SlideShare une entreprise Scribd logo

Addressing the cyber kill chain

Symantec Brasil
Symantec Brasil

Conceito militar, agora aplicado a Cibersegurança, o "the cyber kill chain" foi desenvolvido pela Lockheed Martin em 2011. Ele descreve as fases que um adversário seguirá para alvejar uma Organização. São 7 fases bem definidas e este ataque é considerado bem sucedido se / quando todas as fases foram realizadas. (DOCUMENTO EM INGLÊS)

Technologie
1  sur  26
Télécharger pour lire hors ligne
Addressing the Cyber Kill Chain André Carraretto, CISSP Security Strategist
Agenda 1 Current Threat Landscape Challenges 2 The Cyber Kill Chain 3 How Symantec can help 4 Q&A Copyright © 2015 Symantec Corporation 2
Current Threat Landscape Challenges Copyright © 2015 Symantec Corporation 3
Enterprise Threat Landscape 4 Attackers Moving Faster Digital extortion on the rise Malware gets smarter Zero-Day Threats Many Sectors Under Attack 5 of 6 large companies attacked 317M new malware created 1M new threats daily 60% of attacks targeted SMEs 113% increase in ransomware 45X more devices held hostage 28% of malware was Virtual Machine Aware 24 all-time high Top 5 unpatched for 295 days 24 Healthcare + 37% Retail +11% Education +10% Government +8% Financial +6% Source: Symantec Internet Security Threat Report 2015
Key Trends Reshaping the Enterprise Security Market RESURGENCE OF ENDPOINT Rapid shift to mobile and IoT DISAPPEARING PERIMETER Decreasingly relevant with “fuzzy” perimeter RAPID CLOUD ADOPTION Enterprise data and applications moving to cloud SERVICES Security as a Service; box fatigue CYBERSECURITY Governments and regulators playing ever larger role 5 Copyright © 2015 Symantec Corporation
Top Breaches in 2014 Copyright © 2015 Symantec Corporation 6
Current Threat Landscape Challenges Copyright © 2015 Symantec Corporation 3
Top Breaches in 2014 Copyright © 2015 Symantec Corporation 8
Top Breaches in 2014 Copyright © 2015 Symantec Corporation 9
Top Breaches in 2015 (so far...) Copyright © 2015 Symantec Corporation 10
Top Breaches in 2015 (so far...) Copyright © 2015 Symantec Corporation 11
The Cyber Kill Chain Copyright © 2015 Symantec Corporation 12
The Cyber Kill Chain • Military concept, now applied to Cyber Security • Developed by Lockheed Martin in 2011 • Describes the phases an Adversary will follow to target an Organization • It has 7 well defined phases • Attack is considered successfull if/when all phases have been accomplished Copyright © 2015 Symantec Corporation 13
Enterprise Threat Landscape 4 Attackers Moving Faster Digital extortion on the rise Malware gets smarter Zero-Day Threats Many Sectors Under Attack 5 of 6 large companies attacked 317M new malware created 1M new threats daily 60% of attacks targeted SMEs 113% increase in ransomware 45X more devices held hostage 28% of malware was Virtual Machine Aware 24 all-time high Top 5 unpatched for 295 days 24 Healthcare + 37% Retail +11% Education +10% Government +8% Financial +6% Source: Symantec Internet Security Threat Report 2015
Addressing the Cyber Kill Chain Phase Detect Deny or Contain Disrupt, Eradicate or Deceive Recover Reconnaissance Web analytics, Internet scannning reports, vuln. scanning, pen testing, SIEM, DAST/SAST, threat intelligence, TIP Firewall ACL, system and service hardening, network obfuscation, logical segmentation Honeypot SAST/DAST Weaponization sentiment analysis, vuln. announcements, vuln. assessm. NIPS, NGFW, patch management, configuration hardening, application remediation SEG, SWG Delivery user training, security analytics, network behavior analysis, threat intelligence, NIPS, NGFW, WAF, DDoS, SSL inspection, TIP SWG, NGIPS, ATD, TIP EPP Backup or EPP cleanup Exploitation EPP, NIPS, SIEM, WAF EPP, NGIPS, ATD, WAF NIPS, NGFW, EPP, ATD data restoration from backups Installation EPP, endpoint forensics or ETDR, sandboxing, FIM EPP, MDM, IAM, endpoint containerization/app wrapping EPP, HIPS, incidente forensic tools incident response, ETDR Command and Control NIPS, NBA, network forensics, SIEM, DNS security,TIP IP/DNS reputation blocking, DLP, ATA DNS redirect, threat intelligence on DNS, egress filtering, NIPS incident response, system restore Action on Targets Logging, SIEM, DLP, honeypot, TIP, DAP egress filtering, SWG, trust zones, DLP QoS, DNS, DLP, ATA incident response Copyright © 2015 Symantec Corporation 15 Source: Gartner (August 2014) – G00263765
How Symantec can help Copyright © 2015 Symantec Corporation 16
Symantec Enterprise Security | STRONG FRANCHISES 17 #1 share; AAArating 12 quarters in a row Endpoint Security #1 share; 100% uptime with <0.0003% FPs 5 years in a row Email Security #1 DLP share; 100% of Fortune 100 Data Protection #1 share 6B certificate lookups/day Trust Services 13B validations every day 100% uptime last 5 years Authentication & Authorization Managed Security Services 12 Yrs Gartner MQ leader 30B logs analyzed/day Copyright © 2015 Symantec Corporation
