business issues, the attacker has the advantage of time and resource, biding their time to collect intelligence and perpetrate their operation with a high degree of confidence of what they are doing, where they need to go and how to avoid detection. Typically, an advanced attacker will look to gain persistence, both on a host, and indeed on a network. Looking to have options in the event of detection, an attacker will attempt to infiltrate a range of devices and servers on a network. Attackers will often be able to move within a network and develop knowledge of the tools used to detect them, allowing them to move stealthily enough to avoid detection by traditional rules- based technologies. The noise of the network, and the large volume of outputs of log-based technologies often makes it impossible to detect the subtle movement of the attacker. Despite the evidence often being discovered in the post-incident forensic phase, the defender has simply been overwhelmed by the sheer volume of noise. Living under the radar Cyber-attacks fill the headlines week after week, with dizzying figures of customer accounts compromised and negative reputation impact making for dramatic stories. Major breaches require immediate remediate action, with time, effort and money poured into clearing up after a compromise. The concept of a ‘clean-up’ operation after a cyber-attack is a flawed one however. Organizations are never free of threats and potentially dangerous or malicious influences. While there is huge pressure on companies post-breach to be seen to be taking action, to mitigate the reputational hit and restore customer, market and shareholder confidence, it is often a case of ‘too little, too late’. Too late because the damage is done, and too little because the adversary has gained a level of control and infiltration within the target organization that their ability to retrospectively defend themselves is limited. The challenge of the last few years has been aggravated by the industrialization of the cyber-crime economy and the increasing sophistication of the perpetrators. Advanced exploit tools are readily available on the internet – customizable malware, laboratories for testing and previously unseen hacking techniques can be exchanged and traded – which means that taking a hold within an organization has become trivial. Once inside, incognito attacks take place that are very difficult to spot because they are careful and subtle. Firstly, outsider attackers will typically use the authorized access credentials of an employee, to avoid tripping perimeter alarms. This makes it extremely difficult to distinguish authorized activity from a cyber-threat actor intent on doing harm. Attackers use this cloak of legitimacy to perpetrate their attack, disguising themselves amid the normal interactions of that user and the day-to-day noise of the network. Being recognized as legitimate at the point of entry allows attackers an advantage. They are considered to be ‘trusted’ and the challenge of moving within the enterprise to find and eventually egress data or manipulate systems becomes easier. Furthermore, attackers not only use targeted email campaigns and exploit legitimate credentials in order to pass under the radar, but they may also use zero-day exploits and purpose-built malware to achieve their goals. Subtle, well-disguised attacks are increasingly played out over long periods of time too, a testament to the adversary’s patience and persistence. An advanced threat actor may lie low in the network for days, weeks or months on end, patiently lying dormant within the organization in
White Paper 5 Visibility and insight Organizations need to take a step back when considering cyber defense strategies, first asking the question: how well do I know my own environment? As network infrastructures and intranets have grown and expanded with more and more devices, functionality and technologies, the digital architecture of an organization of any significant size is typically very complex. IT security managers and risk directors often lack visibility of the very systems that they manage, accessing only data siloes and focusing on specific parts of the organization where there are known problems to resolve. Total visibility of all digital interactions and communications, notjustasubsetofthem,iscriticalbecauseitallowssecurity professionals to make the best possible decisions, based on an understanding of the bigger picture. With visibility of the global trends and patterns that are happening on a day-to-day basis across the enterprise, these individuals are in a better position to configure security controls and the network environment, identify vulnerabilities or rogue employees, and indeed curb live cyber-threats. Seeing and understanding what is going on in real time is the first step to seeing what should not be happening – however subtle the deviation is. Precious time Time is therefore an extremely precious resource which the defender is often poor in. The advanced attacker meanwhile has vast resources in terms of human capital, time and funding to create capabilities that bypass the various components of traditional security stacks. Organizations consistently struggle to detect compromises at the earliest point of relevance, before damage is being or has been done, such as a large-scale data breach or a major operational interruption. Instead they find themselves in a race against the clock to clean up and minimize financial, reputational and operational damage, in spite of the many months of preparation and lateral movement of the threat actor prior to the final attack or breach activity. As long as the attacker continues to have the time advantage over the defender, target organizations will continually be on the back foot. Businesses need to hit the reset button, and rethink the way that they view cyber security and cyber-attacks. To start with, this means ceasing to consider these concepts as absolute states; the former is not practically viable, and the latter has no clear perimeters – a cyber-attack has no obvious starting point and no clear end either. Every attack starts with a compromise, which starts with a subtle change in the normal order of things and builds to form a chain of events that together can wield control of a foreign environment and jeopardize that environment and its contents. In an age of countless, ever-changing threats, analyzing yesterday’s adversaries is no guarantee of protecting against tomorrow’s. Today’s attackers are using constantly adapting their techniques and strategies in order to stay persistent, and achieve longevity within your systems. The baseline of normal behavior is constantly changing. We therefore need to start counting time differently, looking to ‘catch’ suspicious activity within the window of time between the initial compromise and the first signs of abnormality. Rather than investing in post-mortem research of past breaches and compromises, we should focus on finding tomorrow’s problems – by tuning our ears to the very subtle signals that are emitted in the noise of a busy organization. Within an enterprise IT environment, this requires two key elements: Intelligent analysis and abnormality detection With situational awareness of the entirety of an organization’s activity, new technologies can be leveraged to analyze it, and form a constantly-evolving picture of normality. Fundamental advances in probabilistic mathematics and machine learning have made this approach possible, delivered by technology that learns what is normal and abnormal within a particular organizational environment on a continual basis, and surfaces probabilistically anomalous events in real time. Anomalies, or deviations from learnt normal behaviors across devices, networks and users, must be genuine and based on a dynamic understanding of the environment. Abnormal behavior can often be dealt with in a responsible way by business units – but only if it is detected early. Organizations need to liberate themselves from the task of sifting through masses of security alerts, produced based on predefined assumptions of what constitutes ‘a threat,’ and instead employ tailored intelligence that illuminates the digital enterprise environment and informs decision- making. Ultimately, mitigating risk is a continual exercise of informed decision-making by business professionals – the ability to focus on the right decisions and areas of concern requires a new generation of technology that is self-learning, probabilistic and adaptive.
6 “Darktrace is interesting because of its back-to-front approach to security... [it] profiles not possible attack vectors, but the network itself, as well as the devices that connect to the network and the network's users.” David Meyer, Gigaom, 2014 Cyber intelligence vs Threat intelligence ‘Threat intelligence’ is a term that has been given to the collection and sharing of information about identified threats. Essentially it refers to a database or feed of information that must be matched against an organization’s security alerts, logs and other forensics data to determine if a specific activity is a threat to the organization. If a detection can be correlated with a piece of threat data, it may be used to help protect against similar attacks that are still circulating. The fundamental flaw of sharing information about past attacks is that it is retrospective and does not help organizations defend against tomorrow’s fresh attacks. It is requires at least one organization to get burnt by each new attack vector in order to find it, limiting itself to telling you about previous attacks, in the assumption that the same attack might replicate itself. Typically, it takes months for a new attack vector or technique to manifest in threat intelligence feeds. In the meantime, your enterprise is vulnerable to those same attacks that have yet to be revealed and shared by prior victims. At worst, it is a mass of inapplicable data that distracts from the core objective of the organization, which is to defend against future attacks, not past ones. It is little solace to know that your organization was the first to discover, and suffer, a new threat and the first to add it to the threat feed, for others to protect themselves. Intelligence about threats must be tailored to an organization to be useful, and must feed into a human being at some point, in order for difficult decisions to be made. The best intelligence is that which assists human beings in the decision-making process, and gives them the best degree of confidence that those decisions are correct, appropriate and, most importantly, timely enough to avoid a full-scale data breach, operational interruption or reputational hit. True cyber intelligence is not about identifying past threats and attack vectors, therefore, but is focused on understanding exactly what is happening within the organizations, to a level of granularity that will expose even very subtle and quiet actions. Clever intelligence is about analyzing this detailed, real-time information in such a way as to correlate multiple weak indicators and form a picture of understanding from that data. Indeed, within the context of national security and law enforcement, ‘intelligence’ refers to the special insights that directly inform decisions around how to tackle specific risks and threats, before the adversary has seized the initiative and forced you onto the back foot. It provides evidence-based knowledge that allows human beings to determine how and when to take action, and in turn to assess the effectiveness of those decisions on an ongoing basis, as the context inevitably changes. For organizations looking to take proactive action against cyber adversaries during their attack missions, these questions are critical and require high-quality intelligence, the result of advanced, context-aware analysis of a broad range of factors that contribute to an attack taking place. Cyber intelligence must drive decisions while compromises are nascent and manageable, in a timeframe that allows those decisions to be effective and avoids a crisis at its logical conclusion.
White Paper 7 Better focus, more action Attack techniques and methodologies are virtually impossible to predict, with yesterday’s attacks looking different to tomorrow’s one, or the one the day after. Internal vulnerabilities are a constant issue that require continual assessment. In this environment of countless threats existing within the organization at any given time, comprehensive visibility is required into the happenings of our own organizations to work out where to focus our attention, and establish cyber defense priorities in real time. Yet the overload of the security events and incidents that are frequently produced by the gamut of conventional security tools has often had the perverse effect of engendering inactivity, on the part of the security or IT function, due to the sheer volume of alerts that are surfaced, or the un-actionable nature of the information that is being fed back. Security practitioners must be able to hone in on threats, in a way that makes sense to the organization, rather than spend valuable time on thousands of context-less alarms. Taking advantage of each enterprise’s unique configuration, the time your employees come to work, the types of devices they use and the way they use them, the resources that they access, etc. etc. is critical, because no adversary has such details for their attack planning. This granularity of activity must be leveraged by employing self-learning ‘immune system’ technologies that can see and intelligently analyze this data, establishing an implicit understanding of its level of normality or otherwise, and surface anomalies in real time that must be dealt with by the business in a timely fashion. Conclusion The cyber intelligence function is crucial to the new risk mitigation strategies that are being put in place to deal with tomorrow’s threats, providing organizations with actionable knowledge and evidence that they would not otherwise have access to, and allowing them to deal with the genesis of a compromise, at the point that the abnormality emerges. Advanced mathematical technologies can leverage this ‘home advantage’ within very complex and dynamic environments. Next-generation solutions need to be highly sensitive to extremely low-level noise and catch the tweaks in normal behavior that manifest themselves as anomalous, based on an evolving understanding of what constitutes normality for that particular organization at any given moment in time. Being able to cope with subtle actions and quiet compromise is key to being able to detect and address the early stages of compromise before they snowball into uncontrollable cyber incidents that culminate in major financial, operational or reputational damage to the organization. An Enterprise Immune System approach does this, by continually learning, spotting and analyzing the faint traces and weak indicators that necessarily precede each potential disaster, rather than turning up on the crime scene to work out what went so terribly wrong.
ABOUT DARKTRACE Darktrace is one of the world’s fastest-growing cyber defense companies and the leader in Enterprise Immune System technology, a new category of cyber solutions based on pioneering Bayesian mathematics developed at the University of Cambridge. Darktrace addresses the challenge of insider threat and advanced cyber-attacks through its unique ability to detect previously unidentified threats in real time, as manifested in the emerging behaviors of the network, devices and individuals. Some of the world’s largest organizations rely on Darktrace’s adaptive, self- learning platform to spot anomalous activity within the enterprise, in sectors including energy and utilities, financial services, telecommunications, retail and transportation. Darktrace was founded by world-class machine learning specialists and operational government intelligence experts. The company is headquartered in Cambridge, UK, with offices in London, Milan, New York, Paris, San Francisco and Washington D.C. CONTACT US UK: +44 (0) 1223 350 653 US: +1 (917) 363 0822 Email: info@darktrace.com www.darktrace.com

