SlideShare une entreprise Scribd logo

The 4horsemen of ics secapocalypse

Christiaan Beek
Christiaan Beek

What are the myths & legends around securing Industrial Controlled Systems? In a short presentation some of the day to day experiences are explained around problems/risks, fairy-tales around securing ICS. After reading the presentation will lead to start doing some homework....

Technologie
1  sur  29
“The four horsemen of the ICS security apocalypse” Christiaan Beek Director of Incident Response & Forensics EMEA
What to expect v Intro v ICS security a myth? v The Four Horsemen v Wrap-up v Questions? Thanks @Beaker for approving the title of this presentation
Foundstone Foundstone Services – McAfee Strategic Security
McAfee Cyber Defense Center Incident Response Training Advanced Malware Analysis Strategic Services/ Assessments Contextual Threat intelligence SCADA assessments Mobile Forensics Computer Forensics McAfee CDC in Dubai
Forensics and IR Lead for EMEA Christiaan Beek •  Digital Forensics As an Enterprise Architect on the Foundstone Services team, Christiaan is the Head of and practice lead for the Incident Response and Forensics services team in EMEA. He has performed numerous forensic investigations from system compromise, theft, child pornography, malware infections, Advanced Persistent Threats (APT) and mobile devices. He has also participated as an expert witness for the Dutch Department of Justice in high-profile investigations and leading a team of computer forensics specialists assisting police with evidence recovery. •  Vulnerability Assessment and Network Penetration Testing Since 2000 Christiaan has been performing security assessments and penetration testing for companies in in almost every industry. •  Risk Assessment and Policy Development With extensive experience in PCI-DSS, Christiaan has assisted numerous international clients in Banking, Insurance, Government with their Risk Management strategy. As the Security Officer of the largest water company in the Netherlands, he developed IT security policies for both the data and SCADA networks. •  Foundstone Education Christiaan is the author and lead-instructor of the class ‘Malware Forensics and Incident Response’ (MFIRE). •  Hack Exposed Book Christiaan has co-authored the APT chapter in the new Hacking Exposed 7 book. Our Incident Response Team •  Most of the first responders have more than a decade of experience •  Many of them have participated in law enforcement investigations •  Our consultants write articles for digital forensics magazines, and well known security e-publications •  We teach forensics and malware analysis to governments and at globally-known conferences like… •  We participate in
ICS Security….. March6
The Four Horsemen of the Apocalypse are described in the Book of Revelation. The four riders are seen as symbolizing & represent the following powers: -  War -  Famine -  Death -  Pestilence
Horseman #1:
War: IT departments Corporate IT Production IT
War: Last 6 months.. Position Country 1 KSA 2 Iran 3 Egypt 4 UAE 5 Turkey Vertical Government Oil & Gas Financials Telco ISP Attack Types DDoS SQL injection Defacements Targeted malware Account Hijacking
Horseman #2:
Famine: Priorities ICS/SCADA perspective Availability Integrity Confidentiality IT perspective Confidentiality Integrity Availability
Famine: Incident Response v Handling incidents in an ICS environment is different v Forensics could be challenging v Where’s the evidence-data v Different OS & applications than corporate
Famine: People & Education v Lack of skilled, experienced and passionate people v  Not a lot of good education around v Only a few good books out there
Famine: sigh….. Some still don’t get it, So for once and for all: BASE64 is NOT encryption!
Horseman #3:
An Intel company
An Intel company Your ICS vendor We s..ck The MS09-XX patch cannot be applied for the next two years on our product…. Kind regards, your ICS vendor
Horseman # 4:
Easiness of attack: SCADA networks are attached to the corporate network or Internet. Exploiting of the systems is becoming easy… Background & S7 example: project IRAM – http://www.scadacs.org
Researchers focus more on exploits Still many firmware updates contain username & pwd in cleartext….
Don’t give up!!!
Initiatives v Many ICS vendors nowadays have a dedicated security team and are addressing vulnerabilities v Security vendors are partnering with ICS vendors to certify their products for the platforms used
How is McAfee contributing? EndpointNetworkData Corporate IT SCADA Device Network Enterprise Apps Ethernet, TCP/IP Modern Computers (Windows, Linux, Mac) SCADA, HMI Ethernet, Serial Legacy Computers (Windows) Ladder Logic Ethernet, Serial, Relays Special Function (Embedded OS)
McAfee is working with all major SCADA & ICS vendors to test, certify, and in many cases embed McAfee technology
Product Acceptance & Certification Currently Supported Products Cert’d OEM Integrity Control, Embedded Control, Device Control, HIPS, VirusScan Enterprise, AntiSpyware Enterprise, ePO, Roque System Detection, McAfee Agent Integrity Control, Embedded Control, Device Control Embedded Control, Device Control, HIPS, ePO, Enterprise Security Manager, IPS Integrity Control, Embedded Control, Device Control, HIPS, VirusScan Enterprise, AntiSpyware Enterprise, ePO, Rogue System Detection, McAfee Agent VirusScan Enterprise, Embedded Control ✔ ✔ ✔ OEM✔ Enterprise Security Manager, IPS VirusScan Enterprise, Embedded Control ✔ OEM✔ OEM✔ Process Management Vendor In October 2013, McAfee announced partnership with Yokogawa
Final thoughts….. •  What is your outside footprint? •  Do you know your critical assets? (they are not equal to a server or single system) •  Who’s responsible for what? •  When was your last assessment? •  Be realistic and agree on what risk is accepted •  What metrics do you use?
The 4horsemen of ics secapocalypse
The 4horsemen of ics secapocalypse