Symantec Enterprise Security | UNIQUE VISIBILITY 18 57M attack sensors in 157 countries 175M endpoints 182M web attacks blocked last year 3.7T rows of telemetry 100 Billion more/month 9 threat response centers 500+ rapid security response team 30% of world’s enterprise email traffic scanned/day 1.8 Billion web requests Copyright © 2015 Symantec Corporation
Key Trends Reshaping the Enterprise Security Market RESURGENCE OF ENDPOINT Rapid shift to mobile and IoT DISAPPEARING PERIMETER Decreasingly relevant with “fuzzy” perimeter RAPID CLOUD ADOPTION Enterprise data and applications moving to cloud SERVICES Security as a Service; box fatigue CYBERSECURITY Governments and regulators playing ever larger role 5 Copyright © 2015 Symantec Corporation
Addressing the Cyber Kill Chain with Symantec Phase Detect Deny or Contain Disrupt, Eradicate or Deceive Recover Reconnaissance Deepsight Threat Intelligence, Managed Security Services (MSS) Control Compliance Suite Control Compliance Suite, Datacenter Security N/A N/A Weaponization Deepsight Managed Adversary Threat Intelligence (MATI) Control Compliance Suite, Altiris ITMS Messaging Gateway, Symantec.cloud (email/web) N/A Delivery MSS, Deepsight Threat Intelligence, Blackfin acquisition (user training, phishing tests) ATP Suite, Deepsight Threat Intelligence Endpoint Protection Endpoint Protection (Power Eraser), Veritas Exploitation Endpoint Protection, Datacenter Security, MSS Endpoint Protection, Datacenter Security, ATP Suite, Deepsight Threat Intelligence Endpoint Protection, ATP Suite, Datacenter Security Veritas Installation Endpoint Protection, Advanced Threat Protection Suite (ATP Suite), Datacenter Security Endpoint Protection, Moblity Suite, Authentication Manager, VIP, Managed PKI Endpoint Protection, ATP Suite, Datacenter Security Incident Response Retainer Services Command and Control MSS, Deepsight Threat Intelligence Deepsight Threat Intelligence, DLP, ATP Suite Deepsight Threat Inteligence Incident Response Retainer Services Action on Targets MSS, Data Loss Prevention (DLP), Deepsight Threat Intelligence Data Loss Prevention DLP, ATP Suite Incident Response Retainer Services Copyright © 2015 Symantec Corporation 20 Source: Gartner (August 2014) – G00263765
Recommendations Reconnaissance • Regular external scannings / pentest • Deepsight MATI: Monitor underground Internet • DCS:SA: Enforce least privilegie concept on Internet-facing servers • MSS: Analytics to detect indicators of unwanted activity against Internet-facing servers • Employ SLDC to guarantee applications are processing untrusted input correctly Weaponization • Deepsight Intelligence: keep informed of recently discovered vulnerabilities and weaponized exploits available to them • Deepsight MATI: Monitor possible/future activities planned against your organization and to track adversaries Copyright © 2015 Symantec Corporation 21
Recommendations Delivery • Keep using your traditional controls (NGFW, NGIPS, SWG, DDoS, WAF) to provide visibility and prevent compromise attempts • ATP Suite: inspect suspicious files through sandboxing analysis • Analyze DNS resolution to unwanted or malicious hosts Exploitation • MSS: collect and correlate logs from various control points to provide better visibility of malicious behavior • Email Security.cloud, Endpoint Protection: those can help limit most of the attack attempts • Deepsight Datafeeds: provide intelligence over malicious IPs/Domains to your SIEM. • ATP Suite: inspect suspicious files through sandboxing analysis Copyright © 2015 Symantec Corporation 22
Recommendations Installation • Endpoint Protection: to provide greater protection over advanced malware, browser attacks and application white/blacklisting • SAM/VIP/MPKI: employ strong authentication to reduce likelyhood of installation and data access • Incident Response Retainer: helps with incidente response practices and containment Command and Control • Deepsight Datafeeds: provide intelligence over malicious IPs/Domains to your SIEM. It can also be used to create a “DNS Sinkhole” to divert malicious connections • MSS: collect and correlate logs from various control points to provide better visibility of malicious behavior, including C&C connections Copyright © 2015 Symantec Corporation 23
Recommendations Action on Targets • Data Loss Prevention: to perform continous monitoring of user behavior/data access • Employ Database monitoring tools to detect/block suspicious data access (excess in volume, abnormal times, locations, etc) Copyright © 2015 Symantec Corporation 24
&Q A Copyright © 2015 Symantec Corporation 25
Thank you! Copyright © 2015 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. André Carraretto, CISSP andre_carraretto@symantec.com @andrecarraretto https://br.linkedin.com/in/andrecarraretto