Recommandé

Darktrace white paper_ics_final
Darktrace white paper_ics_finalDarktrace white paper_ics_final
Darktrace white paper_ics_final
CMR WORLD TECH
 
2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity
Svetlana Belyaeva
 
The Top 20 Cyberattacks on Industrial Control Systems
The Top 20 Cyberattacks on Industrial Control SystemsThe Top 20 Cyberattacks on Industrial Control Systems
The Top 20 Cyberattacks on Industrial Control Systems
Muhammad FAHAD
 
Cybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityCybersecurity in the Age of Mobility
Cybersecurity in the Age of Mobility
Booz Allen Hamilton
 
br-security-connected-top-5-trends
br-security-connected-top-5-trendsbr-security-connected-top-5-trends
br-security-connected-top-5-trends
Christopher Bennett
 
Cyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber AnalystsCyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber Analysts
Booz Allen Hamilton
 
100+ Cyber Security Interview Questions and Answers in 2022
100+ Cyber Security Interview Questions and Answers in 2022100+ Cyber Security Interview Questions and Answers in 2022
100+ Cyber Security Interview Questions and Answers in 2022
Temok IT Services
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019
Ulf Mattsson
 

Recommandé

Darktrace white paper_ics_final
Darktrace white paper_ics_finalDarktrace white paper_ics_final
Darktrace white paper_ics_final
CMR WORLD TECH
 