Recommandé

"There's a pot of Bitcoins behind the ransomware rainbow"
"There's a pot of Bitcoins behind the ransomware rainbow""There's a pot of Bitcoins behind the ransomware rainbow"
"There's a pot of Bitcoins behind the ransomware rainbow"Christiaan Beek
 
Offensive malware usage and defense
Offensive malware usage and defenseOffensive malware usage and defense
Offensive malware usage and defenseChristiaan Beek
 
"Giving the bad guys no sleep"
"Giving the bad guys no sleep""Giving the bad guys no sleep"
"Giving the bad guys no sleep"Christiaan Beek
 
Hunting and Legal Hackback using Cyber Deception
Hunting and Legal Hackback using Cyber DeceptionHunting and Legal Hackback using Cyber Deception
Hunting and Legal Hackback using Cyber DeceptionCymmetria
 
Webinar: Hunting maturity through cyber deception
Webinar: Hunting maturity through cyber deception Webinar: Hunting maturity through cyber deception
Webinar: Hunting maturity through cyber deception Cymmetria
 
Cymmetria Webinar: Deception & Responder
Cymmetria Webinar: Deception & ResponderCymmetria Webinar: Deception & Responder
Cymmetria Webinar: Deception & ResponderCymmetria
 
Inside Cybercrime Groups Harvesting Active Directory for Fun and Profit - Vit...
Inside Cybercrime Groups Harvesting Active Directory for Fun and Profit - Vit...Inside Cybercrime Groups Harvesting Active Directory for Fun and Profit - Vit...
Inside Cybercrime Groups Harvesting Active Directory for Fun and Profit - Vit...PROIDEA
 
Ransomware
Ransomware Ransomware
Ransomware Armor
 

Recommandé

"There's a pot of Bitcoins behind the ransomware rainbow"
"There's a pot of Bitcoins behind the ransomware rainbow""There's a pot of Bitcoins behind the ransomware rainbow"
"There's a pot of Bitcoins behind the ransomware rainbow"Christiaan Beek
 
Offensive malware usage and defense
Offensive malware usage and defenseOffensive malware usage and defense
Offensive malware usage and defenseChristiaan Beek
 
"Giving the bad guys no sleep"
"Giving the bad guys no sleep""Giving the bad guys no sleep"
"Giving the bad guys no sleep"Christiaan Beek
 
Hunting and Legal Hackback using Cyber Deception
Hunting and Legal Hackback using Cyber DeceptionHunting and Legal Hackback using Cyber Deception
Hunting and Legal Hackback using Cyber DeceptionCymmetria
 
Webinar: Hunting maturity through cyber deception
Webinar: Hunting maturity through cyber deception Webinar: Hunting maturity through cyber deception
Webinar: Hunting maturity through cyber deception Cymmetria
 