Recommandé

Understanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loopUnderstanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loopDavid Sweigert
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat IntelligenceDeepak Kumar (D3)
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chainAnkita Ganguly
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsSergey Soldatov
 
Threat Intelligence & Threat research Sources
Threat Intelligence & Threat research SourcesThreat Intelligence & Threat research Sources
Threat Intelligence & Threat research SourcesLearningwithRayYT
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligenceseadeloitte
 

Recommandé

Understanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loopUnderstanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loopDavid Sweigert
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat IntelligenceDeepak Kumar (D3)
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chainAnkita Ganguly
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsSergey Soldatov
 
Threat Intelligence & Threat research Sources
Threat Intelligence & Threat research SourcesThreat Intelligence & Threat research Sources
Threat Intelligence & Threat research SourcesLearningwithRayYT
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligenceseadeloitte
 
MITRE ATT&CK framework
MITRE ATT&CK frameworkMITRE ATT&CK framework
MITRE ATT&CK frameworkBhushan Gurav
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework👀 Joe Gray
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceMarlabs
 
Understanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfUnderstanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfslametarrokhim1
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsMark Arena
 
Welcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceWelcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceAndreas Sfakianakis
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Frameworkn|u - The Open Security Community
 
Cyber Kill Chain.pptx
Cyber Kill Chain.pptxCyber Kill Chain.pptx
Cyber Kill Chain.pptxVivek Chauhan
 
INCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEWINCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEWSylvain Martinez
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceZaiffiEhsan
 
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainSuwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat IntelligenceNTT Innovation Institute Inc.
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
 
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKTracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKMITRE ATT&CK
 
Next Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAMNext Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAMBGA Cyber Security
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3Shawn Croswell
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence pptKumar Gaurav
 
SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SHRIYARAI4
 
Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?InnoTech
 
Science of Security: Cyber Ecosystem Attack Analysis Methodology
Science of Security: Cyber Ecosystem Attack Analysis MethodologyScience of Security: Cyber Ecosystem Attack Analysis Methodology
Science of Security: Cyber Ecosystem Attack Analysis MethodologyShawn Riley
 

Contenu connexe

Tendances

MITRE ATT&CK framework
MITRE ATT&CK frameworkMITRE ATT&CK framework
MITRE ATT&CK frameworkBhushan Gurav
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceMarlabs
 
Understanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfUnderstanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfslametarrokhim1
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsMark Arena
 
Welcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceWelcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceAndreas Sfakianakis
 
Cyber Kill Chain.pptx
Cyber Kill Chain.pptxCyber Kill Chain.pptx
Cyber Kill Chain.pptxVivek Chauhan
 
INCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEWINCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEWSylvain Martinez
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceZaiffiEhsan
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
 
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKTracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKMITRE ATT&CK
 
Next Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAMNext Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAMBGA Cyber Security
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3Shawn Croswell
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence pptKumar Gaurav
 
SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SHRIYARAI4
 

Tendances (20)

MITRE ATT&CK framework
MITRE ATT&CK frameworkMITRE ATT&CK framework
MITRE ATT&CK framework
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Understanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfUnderstanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdf
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metrics
 
Welcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceWelcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat Intelligence
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
 
Cyber Kill Chain.pptx
Cyber Kill Chain.pptxCyber Kill Chain.pptx
Cyber Kill Chain.pptx
 
INCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEWINCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEW
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill Chain
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat Intelligence
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat Intelligence
 
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKTracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
 
Next Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAMNext Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAM
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence ppt
 
SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SIEM : Security Information and Event Management
SIEM : Security Information and Event Management
 

En vedette

Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?InnoTech
 
Science of Security: Cyber Ecosystem Attack Analysis Methodology
Science of Security: Cyber Ecosystem Attack Analysis MethodologyScience of Security: Cyber Ecosystem Attack Analysis Methodology
Science of Security: Cyber Ecosystem Attack Analysis MethodologyShawn Riley
 
Crack the Code
Crack the CodeCrack the Code
Crack the CodeInnoTech
 
Purple teaming Cyber Kill Chain
Purple teaming Cyber Kill ChainPurple teaming Cyber Kill Chain
Purple teaming Cyber Kill ChainHaydn Johnson
 
Cyber security the cybersecurity kill chan - myth or threat
Cyber security the cybersecurity kill chan - myth or threatCyber security the cybersecurity kill chan - myth or threat
Cyber security the cybersecurity kill chan - myth or threatSogetiLabs
 
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...Chris Gates
 

En vedette (6)

Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?
 