2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity
Svetlana Belyaeva
 
The Top 20 Cyberattacks on Industrial Control Systems
The Top 20 Cyberattacks on Industrial Control SystemsThe Top 20 Cyberattacks on Industrial Control Systems
The Top 20 Cyberattacks on Industrial Control Systems
Muhammad FAHAD
 
Cybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityCybersecurity in the Age of Mobility
Cybersecurity in the Age of Mobility
Booz Allen Hamilton
 
br-security-connected-top-5-trends
br-security-connected-top-5-trendsbr-security-connected-top-5-trends
br-security-connected-top-5-trends
Christopher Bennett
 
Cyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber AnalystsCyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber Analysts
Booz Allen Hamilton
 
100+ Cyber Security Interview Questions and Answers in 2022
100+ Cyber Security Interview Questions and Answers in 2022100+ Cyber Security Interview Questions and Answers in 2022
100+ Cyber Security Interview Questions and Answers in 2022
Temok IT Services
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019
Ulf Mattsson
 
Mobile Application Security
Mobile Application Security Mobile Application Security
Mobile Application Security
Booz Allen Hamilton
 
Cloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime WhitepaperCloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime Whitepaper
Martin Ruubel
 
Healthcare IT Security Threats & Ways to Defend Them
Healthcare IT Security Threats & Ways to Defend ThemHealthcare IT Security Threats & Ways to Defend Them
Healthcare IT Security Threats & Ways to Defend Them
CheapSSLsecurity
 
The Vigilant Enterprise
The Vigilant EnterpriseThe Vigilant Enterprise
The Vigilant Enterprise
Booz Allen Hamilton
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligence
wbesse
 
Enhanced method for intrusion detection over kdd cup 99 dataset
Enhanced method for intrusion detection over kdd cup 99 datasetEnhanced method for intrusion detection over kdd cup 99 dataset
Enhanced method for intrusion detection over kdd cup 99 dataset
ijctet
 
Making Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentMaking Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software Development
ConSanFrancisco123
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Sounil Yu
 
Insecure magazine - 52
Insecure magazine - 52Insecure magazine - 52
Insecure magazine - 52
Felipe Prado
 
Intrusion Detection System using Data Mining
Intrusion Detection System using Data MiningIntrusion Detection System using Data Mining
Intrusion Detection System using Data Mining
IRJET Journal
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & Recommendations
Ulf Mattsson
 
Data Security in Healthcare
Data Security in HealthcareData Security in Healthcare
Data Security in Healthcare
Quick Heal Technologies Ltd.
 
Big Data Dectives
Big Data DectivesBig Data Dectives
Big Data Dectives
- Mark - Fullbright
 
6 Ways to Fight the Data Loss Gremlins
6 Ways to Fight the Data Loss Gremlins6 Ways to Fight the Data Loss Gremlins
6 Ways to Fight the Data Loss Gremlins
Intronis MSP Solutions by Barracuda
 
Cyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdCyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sd
Susan Darby
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence Index
IBM Security
 
Security Solutions against Computer Networks Threats
Security Solutions against Computer Networks ThreatsSecurity Solutions against Computer Networks Threats
Security Solutions against Computer Networks Threats
Eswar Publications
 
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?
PECB
 
csxnewsletter
csxnewslettercsxnewsletter
csxnewsletter
Dominic Vogel
 
Kelompok 4
Kelompok 4Kelompok 4
Kelompok 4
Agustin Nanda Uti
 
Musalmano Sin-e-Hijri-Apnao
Musalmano Sin-e-Hijri-ApnaoMusalmano Sin-e-Hijri-Apnao
Musalmano Sin-e-Hijri-Apnao
Wajid Malik
 
Ee elecl. transfers & modification
Ee elecl. transfers & modificationEe elecl. transfers & modification
Ee elecl. transfers & modification
R.Vinothkumar Er
 

Contenu connexe

Tendances

Cloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime WhitepaperCloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime Whitepaper
Martin Ruubel
 
Making Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentMaking Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software Development
ConSanFrancisco123
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & Recommendations
Ulf Mattsson
 
Cyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdCyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sd
Susan Darby
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence Index
IBM Security
 
Security Solutions against Computer Networks Threats
Security Solutions against Computer Networks ThreatsSecurity Solutions against Computer Networks Threats
Security Solutions against Computer Networks Threats
Eswar Publications
 
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?
PECB
 

Tendances (19)

Mobile Application Security
Mobile Application Security Mobile Application Security
Mobile Application Security
 
Cloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime WhitepaperCloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime Whitepaper
 
Healthcare IT Security Threats & Ways to Defend Them
Healthcare IT Security Threats & Ways to Defend ThemHealthcare IT Security Threats & Ways to Defend Them
Healthcare IT Security Threats & Ways to Defend Them
 
The Vigilant Enterprise
The Vigilant EnterpriseThe Vigilant Enterprise
The Vigilant Enterprise
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligence
 
Enhanced method for intrusion detection over kdd cup 99 dataset
Enhanced method for intrusion detection over kdd cup 99 datasetEnhanced method for intrusion detection over kdd cup 99 dataset
Enhanced method for intrusion detection over kdd cup 99 dataset
 
Making Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentMaking Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software Development
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
 
Insecure magazine - 52
Insecure magazine - 52Insecure magazine - 52
Insecure magazine - 52
 
Intrusion Detection System using Data Mining
Intrusion Detection System using Data MiningIntrusion Detection System using Data Mining
Intrusion Detection System using Data Mining
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & Recommendations
 
Data Security in Healthcare
Data Security in HealthcareData Security in Healthcare
Data Security in Healthcare
 
Big Data Dectives
Big Data DectivesBig Data Dectives
Big Data Dectives
 
6 Ways to Fight the Data Loss Gremlins
6 Ways to Fight the Data Loss Gremlins6 Ways to Fight the Data Loss Gremlins
6 Ways to Fight the Data Loss Gremlins
 
Cyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdCyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sd
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence Index
 
Security Solutions against Computer Networks Threats
Security Solutions against Computer Networks ThreatsSecurity Solutions against Computer Networks Threats
Security Solutions against Computer Networks Threats
 
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?
 
csxnewsletter
csxnewslettercsxnewsletter
csxnewsletter
 

En vedette

mirna emad CV (2)
mirna emad CV (2)mirna emad CV (2)
mirna emad CV (2)
Mirna Emad
 

En vedette (15)

Kelompok 4
Kelompok 4Kelompok 4
Kelompok 4
 
Musalmano Sin-e-Hijri-Apnao
Musalmano Sin-e-Hijri-ApnaoMusalmano Sin-e-Hijri-Apnao
Musalmano Sin-e-Hijri-Apnao
 