Cymmetria Webinar: Deception & Responder
Cymmetria Webinar: Deception & ResponderCymmetria Webinar: Deception & Responder
Cymmetria Webinar: Deception & ResponderCymmetria
 
Inside Cybercrime Groups Harvesting Active Directory for Fun and Profit - Vit...
Inside Cybercrime Groups Harvesting Active Directory for Fun and Profit - Vit...Inside Cybercrime Groups Harvesting Active Directory for Fun and Profit - Vit...
Inside Cybercrime Groups Harvesting Active Directory for Fun and Profit - Vit...PROIDEA
 
Ransomware
Ransomware Ransomware
Ransomware Armor
 
Ransomware: How to avoid a crypto crisis at your IT business
Ransomware: How to avoid a crypto crisis at your IT businessRansomware: How to avoid a crypto crisis at your IT business
Ransomware: How to avoid a crypto crisis at your IT businessCalyptix Security
 
Blackhat USA 2014 - The New Scourge of Ransomware
Blackhat USA 2014 - The New Scourge of RansomwareBlackhat USA 2014 - The New Scourge of Ransomware
Blackhat USA 2014 - The New Scourge of RansomwareJohn Bambenek
 
e-Extortion Trends and Defense
e-Extortion Trends and Defensee-Extortion Trends and Defense
e-Extortion Trends and DefenseErik Iker
 
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptxChi En (Ashley) Shen
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec
 
MITRE ATTACKCon Power Hour - December
MITRE ATTACKCon Power Hour - DecemberMITRE ATTACKCon Power Hour - December
MITRE ATTACKCon Power Hour - DecemberMITRE - ATT&CKcon
 
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...MITRE - ATT&CKcon
 
BSides IR in Heterogeneous Environment
BSides IR in Heterogeneous EnvironmentBSides IR in Heterogeneous Environment
BSides IR in Heterogeneous EnvironmentStefano Maccaglia
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkJack Shaffer
 
CSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesCSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesNCCOMMS
 
Ransomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDFRansomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDFAndy Thompson
 
Corporate Espionage without the Hassle of Committing Felonies
Corporate Espionage without the Hassle of Committing FeloniesCorporate Espionage without the Hassle of Committing Felonies
Corporate Espionage without the Hassle of Committing FeloniesJohn Bambenek
 
MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...
MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...
MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...MITRE - ATT&CKcon
 
How to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkHow to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkSqrrl
 
Wannacry | Technical Insight and Lessons Learned
Wannacry | Technical Insight and Lessons LearnedWannacry | Technical Insight and Lessons Learned
Wannacry | Technical Insight and Lessons LearnedThomas Roccia
 
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...MITRE - ATT&CKcon
 
ANALYZE'15 - Bulk Malware Analysis at Scale
ANALYZE'15 - Bulk Malware Analysis at ScaleANALYZE'15 - Bulk Malware Analysis at Scale
ANALYZE'15 - Bulk Malware Analysis at ScaleJohn Bambenek
 
Helping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat MappingHelping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat MappingMITRE - ATT&CKcon
 
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ..."Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...PROIDEA
 
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...MITRE - ATT&CKcon
 
3871778
38717783871778
3871778Christiaan Beek
 
Taming worms, rats, dragons & more
Taming worms, rats, dragons & moreTaming worms, rats, dragons & more
Taming worms, rats, dragons & moreChristiaan Beek
 

Contenu connexe

Tendances

Ransomware: How to avoid a crypto crisis at your IT business
Ransomware: How to avoid a crypto crisis at your IT businessRansomware: How to avoid a crypto crisis at your IT business
Ransomware: How to avoid a crypto crisis at your IT businessCalyptix Security
 
Blackhat USA 2014 - The New Scourge of Ransomware
Blackhat USA 2014 - The New Scourge of RansomwareBlackhat USA 2014 - The New Scourge of Ransomware
Blackhat USA 2014 - The New Scourge of RansomwareJohn Bambenek
 
e-Extortion Trends and Defense
e-Extortion Trends and Defensee-Extortion Trends and Defense
e-Extortion Trends and DefenseErik Iker
 