Science of Security: Cyber Ecosystem Attack Analysis Methodology
Science of Security: Cyber Ecosystem Attack Analysis MethodologyScience of Security: Cyber Ecosystem Attack Analysis Methodology
Science of Security: Cyber Ecosystem Attack Analysis Methodology
 
Crack the Code
Crack the CodeCrack the Code
Crack the Code
 
Purple teaming Cyber Kill Chain
Purple teaming Cyber Kill ChainPurple teaming Cyber Kill Chain
Purple teaming Cyber Kill Chain
 
Cyber security the cybersecurity kill chan - myth or threat
Cyber security the cybersecurity kill chan - myth or threatCyber security the cybersecurity kill chan - myth or threat
Cyber security the cybersecurity kill chan - myth or threat
 
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
 

Similaire à Addressing the cyber kill chain

Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Scalar Decisions
 
Exploring the Defender's Advantage
Exploring the Defender's AdvantageExploring the Defender's Advantage
Exploring the Defender's AdvantageRaffael Marty
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Cyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO DayCyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO DaySymantec
 
Securing the Cloud
Securing the CloudSecuring the Cloud
Securing the CloudGGV Capital
 
Esteban Próspero
Esteban PrósperoEsteban Próspero
Esteban PrósperoClusterCba
 
Marlabs cyber threat management
Marlabs cyber threat managementMarlabs cyber threat management
Marlabs cyber threat managementRajendra Menon
 
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat ProtectionSymantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat ProtectioninfoLock Technologies
 
Information Security
Information SecurityInformation Security
Information SecurityMohit8780
 
Revolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionRevolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionBlue Coat
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBsJyothi Satyanathan
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?MenloSecurity
 
Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015SLBdiensten
 
SANS Report: The State of Security in Control Systems Today
SANS Report: The State of Security in Control Systems TodaySANS Report: The State of Security in Control Systems Today
SANS Report: The State of Security in Control Systems TodaySurfWatch Labs
 
Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)Cisco do Brasil
 
Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Iftikhar Ali Iqbal
 
Crush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XCrush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XPrime Infoserv
 

Similaire à Addressing the cyber kill chain (20)

Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
 
Exploring the Defender's Advantage
Exploring the Defender's AdvantageExploring the Defender's Advantage
Exploring the Defender's Advantage
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Symantec Data Loss Prevention 9
Symantec Data Loss Prevention 9Symantec Data Loss Prevention 9
Symantec Data Loss Prevention 9
 
Cyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO DayCyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO Day
 
Securing the Cloud
Securing the CloudSecuring the Cloud
Securing the Cloud
 
MID_SIEM_Boubker_EN
MID_SIEM_Boubker_ENMID_SIEM_Boubker_EN
MID_SIEM_Boubker_EN
 
Esteban Próspero
Esteban PrósperoEsteban Próspero
Esteban Próspero
 
Marlabs cyber threat management
Marlabs cyber threat managementMarlabs cyber threat management
Marlabs cyber threat management
 
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat ProtectionSymantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
 
Information Security
Information SecurityInformation Security
Information Security
 
Revolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionRevolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat Protection
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBs
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?
 
Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015
 
SANS Report: The State of Security in Control Systems Today
SANS Report: The State of Security in Control Systems TodaySANS Report: The State of Security in Control Systems Today
SANS Report: The State of Security in Control Systems Today
 
Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)
 
Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)
 
Crush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XCrush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield X
 
ISACA ISSA Presentation
ISACA ISSA PresentationISACA ISSA Presentation
ISACA ISSA Presentation
 

Plus de Symantec Brasil

Symantec -Executive Report - edicao 1
Symantec -Executive Report - edicao 1Symantec -Executive Report - edicao 1
Symantec -Executive Report - edicao 1Symantec Brasil
 
A Symantec Fornece Solução Automatizada para Proteção contra o Comprometiment...
A Symantec Fornece Solução Automatizada para Proteção contra o Comprometiment...A Symantec Fornece Solução Automatizada para Proteção contra o Comprometiment...
A Symantec Fornece Solução Automatizada para Proteção contra o Comprometiment...Symantec Brasil
 
Por dentro da la transformación - Entrevista Sheila Jordan (BR)
Por dentro da la transformación - Entrevista Sheila Jordan (BR)Por dentro da la transformación - Entrevista Sheila Jordan (BR)
Por dentro da la transformación - Entrevista Sheila Jordan (BR)Symantec Brasil
 
Por dentro da transformação - Entrevista Sheila Jordan (BR)
Por dentro da transformação - Entrevista Sheila Jordan (BR)Por dentro da transformação - Entrevista Sheila Jordan (BR)
Por dentro da transformação - Entrevista Sheila Jordan (BR)Symantec Brasil
 
Be Aware - Eu sou o próximo alvo?
Be Aware - Eu sou o próximo alvo?Be Aware - Eu sou o próximo alvo?
Be Aware - Eu sou o próximo alvo?Symantec Brasil
 
Como garantir um maior nívelde proteção de dados
Como garantir um maior nívelde proteção de dadosComo garantir um maior nívelde proteção de dados
Como garantir um maior nívelde proteção de dadosSymantec Brasil
 