Ee elecl. transfers & modification
Ee elecl. transfers & modificationEe elecl. transfers & modification
Ee elecl. transfers & modification
 
Smart_Transcript
Smart_TranscriptSmart_Transcript
Smart_Transcript
 
K11 2
K11 2K11 2
K11 2
 
Armageddon
ArmageddonArmageddon
Armageddon
 
Tamez_Yonane_4.4
Tamez_Yonane_4.4Tamez_Yonane_4.4
Tamez_Yonane_4.4
 
mirna emad CV (2)
mirna emad CV (2)mirna emad CV (2)
mirna emad CV (2)
 
6893
68936893
6893
 
Maks Professional Portfolio
Maks Professional Portfolio Maks Professional Portfolio
Maks Professional Portfolio
 
How To Avoid Drowning in the Digital Data Stream: Techniques and Tools for Ef...
How To Avoid Drowning in the Digital Data Stream: Techniques and Tools for Ef...How To Avoid Drowning in the Digital Data Stream: Techniques and Tools for Ef...
How To Avoid Drowning in the Digital Data Stream: Techniques and Tools for Ef...
 
Taboo Game - Random Things (intermediate)
Taboo Game - Random Things (intermediate)Taboo Game - Random Things (intermediate)
Taboo Game - Random Things (intermediate)
 
OYO Corporate Booking
OYO Corporate BookingOYO Corporate Booking
OYO Corporate Booking
 
Frukostseminarium iBiz & Microsoft 19/5-2016
Frukostseminarium iBiz & Microsoft 19/5-2016Frukostseminarium iBiz & Microsoft 19/5-2016
Frukostseminarium iBiz & Microsoft 19/5-2016
 
Profissional de Monitoramento, Mensuração e Social Analytics no Brasil (2013)
Profissional de Monitoramento, Mensuração e Social Analytics no Brasil (2013)Profissional de Monitoramento, Mensuração e Social Analytics no Brasil (2013)
Profissional de Monitoramento, Mensuração e Social Analytics no Brasil (2013)
 

Similaire à Getting ahead of compromise

Darktrace_WhitePaper_Needle_final
Darktrace_WhitePaper_Needle_finalDarktrace_WhitePaper_Needle_final
Darktrace_WhitePaper_Needle_final
Jerome Chapolard
 
Darktrace_WhitePaper_EnterpriseImmuneSystem
Darktrace_WhitePaper_EnterpriseImmuneSystemDarktrace_WhitePaper_EnterpriseImmuneSystem
Darktrace_WhitePaper_EnterpriseImmuneSystem
Austin Eppstein
 
Information Securityfind an article online discussing defense-in-d.pdf
Information Securityfind an article online discussing defense-in-d.pdfInformation Securityfind an article online discussing defense-in-d.pdf
Information Securityfind an article online discussing defense-in-d.pdf
forladies
 
Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015
Mark Lanterman
 
Enterprise Immune System
Enterprise Immune SystemEnterprise Immune System
Enterprise Immune System
Austin Eppstein
 

Similaire à Getting ahead of compromise (20)

Darktrace_WhitePaper_Needle_final
Darktrace_WhitePaper_Needle_finalDarktrace_WhitePaper_Needle_final
Darktrace_WhitePaper_Needle_final
 
Darktrace enterprise immune system whitepaper_digital
Darktrace enterprise immune system whitepaper_digitalDarktrace enterprise immune system whitepaper_digital
Darktrace enterprise immune system whitepaper_digital
 
Darktrace_WhitePaper_EnterpriseImmuneSystem
Darktrace_WhitePaper_EnterpriseImmuneSystemDarktrace_WhitePaper_EnterpriseImmuneSystem
Darktrace_WhitePaper_EnterpriseImmuneSystem
 
EnterpriseImmuneSystem
EnterpriseImmuneSystemEnterpriseImmuneSystem
EnterpriseImmuneSystem
 
Countering Advanced Persistent Threats
Countering Advanced Persistent ThreatsCountering Advanced Persistent Threats
Countering Advanced Persistent Threats
 
Information Securityfind an article online discussing defense-in-d.pdf
Information Securityfind an article online discussing defense-in-d.pdfInformation Securityfind an article online discussing defense-in-d.pdf
Information Securityfind an article online discussing defense-in-d.pdf
 
Cisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack ContinuumCisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack Continuum
 
Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015
 
Enterprise Immune System
Enterprise Immune SystemEnterprise Immune System
Enterprise Immune System
 
Symantec cyber-resilience
Symantec cyber-resilienceSymantec cyber-resilience
Symantec cyber-resilience
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaper
 
Managed security services for financial services firms
Managed security services for financial services firmsManaged security services for financial services firms
Managed security services for financial services firms
 
Retail
Retail Retail
Retail
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeCyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeCyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
 
Cybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future AttacksCybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future Attacks
 
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply Chain
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply ChainSFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply Chain
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply Chain
 
Stalking the Kill Chain
Stalking the Kill ChainStalking the Kill Chain
Stalking the Kill Chain
 
Adopting Intelligence-Driven Security
Adopting Intelligence-Driven SecurityAdopting Intelligence-Driven Security
Adopting Intelligence-Driven Security
 
What's behind a cyber attack
What's behind a cyber attackWhat's behind a cyber attack
What's behind a cyber attack
 

Plus de CMR WORLD TECH

Plus de CMR WORLD TECH (20)

Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cyber Security for Everyone Course - Final Project Presentation
Cyber Security for Everyone Course - Final Project PresentationCyber Security for Everyone Course - Final Project Presentation
Cyber Security for Everyone Course - Final Project Presentation
 
CPQ Básico
CPQ BásicoCPQ Básico
CPQ Básico
 
Cpq basics bycesaribeiro
Cpq basics bycesaribeiroCpq basics bycesaribeiro
Cpq basics bycesaribeiro
 
Apexbasic
ApexbasicApexbasic
Apexbasic
 
Questoes processautomation
Questoes processautomationQuestoes processautomation
Questoes processautomation
 
Process automationppt
Process automationpptProcess automationppt
Process automationppt
 
Transcript mva.cesar
Transcript mva.cesarTranscript mva.cesar
Transcript mva.cesar
 
Aws migration-whitepaper-en
Aws migration-whitepaper-enAws migration-whitepaper-en
Aws migration-whitepaper-en
 
Delivery readness for pick season and higth volume
Delivery readness for pick season and higth volumeDelivery readness for pick season and higth volume
Delivery readness for pick season and higth volume
 
Why digital-will-become-the-primary-channel-for-b2 b-engagement
Why digital-will-become-the-primary-channel-for-b2 b-engagementWhy digital-will-become-the-primary-channel-for-b2 b-engagement
Why digital-will-become-the-primary-channel-for-b2 b-engagement
 