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptxChi En (Ashley) Shen
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec
 
MITRE ATTACKCon Power Hour - December
MITRE ATTACKCon Power Hour - DecemberMITRE ATTACKCon Power Hour - December
MITRE ATTACKCon Power Hour - DecemberMITRE - ATT&CKcon
 
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...MITRE - ATT&CKcon
 
BSides IR in Heterogeneous Environment
BSides IR in Heterogeneous EnvironmentBSides IR in Heterogeneous Environment
BSides IR in Heterogeneous EnvironmentStefano Maccaglia
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkJack Shaffer
 
CSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesCSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesNCCOMMS
 
Ransomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDFRansomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDFAndy Thompson
 
Corporate Espionage without the Hassle of Committing Felonies
Corporate Espionage without the Hassle of Committing FeloniesCorporate Espionage without the Hassle of Committing Felonies
Corporate Espionage without the Hassle of Committing FeloniesJohn Bambenek
 
MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...
MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...
MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...MITRE - ATT&CKcon
 
How to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkHow to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkSqrrl
 
Wannacry | Technical Insight and Lessons Learned
Wannacry | Technical Insight and Lessons LearnedWannacry | Technical Insight and Lessons Learned
Wannacry | Technical Insight and Lessons LearnedThomas Roccia
 
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...MITRE - ATT&CKcon
 
ANALYZE'15 - Bulk Malware Analysis at Scale
ANALYZE'15 - Bulk Malware Analysis at ScaleANALYZE'15 - Bulk Malware Analysis at Scale
ANALYZE'15 - Bulk Malware Analysis at ScaleJohn Bambenek
 
Helping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat MappingHelping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat MappingMITRE - ATT&CKcon
 
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ..."Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...PROIDEA
 
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...MITRE - ATT&CKcon
 

Tendances (20)

Ransomware: How to avoid a crypto crisis at your IT business
Ransomware: How to avoid a crypto crisis at your IT businessRansomware: How to avoid a crypto crisis at your IT business
Ransomware: How to avoid a crypto crisis at your IT business
 
Blackhat USA 2014 - The New Scourge of Ransomware
Blackhat USA 2014 - The New Scourge of RansomwareBlackhat USA 2014 - The New Scourge of Ransomware
Blackhat USA 2014 - The New Scourge of Ransomware
 
e-Extortion Trends and Defense
e-Extortion Trends and Defensee-Extortion Trends and Defense
e-Extortion Trends and Defense
 
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
 
MITRE ATTACKCon Power Hour - December
MITRE ATTACKCon Power Hour - DecemberMITRE ATTACKCon Power Hour - December
MITRE ATTACKCon Power Hour - December
 
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...
 
BSides IR in Heterogeneous Environment
BSides IR in Heterogeneous EnvironmentBSides IR in Heterogeneous Environment
BSides IR in Heterogeneous Environment
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
 
CSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesCSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri Diogenes
 
Ransomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDFRansomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDF
 
Corporate Espionage without the Hassle of Committing Felonies
Corporate Espionage without the Hassle of Committing FeloniesCorporate Espionage without the Hassle of Committing Felonies
Corporate Espionage without the Hassle of Committing Felonies
 
MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...
MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...
MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...
 
How to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkHow to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your Network
 
Wannacry | Technical Insight and Lessons Learned
Wannacry | Technical Insight and Lessons LearnedWannacry | Technical Insight and Lessons Learned
Wannacry | Technical Insight and Lessons Learned
 
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...
 
ANALYZE'15 - Bulk Malware Analysis at Scale
ANALYZE'15 - Bulk Malware Analysis at ScaleANALYZE'15 - Bulk Malware Analysis at Scale
ANALYZE'15 - Bulk Malware Analysis at Scale
 
Helping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat MappingHelping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat Mapping
 
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ..."Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...
 
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...
 