Segurança da Informação na era do IoT: conectividade, e ameaças, por todos os...
Segurança da Informação na era do IoT: conectividade, e ameaças, por todos os...Segurança da Informação na era do IoT: conectividade, e ameaças, por todos os...
Segurança da Informação na era do IoT: conectividade, e ameaças, por todos os...Symantec Brasil
 
Be Aware Webinar Symantec - O que há de novo? Data Loss Prevention 14.5
Be Aware Webinar Symantec - O que há de novo? Data Loss Prevention 14.5Be Aware Webinar Symantec - O que há de novo? Data Loss Prevention 14.5
Be Aware Webinar Symantec - O que há de novo? Data Loss Prevention 14.5Symantec Brasil
 
Be Aware Webinar Symantec - Spear-phishing: Seus usuários estão preparados pa...
Be Aware Webinar Symantec - Spear-phishing: Seus usuários estão preparados pa...Be Aware Webinar Symantec - Spear-phishing: Seus usuários estão preparados pa...
Be Aware Webinar Symantec - Spear-phishing: Seus usuários estão preparados pa...Symantec Brasil
 
Be Aware Webinar Symantec - Reduza as vulnerabilidades do seu ambiente de TI
Be Aware Webinar Symantec - Reduza as vulnerabilidades do seu ambiente de TIBe Aware Webinar Symantec - Reduza as vulnerabilidades do seu ambiente de TI
Be Aware Webinar Symantec - Reduza as vulnerabilidades do seu ambiente de TISymantec Brasil
 
Be Aware Webinar Symantec - Relatório de Ameaças à Segurança na Internet de 2...
Be Aware Webinar Symantec - Relatório de Ameaças à Segurança na Internet de 2...Be Aware Webinar Symantec - Relatório de Ameaças à Segurança na Internet de 2...
Be Aware Webinar Symantec - Relatório de Ameaças à Segurança na Internet de 2...Symantec Brasil
 
Be Aware Webinar - Criptografia, uma forma simples de proteger seus dados pes...
Be Aware Webinar - Criptografia, uma forma simples de proteger seus dados pes...Be Aware Webinar - Criptografia, uma forma simples de proteger seus dados pes...
Be Aware Webinar - Criptografia, uma forma simples de proteger seus dados pes...Symantec Brasil
 
Be Aware Webinar Symantec - O que devo considerar com o suporte de pós vendas...
Be Aware Webinar Symantec - O que devo considerar com o suporte de pós vendas...Be Aware Webinar Symantec - O que devo considerar com o suporte de pós vendas...
Be Aware Webinar Symantec - O que devo considerar com o suporte de pós vendas...Symantec Brasil
 
Be Aware Webinar - Segurança de email: Ameaças, SPAM e Sequestros, uma máquin...
Be Aware Webinar - Segurança de email: Ameaças, SPAM e Sequestros, uma máquin...Be Aware Webinar - Segurança de email: Ameaças, SPAM e Sequestros, uma máquin...
Be Aware Webinar - Segurança de email: Ameaças, SPAM e Sequestros, uma máquin...Symantec Brasil
 
Be Aware Webinar - Malwares Multiplataformas
Be Aware Webinar - Malwares MultiplataformasBe Aware Webinar - Malwares Multiplataformas
Be Aware Webinar - Malwares MultiplataformasSymantec Brasil
 
A Abordagem Symantec para Derrotar Ameaças Avançadas
A Abordagem Symantec para Derrotar Ameaças AvançadasA Abordagem Symantec para Derrotar Ameaças Avançadas
A Abordagem Symantec para Derrotar Ameaças AvançadasSymantec Brasil
 
Symantec Advanced Threat Protection: Symantec Cynic
Symantec Advanced Threat Protection: Symantec CynicSymantec Advanced Threat Protection: Symantec Cynic
Symantec Advanced Threat Protection: Symantec CynicSymantec Brasil
 
Ameaças Persistentes Avançadas: Passando da Detecção para a Prevenção e Resposta
Ameaças Persistentes Avançadas: Passando da Detecção para a Prevenção e RespostaAmeaças Persistentes Avançadas: Passando da Detecção para a Prevenção e Resposta
Ameaças Persistentes Avançadas: Passando da Detecção para a Prevenção e RespostaSymantec Brasil
 

Plus de Symantec Brasil (20)

Symantec -Executive Report - edicao 1
Symantec -Executive Report - edicao 1Symantec -Executive Report - edicao 1
Symantec -Executive Report - edicao 1
 
A Symantec Fornece Solução Automatizada para Proteção contra o Comprometiment...
A Symantec Fornece Solução Automatizada para Proteção contra o Comprometiment...A Symantec Fornece Solução Automatizada para Proteção contra o Comprometiment...
A Symantec Fornece Solução Automatizada para Proteção contra o Comprometiment...
 