Transcript Micrsosft Java Azure
Transcript Micrsosft Java Azure Transcript Micrsosft Java Azure
Transcript Micrsosft Java Azure
 
Buisiness UK Trading Marketing Finance
Buisiness UK Trading Marketing Finance Buisiness UK Trading Marketing Finance
Buisiness UK Trading Marketing Finance
 
Hyperledger arch wg_paper_1_consensus
Hyperledger arch wg_paper_1_consensusHyperledger arch wg_paper_1_consensus
Hyperledger arch wg_paper_1_consensus
 
Master lob-e-book
Master lob-e-bookMaster lob-e-book
Master lob-e-book
 
Apexand visualforcearchitecture
Apexand visualforcearchitectureApexand visualforcearchitecture
Apexand visualforcearchitecture
 
Trailblazers guide-to-apps
Trailblazers guide-to-appsTrailblazers guide-to-apps
Trailblazers guide-to-apps
 
Berkeley program on_data_science___analytics_1
Berkeley program on_data_science___analytics_1Berkeley program on_data_science___analytics_1
Berkeley program on_data_science___analytics_1
 
Rep consumer experience_in_the_retail_renaissance_en_28_mar18_final_dm_
Rep consumer experience_in_the_retail_renaissance_en_28_mar18_final_dm_Rep consumer experience_in_the_retail_renaissance_en_28_mar18_final_dm_
Rep consumer experience_in_the_retail_renaissance_en_28_mar18_final_dm_
 
Salesforce voice-and-tone
Salesforce voice-and-toneSalesforce voice-and-tone
Salesforce voice-and-tone
 

Dernier

Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...
Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...
Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...
gajnagarg
 
Sequential and reinforcement learning for demand side management by Margaux B...
Sequential and reinforcement learning for demand side management by Margaux B...Sequential and reinforcement learning for demand side management by Margaux B...
Sequential and reinforcement learning for demand side management by Margaux B...
Paris Women in Machine Learning and Data Science
 
Jual Cytotec Asli Obat Aborsi No. 1 Paling Manjur
Jual Cytotec Asli Obat Aborsi No. 1 Paling ManjurJual Cytotec Asli Obat Aborsi No. 1 Paling Manjur
Jual Cytotec Asli Obat Aborsi No. 1 Paling Manjur
ptikerjasaptiker
 
Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...
nirzagarg
 
怎样办理旧金山城市学院毕业证(CCSF毕业证书)成绩单学校原版复制
怎样办理旧金山城市学院毕业证(CCSF毕业证书)成绩单学校原版复制怎样办理旧金山城市学院毕业证(CCSF毕业证书)成绩单学校原版复制
怎样办理旧金山城市学院毕业证(CCSF毕业证书)成绩单学校原版复制
vexqp
 
Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...
Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...
Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...
nirzagarg
 
Top profile Call Girls In Vadodara [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Vadodara [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Vadodara [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Vadodara [ 7014168258 ] Call Me For Genuine Models ...
gajnagarg
 
Capstone in Interprofessional Informatic // IMPACT OF COVID 19 ON EDUCATION
Capstone in Interprofessional Informatic // IMPACT OF COVID 19 ON EDUCATIONCapstone in Interprofessional Informatic // IMPACT OF COVID 19 ON EDUCATION
Capstone in Interprofessional Informatic // IMPACT OF COVID 19 ON EDUCATION
LakpaYanziSherpa
 
PLE-statistics document for primary schs
PLE-statistics document for primary schsPLE-statistics document for primary schs
PLE-statistics document for primary schs
cnajjemba
 
怎样办理圣路易斯大学毕业证(SLU毕业证书)成绩单学校原版复制
怎样办理圣路易斯大学毕业证(SLU毕业证书)成绩单学校原版复制怎样办理圣路易斯大学毕业证(SLU毕业证书)成绩单学校原版复制
怎样办理圣路易斯大学毕业证(SLU毕业证书)成绩单学校原版复制
vexqp
 
如何办理英国诺森比亚大学毕业证(NU毕业证书)成绩单原件一模一样
如何办理英国诺森比亚大学毕业证(NU毕业证书)成绩单原件一模一样如何办理英国诺森比亚大学毕业证(NU毕业证书)成绩单原件一模一样
如何办理英国诺森比亚大学毕业证(NU毕业证书)成绩单原件一模一样
wsppdmt
 
一比一原版(UCD毕业证书)加州大学戴维斯分校毕业证成绩单原件一模一样
一比一原版(UCD毕业证书)加州大学戴维斯分校毕业证成绩单原件一模一样一比一原版(UCD毕业证书)加州大学戴维斯分校毕业证成绩单原件一模一样
一比一原版(UCD毕业证书)加州大学戴维斯分校毕业证成绩单原件一模一样
wsppdmt
 
Top profile Call Girls In dimapur [ 7014168258 ] Call Me For Genuine Models W...
Top profile Call Girls In dimapur [ 7014168258 ] Call Me For Genuine Models W...Top profile Call Girls In dimapur [ 7014168258 ] Call Me For Genuine Models W...
Top profile Call Girls In dimapur [ 7014168258 ] Call Me For Genuine Models W...
gajnagarg
 
Top profile Call Girls In bhavnagar [ 7014168258 ] Call Me For Genuine Models...
Top profile Call Girls In bhavnagar [ 7014168258 ] Call Me For Genuine Models...Top profile Call Girls In bhavnagar [ 7014168258 ] Call Me For Genuine Models...
Top profile Call Girls In bhavnagar [ 7014168258 ] Call Me For Genuine Models...
gajnagarg
 
Reconciling Conflicting Data Curation Actions: Transparency Through Argument...
Reconciling Conflicting Data Curation Actions: Transparency Through Argument...Reconciling Conflicting Data Curation Actions: Transparency Through Argument...
Reconciling Conflicting Data Curation Actions: Transparency Through Argument...
Bertram Ludäscher
 

Dernier (20)

Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...
Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...
Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...
 
Sequential and reinforcement learning for demand side management by Margaux B...
Sequential and reinforcement learning for demand side management by Margaux B...Sequential and reinforcement learning for demand side management by Margaux B...
Sequential and reinforcement learning for demand side management by Margaux B...
 
Jual Cytotec Asli Obat Aborsi No. 1 Paling Manjur
Jual Cytotec Asli Obat Aborsi No. 1 Paling ManjurJual Cytotec Asli Obat Aborsi No. 1 Paling Manjur
Jual Cytotec Asli Obat Aborsi No. 1 Paling Manjur
 
Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...
 