En vedette

Taming worms, rats, dragons & more
Taming worms, rats, dragons & moreTaming worms, rats, dragons & more
Taming worms, rats, dragons & moreChristiaan Beek
 
Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)Pöyry
 
CuSRF. OWASP AppSecUS 2014
CuSRF. OWASP AppSecUS 2014CuSRF. OWASP AppSecUS 2014
CuSRF. OWASP AppSecUS 2014Barry Shteiman
 
RSAC 2016: How to Get into ICS Security
RSAC 2016: How to Get into ICS SecurityRSAC 2016: How to Get into ICS Security
RSAC 2016: How to Get into ICS SecurityChris Sistrunk
 
Managing SCADA Operations and Security with Splunk Enterprise
Managing SCADA Operations and Security with Splunk EnterpriseManaging SCADA Operations and Security with Splunk Enterprise
Managing SCADA Operations and Security with Splunk EnterpriseSplunk
 
MT81 Keys to Successful Enterprise IoT Initiatives
MT81 Keys to Successful Enterprise IoT InitiativesMT81 Keys to Successful Enterprise IoT Initiatives
MT81 Keys to Successful Enterprise IoT InitiativesDell EMC World
 
2016 m2 m_forum_industrie4_cybersecurity_tieghi
2016 m2 m_forum_industrie4_cybersecurity_tieghi2016 m2 m_forum_industrie4_cybersecurity_tieghi
2016 m2 m_forum_industrie4_cybersecurity_tieghiEnzo M. Tieghi
 
Cyber Security resilience - what's in a number? The real threat to industrial...
Cyber Security resilience - what's in a number? The real threat to industrial...Cyber Security resilience - what's in a number? The real threat to industrial...
Cyber Security resilience - what's in a number? The real threat to industrial...Schneider Electric
 
Managing SCADA Operations and Security with Splunk Enterprise
Managing SCADA Operations and Security with Splunk EnterpriseManaging SCADA Operations and Security with Splunk Enterprise
Managing SCADA Operations and Security with Splunk EnterpriseSplunk
 
Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...
Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...
Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...Digital Bond
 
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...Eran Goldstein
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Joan Figueras Tugas
 
Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing Yehia Mamdouh
 
SCADA hacking industrial-scale fun
SCADA hacking industrial-scale funSCADA hacking industrial-scale fun
SCADA hacking industrial-scale funJan Seidl
 

En vedette (16)

3871778
38717783871778
3871778
 
Taming worms, rats, dragons & more
Taming worms, rats, dragons & moreTaming worms, rats, dragons & more
Taming worms, rats, dragons & more
 
Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)
 
CuSRF. OWASP AppSecUS 2014
CuSRF. OWASP AppSecUS 2014CuSRF. OWASP AppSecUS 2014
CuSRF. OWASP AppSecUS 2014
 
RSAC 2016: How to Get into ICS Security
RSAC 2016: How to Get into ICS SecurityRSAC 2016: How to Get into ICS Security
RSAC 2016: How to Get into ICS Security
 
Managing SCADA Operations and Security with Splunk Enterprise
Managing SCADA Operations and Security with Splunk EnterpriseManaging SCADA Operations and Security with Splunk Enterprise
Managing SCADA Operations and Security with Splunk Enterprise
 
MT81 Keys to Successful Enterprise IoT Initiatives
MT81 Keys to Successful Enterprise IoT InitiativesMT81 Keys to Successful Enterprise IoT Initiatives
MT81 Keys to Successful Enterprise IoT Initiatives
 
2016 m2 m_forum_industrie4_cybersecurity_tieghi
2016 m2 m_forum_industrie4_cybersecurity_tieghi2016 m2 m_forum_industrie4_cybersecurity_tieghi
2016 m2 m_forum_industrie4_cybersecurity_tieghi
 
Cyber Security resilience - what's in a number? The real threat to industrial...
Cyber Security resilience - what's in a number? The real threat to industrial...Cyber Security resilience - what's in a number? The real threat to industrial...
Cyber Security resilience - what's in a number? The real threat to industrial...
 
Managing SCADA Operations and Security with Splunk Enterprise
Managing SCADA Operations and Security with Splunk EnterpriseManaging SCADA Operations and Security with Splunk Enterprise
Managing SCADA Operations and Security with Splunk Enterprise
 
Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...
Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...
Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...
 