Por dentro da la transformación - Entrevista Sheila Jordan (BR)
Por dentro da la transformación - Entrevista Sheila Jordan (BR)Por dentro da la transformación - Entrevista Sheila Jordan (BR)
Por dentro da la transformación - Entrevista Sheila Jordan (BR)
 
Por dentro da transformação - Entrevista Sheila Jordan (BR)
Por dentro da transformação - Entrevista Sheila Jordan (BR)Por dentro da transformação - Entrevista Sheila Jordan (BR)
Por dentro da transformação - Entrevista Sheila Jordan (BR)
 
Be Aware - Eu sou o próximo alvo?
Be Aware - Eu sou o próximo alvo?Be Aware - Eu sou o próximo alvo?
Be Aware - Eu sou o próximo alvo?
 
Ameaças de Junho 2016
Ameaças de Junho 2016 Ameaças de Junho 2016
Ameaças de Junho 2016
 
Como garantir um maior nívelde proteção de dados
Como garantir um maior nívelde proteção de dadosComo garantir um maior nívelde proteção de dados
Como garantir um maior nívelde proteção de dados
 
Customer Super Care
Customer Super CareCustomer Super Care
Customer Super Care
 
Segurança da Informação na era do IoT: conectividade, e ameaças, por todos os...
Segurança da Informação na era do IoT: conectividade, e ameaças, por todos os...Segurança da Informação na era do IoT: conectividade, e ameaças, por todos os...
Segurança da Informação na era do IoT: conectividade, e ameaças, por todos os...
 
Be Aware Webinar Symantec - O que há de novo? Data Loss Prevention 14.5
Be Aware Webinar Symantec - O que há de novo? Data Loss Prevention 14.5Be Aware Webinar Symantec - O que há de novo? Data Loss Prevention 14.5
Be Aware Webinar Symantec - O que há de novo? Data Loss Prevention 14.5
 
Be Aware Webinar Symantec - Spear-phishing: Seus usuários estão preparados pa...
Be Aware Webinar Symantec - Spear-phishing: Seus usuários estão preparados pa...Be Aware Webinar Symantec - Spear-phishing: Seus usuários estão preparados pa...
Be Aware Webinar Symantec - Spear-phishing: Seus usuários estão preparados pa...
 
Be Aware Webinar Symantec - Reduza as vulnerabilidades do seu ambiente de TI
Be Aware Webinar Symantec - Reduza as vulnerabilidades do seu ambiente de TIBe Aware Webinar Symantec - Reduza as vulnerabilidades do seu ambiente de TI
Be Aware Webinar Symantec - Reduza as vulnerabilidades do seu ambiente de TI
 
Be Aware Webinar Symantec - Relatório de Ameaças à Segurança na Internet de 2...
Be Aware Webinar Symantec - Relatório de Ameaças à Segurança na Internet de 2...Be Aware Webinar Symantec - Relatório de Ameaças à Segurança na Internet de 2...
Be Aware Webinar Symantec - Relatório de Ameaças à Segurança na Internet de 2...
 
Be Aware Webinar - Criptografia, uma forma simples de proteger seus dados pes...
Be Aware Webinar - Criptografia, uma forma simples de proteger seus dados pes...Be Aware Webinar - Criptografia, uma forma simples de proteger seus dados pes...
Be Aware Webinar - Criptografia, uma forma simples de proteger seus dados pes...
 
Be Aware Webinar Symantec - O que devo considerar com o suporte de pós vendas...
Be Aware Webinar Symantec - O que devo considerar com o suporte de pós vendas...Be Aware Webinar Symantec - O que devo considerar com o suporte de pós vendas...
Be Aware Webinar Symantec - O que devo considerar com o suporte de pós vendas...
 
Be Aware Webinar - Segurança de email: Ameaças, SPAM e Sequestros, uma máquin...
Be Aware Webinar - Segurança de email: Ameaças, SPAM e Sequestros, uma máquin...Be Aware Webinar - Segurança de email: Ameaças, SPAM e Sequestros, uma máquin...
Be Aware Webinar - Segurança de email: Ameaças, SPAM e Sequestros, uma máquin...
 
Be Aware Webinar - Malwares Multiplataformas
Be Aware Webinar - Malwares MultiplataformasBe Aware Webinar - Malwares Multiplataformas
Be Aware Webinar - Malwares Multiplataformas
 
A Abordagem Symantec para Derrotar Ameaças Avançadas
A Abordagem Symantec para Derrotar Ameaças AvançadasA Abordagem Symantec para Derrotar Ameaças Avançadas
A Abordagem Symantec para Derrotar Ameaças Avançadas
 
Symantec Advanced Threat Protection: Symantec Cynic
Symantec Advanced Threat Protection: Symantec CynicSymantec Advanced Threat Protection: Symantec Cynic
Symantec Advanced Threat Protection: Symantec Cynic
 
Ameaças Persistentes Avançadas: Passando da Detecção para a Prevenção e Resposta
Ameaças Persistentes Avançadas: Passando da Detecção para a Prevenção e RespostaAmeaças Persistentes Avançadas: Passando da Detecção para a Prevenção e Resposta
Ameaças Persistentes Avançadas: Passando da Detecção para a Prevenção e Resposta
 

Dernier

Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 

Dernier (20)

Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 

Addressing the cyber kill chain

  • 1. Addressing the Cyber Kill Chain André Carraretto, CISSP Security Strategist
  • 2. Agenda 1 Current Threat Landscape Challenges 2 The Cyber Kill Chain 3 How Symantec can help 4 Q&A Copyright © 2015 Symantec Corporation 2
  • 3. Current Threat Landscape Challenges Copyright © 2015 Symantec Corporation 3
  • 4. Enterprise Threat Landscape 4 Attackers Moving Faster Digital extortion on the rise Malware gets smarter Zero-Day Threats Many Sectors Under Attack 5 of 6 large companies attacked 317M new malware created 1M new threats daily 60% of attacks targeted SMEs 113% increase in ransomware 45X more devices held hostage 28% of malware was Virtual Machine Aware 24 all-time high Top 5 unpatched for 295 days 24 Healthcare + 37% Retail +11% Education +10% Government +8% Financial +6% Source: Symantec Internet Security Threat Report 2015
  • 5. Key Trends Reshaping the Enterprise Security Market RESURGENCE OF ENDPOINT Rapid shift to mobile and IoT DISAPPEARING PERIMETER Decreasingly relevant with “fuzzy” perimeter RAPID CLOUD ADOPTION Enterprise data and applications moving to cloud SERVICES Security as a Service; box fatigue CYBERSECURITY Governments and regulators playing ever larger role 5 Copyright © 2015 Symantec Corporation
  • 6. Top Breaches in 2014 Copyright © 2015 Symantec Corporation 6
  • 7. Current Threat Landscape Challenges Copyright © 2015 Symantec Corporation 3
  • 8. Top Breaches in 2014 Copyright © 2015 Symantec Corporation 8
  • 9. Top Breaches in 2014 Copyright © 2015 Symantec Corporation 9
  • 10. Top Breaches in 2015 (so far...) Copyright © 2015 Symantec Corporation 10
  • 11. Top Breaches in 2015 (so far...) Copyright © 2015 Symantec Corporation 11
  • 12. The Cyber Kill Chain Copyright © 2015 Symantec Corporation 12
  • 13. The Cyber Kill Chain • Military concept, now applied to Cyber Security • Developed by Lockheed Martin in 2011 • Describes the phases an Adversary will follow to target an Organization • It has 7 well defined phases • Attack is considered successfull if/when all phases have been accomplished Copyright © 2015 Symantec Corporation 13
  • 14. Enterprise Threat Landscape 4 Attackers Moving Faster Digital extortion on the rise Malware gets smarter Zero-Day Threats Many Sectors Under Attack 5 of 6 large companies attacked 317M new malware created 1M new threats daily 60% of attacks targeted SMEs 113% increase in ransomware 45X more devices held hostage 28% of malware was Virtual Machine Aware 24 all-time high Top 5 unpatched for 295 days 24 Healthcare + 37% Retail +11% Education +10% Government +8% Financial +6% Source: Symantec Internet Security Threat Report 2015
  • 15. Addressing the Cyber Kill Chain Phase Detect Deny or Contain Disrupt, Eradicate or Deceive Recover Reconnaissance Web analytics, Internet scannning reports, vuln. scanning, pen testing, SIEM, DAST/SAST, threat intelligence, TIP Firewall ACL, system and service hardening, network obfuscation, logical segmentation Honeypot SAST/DAST Weaponization sentiment analysis, vuln. announcements, vuln. assessm. NIPS, NGFW, patch management, configuration hardening, application remediation SEG, SWG Delivery user training, security analytics, network behavior analysis, threat intelligence, NIPS, NGFW, WAF, DDoS, SSL inspection, TIP SWG, NGIPS, ATD, TIP EPP Backup or EPP cleanup Exploitation EPP, NIPS, SIEM, WAF EPP, NGIPS, ATD, WAF NIPS, NGFW, EPP, ATD data restoration from backups Installation EPP, endpoint forensics or ETDR, sandboxing, FIM EPP, MDM, IAM, endpoint containerization/app wrapping EPP, HIPS, incidente forensic tools incident response, ETDR Command and Control NIPS, NBA, network forensics, SIEM, DNS security,TIP IP/DNS reputation blocking, DLP, ATA DNS redirect, threat intelligence on DNS, egress filtering, NIPS incident response, system restore Action on Targets Logging, SIEM, DLP, honeypot, TIP, DAP egress filtering, SWG, trust zones, DLP QoS, DNS, DLP, ATA incident response Copyright © 2015 Symantec Corporation 15 Source: Gartner (August 2014) – G00263765
  • 16. How Symantec can help Copyright © 2015 Symantec Corporation 16
  • 17. Symantec Enterprise Security | STRONG FRANCHISES 17 #1 share; AAArating 12 quarters in a row Endpoint Security #1 share; 100% uptime with <0.0003% FPs 5 years in a row Email Security #1 DLP share; 100% of Fortune 100 Data Protection #1 share 6B certificate lookups/day Trust Services 13B validations every day 100% uptime last 5 years Authentication & Authorization Managed Security Services 12 Yrs Gartner MQ leader 30B logs analyzed/day Copyright © 2015 Symantec Corporation