怎样办理旧金山城市学院毕业证(CCSF毕业证书)成绩单学校原版复制
怎样办理旧金山城市学院毕业证(CCSF毕业证书)成绩单学校原版复制怎样办理旧金山城市学院毕业证(CCSF毕业证书)成绩单学校原版复制
怎样办理旧金山城市学院毕业证(CCSF毕业证书)成绩单学校原版复制
 
Predicting HDB Resale Prices - Conducting Linear Regression Analysis With Orange
Predicting HDB Resale Prices - Conducting Linear Regression Analysis With OrangePredicting HDB Resale Prices - Conducting Linear Regression Analysis With Orange
Predicting HDB Resale Prices - Conducting Linear Regression Analysis With Orange
 
Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...
Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...
Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...
 
Top profile Call Girls In Vadodara [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Vadodara [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Vadodara [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Vadodara [ 7014168258 ] Call Me For Genuine Models ...
 
Capstone in Interprofessional Informatic // IMPACT OF COVID 19 ON EDUCATION
Capstone in Interprofessional Informatic // IMPACT OF COVID 19 ON EDUCATIONCapstone in Interprofessional Informatic // IMPACT OF COVID 19 ON EDUCATION
Capstone in Interprofessional Informatic // IMPACT OF COVID 19 ON EDUCATION
 
Data Analyst Tasks to do the internship.pdf
Data Analyst Tasks to do the internship.pdfData Analyst Tasks to do the internship.pdf
Data Analyst Tasks to do the internship.pdf
 
SAC 25 Final National, Regional & Local Angel Group Investing Insights 2024 0...
SAC 25 Final National, Regional & Local Angel Group Investing Insights 2024 0...SAC 25 Final National, Regional & Local Angel Group Investing Insights 2024 0...
SAC 25 Final National, Regional & Local Angel Group Investing Insights 2024 0...
 
PLE-statistics document for primary schs
PLE-statistics document for primary schsPLE-statistics document for primary schs
PLE-statistics document for primary schs
 
怎样办理圣路易斯大学毕业证(SLU毕业证书)成绩单学校原版复制
怎样办理圣路易斯大学毕业证(SLU毕业证书)成绩单学校原版复制怎样办理圣路易斯大学毕业证(SLU毕业证书)成绩单学校原版复制
怎样办理圣路易斯大学毕业证(SLU毕业证书)成绩单学校原版复制
 
如何办理英国诺森比亚大学毕业证(NU毕业证书)成绩单原件一模一样
如何办理英国诺森比亚大学毕业证(NU毕业证书)成绩单原件一模一样如何办理英国诺森比亚大学毕业证(NU毕业证书)成绩单原件一模一样
如何办理英国诺森比亚大学毕业证(NU毕业证书)成绩单原件一模一样
 
一比一原版(UCD毕业证书)加州大学戴维斯分校毕业证成绩单原件一模一样
一比一原版(UCD毕业证书)加州大学戴维斯分校毕业证成绩单原件一模一样一比一原版(UCD毕业证书)加州大学戴维斯分校毕业证成绩单原件一模一样
一比一原版(UCD毕业证书)加州大学戴维斯分校毕业证成绩单原件一模一样
 
Top profile Call Girls In dimapur [ 7014168258 ] Call Me For Genuine Models W...
Top profile Call Girls In dimapur [ 7014168258 ] Call Me For Genuine Models W...Top profile Call Girls In dimapur [ 7014168258 ] Call Me For Genuine Models W...
Top profile Call Girls In dimapur [ 7014168258 ] Call Me For Genuine Models W...
 
Aspirational Block Program Block Syaldey District - Almora
Aspirational Block Program Block Syaldey District - AlmoraAspirational Block Program Block Syaldey District - Almora
Aspirational Block Program Block Syaldey District - Almora
 
Top profile Call Girls In bhavnagar [ 7014168258 ] Call Me For Genuine Models...
Top profile Call Girls In bhavnagar [ 7014168258 ] Call Me For Genuine Models...Top profile Call Girls In bhavnagar [ 7014168258 ] Call Me For Genuine Models...
Top profile Call Girls In bhavnagar [ 7014168258 ] Call Me For Genuine Models...
 
Reconciling Conflicting Data Curation Actions: Transparency Through Argument...
Reconciling Conflicting Data Curation Actions: Transparency Through Argument...Reconciling Conflicting Data Curation Actions: Transparency Through Argument...
Reconciling Conflicting Data Curation Actions: Transparency Through Argument...
 
Discover Why Less is More in B2B Research
Discover Why Less is More in B2B ResearchDiscover Why Less is More in B2B Research
Discover Why Less is More in B2B Research
 