IT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOsIT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOs
 
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)
 
Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing
 
SCADA hacking industrial-scale fun
SCADA hacking industrial-scale funSCADA hacking industrial-scale fun
SCADA hacking industrial-scale fun
 

Similaire à The 4horsemen of ics secapocalypse

How We Stopped Being Just Antivirus and Became a Unique Industrial Infrastruc...
How We Stopped Being Just Antivirus and Became a Unique Industrial Infrastruc...How We Stopped Being Just Antivirus and Became a Unique Industrial Infrastruc...
How We Stopped Being Just Antivirus and Became a Unique Industrial Infrastruc...Kaspersky
 
Cy Cops Company Presentation
Cy Cops Company PresentationCy Cops Company Presentation
Cy Cops Company PresentationChaitanyaS
 
VeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesVeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesTechBiz Forense Digital
 
Verisign iDefense Security Intelligence Services
Verisign iDefense Security Intelligence ServicesVerisign iDefense Security Intelligence Services
Verisign iDefense Security Intelligence ServicesTechBiz Forense Digital
 
VeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesVeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesTechBiz Forense Digital
 
The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...lior mazor
 
Allianz Global CISO october-2015-draft
Allianz Global CISO october-2015-draftAllianz Global CISO october-2015-draft
Allianz Global CISO october-2015-draftEoin Keary
 
Dhishant -Latest Resume
Dhishant -Latest ResumeDhishant -Latest Resume
Dhishant -Latest ResumeDhishant Abrol
 
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...Shah Sheikh
 
Security in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsSecurity in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsTim Mackey
 
Solnet dev secops meetup
Solnet dev secops meetupSolnet dev secops meetup
Solnet dev secops meetuppbink
 
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...Criminal IP
 
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04Kyle Lai
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04Kyle Lai
 
Information Security
Information SecurityInformation Security
Information SecurityMohit8780
 
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceDarren Argyle
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromPROIDEA
 

Similaire à The 4horsemen of ics secapocalypse (20)

How We Stopped Being Just Antivirus and Became a Unique Industrial Infrastruc...
How We Stopped Being Just Antivirus and Became a Unique Industrial Infrastruc...How We Stopped Being Just Antivirus and Became a Unique Industrial Infrastruc...
How We Stopped Being Just Antivirus and Became a Unique Industrial Infrastruc...
 
Cy Cops Company Presentation
Cy Cops Company PresentationCy Cops Company Presentation
Cy Cops Company Presentation
 
VeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesVeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence Services
 
Verisign iDefense Security Intelligence Services
Verisign iDefense Security Intelligence ServicesVerisign iDefense Security Intelligence Services
Verisign iDefense Security Intelligence Services
 
VeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesVeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence Services
 
CSO CXO Series Breakfast
CSO CXO Series BreakfastCSO CXO Series Breakfast
CSO CXO Series Breakfast
 
The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...
 
Allianz Global CISO october-2015-draft
Allianz Global CISO october-2015-draftAllianz Global CISO october-2015-draft
Allianz Global CISO october-2015-draft
 
Dhishant -Latest Resume
Dhishant -Latest ResumeDhishant -Latest Resume
Dhishant -Latest Resume
 
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
 
Security in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsSecurity in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptions
 
SecurityOperations
SecurityOperationsSecurityOperations
SecurityOperations
 
Solnet dev secops meetup
Solnet dev secops meetupSolnet dev secops meetup
Solnet dev secops meetup
 
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
 
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04
 
Information Security
Information SecurityInformation Security
Information Security
 
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber Resilience
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin Nystrom
 

Dernier

Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 

Dernier (20)

Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 

The 4horsemen of ics secapocalypse

  • 1. “The four horsemen of the ICS security apocalypse” Christiaan Beek Director of Incident Response & Forensics EMEA
  • 2. What to expect v Intro v ICS security a myth? v The Four Horsemen v Wrap-up v Questions? Thanks @Beaker for approving the title of this presentation
  • 3. Foundstone Foundstone Services – McAfee Strategic Security
  • 5. Forensics and IR Lead for EMEA Christiaan Beek •  Digital Forensics As an Enterprise Architect on the Foundstone Services team, Christiaan is the Head of and practice lead for the Incident Response and Forensics services team in EMEA. He has performed numerous forensic investigations from system compromise, theft, child pornography, malware infections, Advanced Persistent Threats (APT) and mobile devices. He has also participated as an expert witness for the Dutch Department of Justice in high-profile investigations and leading a team of computer forensics specialists assisting police with evidence recovery. •  Vulnerability Assessment and Network Penetration Testing Since 2000 Christiaan has been performing security assessments and penetration testing for companies in in almost every industry. •  Risk Assessment and Policy Development With extensive experience in PCI-DSS, Christiaan has assisted numerous international clients in Banking, Insurance, Government with their Risk Management strategy. As the Security Officer of the largest water company in the Netherlands, he developed IT security policies for both the data and SCADA networks. •  Foundstone Education Christiaan is the author and lead-instructor of the class ‘Malware Forensics and Incident Response’ (MFIRE). •  Hack Exposed Book Christiaan has co-authored the APT chapter in the new Hacking Exposed 7 book. Our Incident Response Team •  Most of the first responders have more than a decade of experience •  Many of them have participated in law enforcement investigations •  Our consultants write articles for digital forensics magazines, and well known security e-publications •  We teach forensics and malware analysis to governments and at globally-known conferences like… •  We participate in
  • 7. The Four Horsemen of the Apocalypse are described in the Book of Revelation. The four riders are seen as symbolizing & represent the following powers: -  War -  Famine -  Death -  Pestilence
  • 9. War: IT departments Corporate IT Production IT
  • 10. War: Last 6 months.. Position Country 1 KSA 2 Iran 3 Egypt 4 UAE 5 Turkey Vertical Government Oil & Gas Financials Telco ISP Attack Types DDoS SQL injection Defacements Targeted malware Account Hijacking
  • 13. Famine: Incident Response v Handling incidents in an ICS environment is different v Forensics could be challenging v Where’s the evidence-data v Different OS & applications than corporate
  • 14. Famine: People & Education v Lack of skilled, experienced and passionate people v  Not a lot of good education around v Only a few good books out there
  • 15. Famine: sigh….. Some still don’t get it, So for once and for all: BASE64 is NOT encryption!
  • 18. An Intel company Your ICS vendor We s..ck The MS09-XX patch cannot be applied for the next two years on our product…. Kind regards, your ICS vendor
  • 20. Easiness of attack: SCADA networks are attached to the corporate network or Internet. Exploiting of the systems is becoming easy… Background & S7 example: project IRAM – http://www.scadacs.org
  • 21. Researchers focus more on exploits Still many firmware updates contain username & pwd in cleartext….
  • 23. Initiatives v Many ICS vendors nowadays have a dedicated security team and are addressing vulnerabilities v Security vendors are partnering with ICS vendors to certify their products for the platforms used
  • 24. How is McAfee contributing? EndpointNetworkData Corporate IT SCADA Device Network Enterprise Apps Ethernet, TCP/IP Modern Computers (Windows, Linux, Mac) SCADA, HMI Ethernet, Serial Legacy Computers (Windows) Ladder Logic Ethernet, Serial, Relays Special Function (Embedded OS)
  • 25. McAfee is working with all major SCADA & ICS vendors to test, certify, and in many cases embed McAfee technology
  • 26. Product Acceptance & Certification Currently Supported Products Cert’d OEM Integrity Control, Embedded Control, Device Control, HIPS, VirusScan Enterprise, AntiSpyware Enterprise, ePO, Roque System Detection, McAfee Agent Integrity Control, Embedded Control, Device Control Embedded Control, Device Control, HIPS, ePO, Enterprise Security Manager, IPS Integrity Control, Embedded Control, Device Control, HIPS, VirusScan Enterprise, AntiSpyware Enterprise, ePO, Rogue System Detection, McAfee Agent VirusScan Enterprise, Embedded Control ✔ ✔ ✔ OEM✔ Enterprise Security Manager, IPS VirusScan Enterprise, Embedded Control ✔ OEM✔ OEM✔ Process Management Vendor In October 2013, McAfee announced partnership with Yokogawa
  • 27. Final thoughts….. •  What is your outside footprint? •  Do you know your critical assets? (they are not equal to a server or single system) •  Who’s responsible for what? •  When was your last assessment? •  Be realistic and agree on what risk is accepted •  What metrics do you use?