  • 18. Symantec Enterprise Security | UNIQUE VISIBILITY 18 57M attack sensors in 157 countries 175M endpoints 182M web attacks blocked last year 3.7T rows of telemetry 100 Billion more/month 9 threat response centers 500+ rapid security response team 30% of world’s enterprise email traffic scanned/day 1.8 Billion web requests Copyright © 2015 Symantec Corporation
  • 19. Key Trends Reshaping the Enterprise Security Market RESURGENCE OF ENDPOINT Rapid shift to mobile and IoT DISAPPEARING PERIMETER Decreasingly relevant with “fuzzy” perimeter RAPID CLOUD ADOPTION Enterprise data and applications moving to cloud SERVICES Security as a Service; box fatigue CYBERSECURITY Governments and regulators playing ever larger role 5 Copyright © 2015 Symantec Corporation
  • 20. Addressing the Cyber Kill Chain with Symantec Phase Detect Deny or Contain Disrupt, Eradicate or Deceive Recover Reconnaissance Deepsight Threat Intelligence, Managed Security Services (MSS) Control Compliance Suite Control Compliance Suite, Datacenter Security N/A N/A Weaponization Deepsight Managed Adversary Threat Intelligence (MATI) Control Compliance Suite, Altiris ITMS Messaging Gateway, Symantec.cloud (email/web) N/A Delivery MSS, Deepsight Threat Intelligence, Blackfin acquisition (user training, phishing tests) ATP Suite, Deepsight Threat Intelligence Endpoint Protection Endpoint Protection (Power Eraser), Veritas Exploitation Endpoint Protection, Datacenter Security, MSS Endpoint Protection, Datacenter Security, ATP Suite, Deepsight Threat Intelligence Endpoint Protection, ATP Suite, Datacenter Security Veritas Installation Endpoint Protection, Advanced Threat Protection Suite (ATP Suite), Datacenter Security Endpoint Protection, Moblity Suite, Authentication Manager, VIP, Managed PKI Endpoint Protection, ATP Suite, Datacenter Security Incident Response Retainer Services Command and Control MSS, Deepsight Threat Intelligence Deepsight Threat Intelligence, DLP, ATP Suite Deepsight Threat Inteligence Incident Response Retainer Services Action on Targets MSS, Data Loss Prevention (DLP), Deepsight Threat Intelligence Data Loss Prevention DLP, ATP Suite Incident Response Retainer Services Copyright © 2015 Symantec Corporation 20 Source: Gartner (August 2014) – G00263765
  • 21. Recommendations Reconnaissance • Regular external scannings / pentest • Deepsight MATI: Monitor underground Internet • DCS:SA: Enforce least privilegie concept on Internet-facing servers • MSS: Analytics to detect indicators of unwanted activity against Internet-facing servers • Employ SLDC to guarantee applications are processing untrusted input correctly Weaponization • Deepsight Intelligence: keep informed of recently discovered vulnerabilities and weaponized exploits available to them • Deepsight MATI: Monitor possible/future activities planned against your organization and to track adversaries Copyright © 2015 Symantec Corporation 21
  • 22. Recommendations Delivery • Keep using your traditional controls (NGFW, NGIPS, SWG, DDoS, WAF) to provide visibility and prevent compromise attempts • ATP Suite: inspect suspicious files through sandboxing analysis • Analyze DNS resolution to unwanted or malicious hosts Exploitation • MSS: collect and correlate logs from various control points to provide better visibility of malicious behavior • Email Security.cloud, Endpoint Protection: those can help limit most of the attack attempts • Deepsight Datafeeds: provide intelligence over malicious IPs/Domains to your SIEM. • ATP Suite: inspect suspicious files through sandboxing analysis Copyright © 2015 Symantec Corporation 22
  • 23. Recommendations Installation • Endpoint Protection: to provide greater protection over advanced malware, browser attacks and application white/blacklisting • SAM/VIP/MPKI: employ strong authentication to reduce likelyhood of installation and data access • Incident Response Retainer: helps with incidente response practices and containment Command and Control • Deepsight Datafeeds: provide intelligence over malicious IPs/Domains to your SIEM. It can also be used to create a “DNS Sinkhole” to divert malicious connections • MSS: collect and correlate logs from various control points to provide better visibility of malicious behavior, including C&C connections Copyright © 2015 Symantec Corporation 23
  • 24. Recommendations Action on Targets • Data Loss Prevention: to perform continous monitoring of user behavior/data access • Employ Database monitoring tools to detect/block suspicious data access (excess in volume, abnormal times, locations, etc) Copyright © 2015 Symantec Corporation 24
  • 25. &Q A Copyright © 2015 Symantec Corporation 25
  • 26. Thank you! Copyright © 2015 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. André Carraretto, CISSP andre_carraretto@symantec.com @andrecarraretto https://br.linkedin.com/in/andrecarraretto