Getting ahead of compromise

  • 2. Cyber Intelligence: Getting Ahead of Compromise Executive Summary As cyber threats become an inevitable part of the fabric of the enterprise’s digital environments, and targeted attacks are increasingly subtle and manipulative, the limitations of traditional security controls have been exposed. The defender is challenged with enhancing their visibility and insights into their own organizations’ systems, in order to regain the advantage and inform critical, timely decision-making. Cyber intelligence is central to this challenge, providing total visibility and tailored, real-time insights into emerging anomalies – as opposed to feeds of old news about previous threats. This intelligence-based approach is at the heart of the new generation of cyber defense, based on skilled people and cutting- edge ‘immune system’ technologies engaged in an ongoing process of learning, understanding and dealing with developing issues, before they turn into crises. “Gaining ongoing insight into ecosystem vulnerabilities and threats helps anticipate and plan for risks that might sideline others who are less informed” PWC “Darktrace provides us with absolute visibility into what is happening in real time. We can now pinpoint and target our security resources” Louis Kangurs, Virgin Trains
  • 3. White Paper 3 Staying open for business The breach of the network perimeter is now assumed as inevitable by today’s security professional. This is the new reality, in which network boundary technologies, while playing a critical role in a layered defensive strategy, are insufficient to defeat the targeted attacker. It is accepted that breaches are unavoidable, and that it is a case of ‘when’ rather than ‘if’. In this new world, the challenge has changed. As well as defending the boundary, the modern business needs to address the threat within, and develop an intelligence-led approach to detecting live threat within a complex information environment. Modern organizations are dependent on their ability to do business in an open and connected marketplace. The lifeblood of the enterprise is its data, and in order to drive growth, this diverse data must flow beyond and around traditional network boundaries. It is constantly moving between the organization and its customers, suppliers, staff, partners and so on. The challenge of the CISO today is to protect data that is ‘out there’ in the wild. Indeed, the very improvements that have enabled enterprises to thrive in the last ten years – connectivity, digitization, innovation – are the very things that have exposed them to the most risk. Today’s security professionals understand the balance that must be struck when considering the staff of an organization. Employees need to be trusted as valuable assets but they also represent a significant threat to the integrity of the enterprise’s data and, whether malicious or negligent, their behaviors elevate risk. While there may be a temptation to tighten these controls and introduce more stringent policies, the reality of doing business means that people will always find a way around barriers that hinder them. Anyone will tell you that you can cure any disease if you kill the patient. As businesses, we cannot afford to suffocate ourselves with laborious and impracticable security controls under the illusion that we are more ‘secure’ as a result, at the expense of our ability to be competitive, agile and efficient. The challenge to today’s security professionals is to protect the enterprise’s most valuable assets while continuing to enable data to support growth. Staying open for business within the context of an ever- changing threat landscape requires a balance between risk and benefit. The balance required is never completely stable or static, but constantly being readjusted to keep the scales equally weighted. It is a challenge that requires a subtle approach, based on a mentality of intelligence over security. Whereas cyber security assumes that defensive measures must work 100% of the time, cyber intelligence provides evidence-based insights that directly inform decision-making, surfacing high-priority issues over less significant ones, and giving the organization the best possible oversight and understanding of its own state of health, in order to implement the best treatment plan.
  • 4. 4 order to minimize the chances of being uncovered. Indeed, the average time that it takes to detect a malicious cyber- crime attack stands at 170 days, with advanced attackers involving insiders taking 259 days on average to detect. During this time, the adversary gradually builds up an understanding of the network and its architecture that informs the steps they take to move around the network laterally and carry out the tailored attack. While the defending organization is constantly distracted by day-to- day business issues, the attacker has the advantage of time and resource, biding their time to collect intelligence and perpetrate their operation with a high degree of confidence of what they are doing, where they need to go and how to avoid detection. Typically, an advanced attacker will look to gain persistence, both on a host, and indeed on a network. Looking to have options in the event of detection, an attacker will attempt to infiltrate a range of devices and servers on a network. Attackers will often be able to move within a network and develop knowledge of the tools used to detect them, allowing them to move stealthily enough to avoid detection by traditional rules- based technologies. The noise of the network, and the large volume of outputs of log-based technologies often makes it impossible to detect the subtle movement of the attacker. Despite the evidence often being discovered in the post-incident forensic phase, the defender has simply been overwhelmed by the sheer volume of noise. Living under the radar Cyber-attacks fill the headlines week after week, with dizzying figures of customer accounts compromised and negative reputation impact making for dramatic stories. Major breaches require immediate remediate action, with time, effort and money poured into clearing up after a compromise. The concept of a ‘clean-up’ operation after a cyber-attack is a flawed one however. Organizations are never free of threats and potentially dangerous or malicious influences. While there is huge pressure on companies post-breach to be seen to be taking action, to mitigate the reputational hit and restore customer, market and shareholder confidence, it is often a case of ‘too little, too late’. Too late because the damage is done, and too little because the adversary has gained a level of control and infiltration within the target organization that their ability to retrospectively defend themselves is limited. The challenge of the last few years has been aggravated by the industrialization of the cyber-crime economy and the increasing sophistication of the perpetrators. Advanced exploit tools are readily available on the internet – customizable malware, laboratories for testing and previously unseen hacking techniques can be exchanged and traded – which means that taking a hold within an organization has become trivial. Once inside, incognito attacks take place that are very difficult to spot because they are careful and subtle. Firstly, outsider attackers will typically use the authorized access credentials of an employee, to avoid tripping perimeter alarms. This makes it extremely difficult to distinguish authorized activity from a cyber-threat actor intent on doing harm. Attackers use this cloak of legitimacy to perpetrate their attack, disguising themselves amid the normal interactions of that user and the day-to-day noise of the network. Being recognized as legitimate at the point of entry allows attackers an advantage. They are considered to be ‘trusted’ and the challenge of moving within the enterprise to find and eventually egress data or manipulate systems becomes easier. Furthermore, attackers not only use targeted email campaigns and exploit legitimate credentials in order to pass under the radar, but they may also use zero-day exploits and purpose-built malware to achieve their goals. Subtle, well-disguised attacks are increasingly played out over long periods of time too, a testament to the adversary’s patience and persistence. An advanced threat actor may lie low in the network for days, weeks or months on end, patiently lying dormant within the organization in
  • 5. White Paper 5 Visibility and insight Organizations need to take a step back when considering cyber defense strategies, first asking the question: how well do I know my own environment? As network infrastructures and intranets have grown and expanded with more and more devices, functionality and technologies, the digital architecture of an organization of any significant size is typically very complex. IT security managers and risk directors often lack visibility of the very systems that they manage, accessing only data siloes and focusing on specific parts of the organization where there are known problems to resolve. Total visibility of all digital interactions and communications, notjustasubsetofthem,iscriticalbecauseitallowssecurity professionals to make the best possible decisions, based on an understanding of the bigger picture. With visibility of the global trends and patterns that are happening on a day-to-day basis across the enterprise, these individuals are in a better position to configure security controls and the network environment, identify vulnerabilities or rogue employees, and indeed curb live cyber-threats. Seeing and understanding what is going on in real time is the first step to seeing what should not be happening – however subtle the deviation is. Precious time Time is therefore an extremely precious resource which the defender is often poor in. The advanced attacker meanwhile has vast resources in terms of human capital, time and funding to create capabilities that bypass the various components of traditional security stacks. Organizations consistently struggle to detect compromises at the earliest point of relevance, before damage is being or has been done, such as a large-scale data breach or a major operational interruption. Instead they find themselves in a race against the clock to clean up and minimize financial, reputational and operational damage, in spite of the many months of preparation and lateral movement of the threat actor prior to the final attack or breach activity. As long as the attacker continues to have the time advantage over the defender, target organizations will continually be on the back foot. Businesses need to hit the reset button, and rethink the way that they view cyber security and cyber-attacks. To start with, this means ceasing to consider these concepts as absolute states; the former is not practically viable, and the latter has no clear perimeters – a cyber-attack has no obvious starting point and no clear end either. Every attack starts with a compromise, which starts with a subtle change in the normal order of things and builds to form a chain of events that together can wield control of a foreign environment and jeopardize that environment and its contents. In an age of countless, ever-changing threats, analyzing yesterday’s adversaries is no guarantee of protecting against tomorrow’s. Today’s attackers are using constantly adapting their techniques and strategies in order to stay persistent, and achieve longevity within your systems. The baseline of normal behavior is constantly changing. We therefore need to start counting time differently, looking to ‘catch’ suspicious activity within the window of time between the initial compromise and the first signs of abnormality. Rather than investing in post-mortem research of past breaches and compromises, we should focus on finding tomorrow’s problems – by tuning our ears to the very subtle signals that are emitted in the noise of a busy organization. Within an enterprise IT environment, this requires two key elements: Intelligent analysis and abnormality detection With situational awareness of the entirety of an organization’s activity, new technologies can be leveraged to analyze it, and form a constantly-evolving picture of normality. Fundamental advances in probabilistic mathematics and machine learning have made this approach possible, delivered by technology that learns what is normal and abnormal within a particular organizational environment on a continual basis, and surfaces probabilistically anomalous events in real time. Anomalies, or deviations from learnt normal behaviors across devices, networks and users, must be genuine and based on a dynamic understanding of the environment. Abnormal behavior can often be dealt with in a responsible way by business units – but only if it is detected early. Organizations need to liberate themselves from the task of sifting through masses of security alerts, produced based on predefined assumptions of what constitutes ‘a threat,’ and instead employ tailored intelligence that illuminates the digital enterprise environment and informs decision- making. Ultimately, mitigating risk is a continual exercise of informed decision-making by business professionals – the ability to focus on the right decisions and areas of concern requires a new generation of technology that is self-learning, probabilistic and adaptive.
  • 6. 6 “Darktrace is interesting because of its back-to-front approach to security... [it] profiles not possible attack vectors, but the network itself, as well as the devices that connect to the network and the network's users.” David Meyer, Gigaom, 2014 Cyber intelligence vs Threat intelligence ‘Threat intelligence’ is a term that has been given to the collection and sharing of information about identified threats. Essentially it refers to a database or feed of information that must be matched against an organization’s security alerts, logs and other forensics data to determine if a specific activity is a threat to the organization. If a detection can be correlated with a piece of threat data, it may be used to help protect against similar attacks that are still circulating. The fundamental flaw of sharing information about past attacks is that it is retrospective and does not help organizations defend against tomorrow’s fresh attacks. It is requires at least one organization to get burnt by each new attack vector in order to find it, limiting itself to telling you about previous attacks, in the assumption that the same attack might replicate itself. Typically, it takes months for a new attack vector or technique to manifest in threat intelligence feeds. In the meantime, your enterprise is vulnerable to those same attacks that have yet to be revealed and shared by prior victims. At worst, it is a mass of inapplicable data that distracts from the core objective of the organization, which is to defend against future attacks, not past ones. It is little solace to know that your organization was the first to discover, and suffer, a new threat and the first to add it to the threat feed, for others to protect themselves. Intelligence about threats must be tailored to an organization to be useful, and must feed into a human being at some point, in order for difficult decisions to be made. The best intelligence is that which assists human beings in the decision-making process, and gives them the best degree of confidence that those decisions are correct, appropriate and, most importantly, timely enough to avoid a full-scale data breach, operational interruption or reputational hit. True cyber intelligence is not about identifying past threats and attack vectors, therefore, but is focused on understanding exactly what is happening within the organizations, to a level of granularity that will expose even very subtle and quiet actions. Clever intelligence is about analyzing this detailed, real-time information in such a way as to correlate multiple weak indicators and form a picture of understanding from that data. Indeed, within the context of national security and law enforcement, ‘intelligence’ refers to the special insights that directly inform decisions around how to tackle specific risks and threats, before the adversary has seized the initiative and forced you onto the back foot. It provides evidence-based knowledge that allows human beings to determine how and when to take action, and in turn to assess the effectiveness of those decisions on an ongoing basis, as the context inevitably changes. For organizations looking to take proactive action against cyber adversaries during their attack missions, these questions are critical and require high-quality intelligence, the result of advanced, context-aware analysis of a broad range of factors that contribute to an attack taking place. Cyber intelligence must drive decisions while compromises are nascent and manageable, in a timeframe that allows those decisions to be effective and avoids a crisis at its logical conclusion.
  • 7. White Paper 7 Better focus, more action Attack techniques and methodologies are virtually impossible to predict, with yesterday’s attacks looking different to tomorrow’s one, or the one the day after. Internal vulnerabilities are a constant issue that require continual assessment. In this environment of countless threats existing within the organization at any given time, comprehensive visibility is required into the happenings of our own organizations to work out where to focus our attention, and establish cyber defense priorities in real time. Yet the overload of the security events and incidents that are frequently produced by the gamut of conventional security tools has often had the perverse effect of engendering inactivity, on the part of the security or IT function, due to the sheer volume of alerts that are surfaced, or the un-actionable nature of the information that is being fed back. Security practitioners must be able to hone in on threats, in a way that makes sense to the organization, rather than spend valuable time on thousands of context-less alarms. Taking advantage of each enterprise’s unique configuration, the time your employees come to work, the types of devices they use and the way they use them, the resources that they access, etc. etc. is critical, because no adversary has such details for their attack planning. This granularity of activity must be leveraged by employing self-learning ‘immune system’ technologies that can see and intelligently analyze this data, establishing an implicit understanding of its level of normality or otherwise, and surface anomalies in real time that must be dealt with by the business in a timely fashion. Conclusion The cyber intelligence function is crucial to the new risk mitigation strategies that are being put in place to deal with tomorrow’s threats, providing organizations with actionable knowledge and evidence that they would not otherwise have access to, and allowing them to deal with the genesis of a compromise, at the point that the abnormality emerges. Advanced mathematical technologies can leverage this ‘home advantage’ within very complex and dynamic environments. Next-generation solutions need to be highly sensitive to extremely low-level noise and catch the tweaks in normal behavior that manifest themselves as anomalous, based on an evolving understanding of what constitutes normality for that particular organization at any given moment in time. Being able to cope with subtle actions and quiet compromise is key to being able to detect and address the early stages of compromise before they snowball into uncontrollable cyber incidents that culminate in major financial, operational or reputational damage to the organization. An Enterprise Immune System approach does this, by continually learning, spotting and analyzing the faint traces and weak indicators that necessarily precede each potential disaster, rather than turning up on the crime scene to work out what went so terribly wrong.
  • 8. ABOUT DARKTRACE Darktrace is one of the world’s fastest-growing cyber defense companies and the leader in Enterprise Immune System technology, a new category of cyber solutions based on pioneering Bayesian mathematics developed at the University of Cambridge. Darktrace addresses the challenge of insider threat and advanced cyber-attacks through its unique ability to detect previously unidentified threats in real time, as manifested in the emerging behaviors of the network, devices and individuals. Some of the world’s largest organizations rely on Darktrace’s adaptive, self- learning platform to spot anomalous activity within the enterprise, in sectors including energy and utilities, financial services, telecommunications, retail and transportation. Darktrace was founded by world-class machine learning specialists and operational government intelligence experts. The company is headquartered in Cambridge, UK, with offices in London, Milan, New York, Paris, San Francisco and Washington D.C. CONTACT US UK: +44 (0) 1223 350 653 US: +1 (917) 363 0822 Email: info@darktrace.com www.darktrace.com