SlideShare a Scribd company logo

APT Webinar

Joseph Schorr
Joseph Schorr
Technology
1 of 29
ADVANCED PERSISTENT THREAT BREAKING THE ATTACK CYCLE Presented By: Joe Schorr Enterprise Security Practice Manager 800.747.8585 | help@cbihome.com
CBI Introduction Information Technology and Security Solutions Provider • Symantec Partner of the Year, Finalist • Symantec Platinum Partner • Globally capable, superior technical service Experienced Professionals • Operating for 20 years serving more than 500 clients world wide. • Broad customer base ranging from mid-size to Fortune 100 Experienced in Variety of Industries • Healthcare • Government • Banking & Financial Services • Legal • Manufacturing • Retail • Education 2 800.747.8585 | help@cbihome.com
Enterprise Security Practice Joe Schorr: Enterprise Security Practice Manager Managing Consultant for the BT Ethical Hacking Center of Excellence CIO for a large non-profit Global Program Manager – International Network Services Endpoint Enterprise Server Datacenter IT GRC Managemen Security Management Management t 3 800.747.8585 | help@cbihome.com
APT Defined APT is a group of sophisticated, determined and coordinated attacks and attackers that have been systematically targeting, exploiting and compromising U.S. Government and private networks. 4 800.747.8585 | help@cbihome.com
“APT” Advanced means the adversary can operate in the full spectrum of computer intrusion. They can use the most pedestrian publicly available exploit against a well-known vulnerability, or they can elevate their game to research new vulnerabilities and develop custom exploits, depending on the target’s posture. Persistent means the adversary is formally tasked to accomplish a mission. They are not opportunistic intruders. Like an intelligence unit they receive directives and work to satisfy their masters. Persistent does not necessarily mean they need to constantly execute malicious code on victim computers. Rather, they maintain the level of interaction needed to execute their objectives. Threat means the adversary is not a piece of mindless code. This point is crucial. Some people throw around the term “threat” with reference to malware. If malware had no human attached to it (someone to control the victim, read the stolen data, etc.), then most malware would be of little worry (as long as it didn’t degrade or deny data). Rather, the adversary here is a threat because it is organized and funded and motivated. Some people speak of multiple “groups” consisting of dedicated “crews” with various missions. 5 800.747.8585 | help@cbihome.com
Security Trends CHALLENGING THREAT LANDSCAPE MALICIOUS INSIDERS TARGETED ATTACKS INCREASING EVOLVING COMPLEXITY INCREASING FINANCIAL INFRASTRUCTURE AND BRAND RISK DATA GROWTH COMPLIANCE REQUIREMENTS MOBILE VIRTUALIZATION VENDOR COMPLEXITY CLOUD 6 800.747.8585 | help@cbihome.com
Recent Events & Evidence A picture of the hacking software shown during the Chinese military program. The large writing at the top says "Select Attack Target." Next, the user choose an IP address to attack from (it belongs to an American university). The drop-down box is a list of Falun Gong websites, while the button on the left says "Attack." 7 800.747.8585 | help@cbihome.com
RSA and .gov Contractors 8 800.747.8585 | help@cbihome.com
Ever wonder? 9 800.747.8585 | help@cbihome.com
RSA wasn’t alone. http://krebsonsecurity.com/ 10 800.747.8585 | help@cbihome.com
Smoking gun http://krebsonsecurity.com/ 11 800.747.8585 | help@cbihome.com
STUXNET + = 12 800.747.8585 | help@cbihome.com
‘Duqu’ the Son of STUXNET 13 800.747.8585 | help@cbihome.com
Attack Cycle Step 4 • Obtain User Credentials • Install Tools • Escalate privs Step 6 Step 2 •Persistence Step 5 • Delivery of •Residency Expoit • Data Theft and • Enter target Exfltration Step 3 • Create Backdoor • Contact Command & Control (C&C) Step 1 servers • Reconnaissance 14 800.747.8585 | help@cbihome.com
What does this look like? 1. Target selected from shopping list 2. Passive searching – ‘Google-Fu’ 3. Cyber-stalking via Facebook and Linked In 4. Select individuals for Spear-phishing attack 5. Social Engineer custom mail to targets 6. Payload deploys, begins harvest of credentials 7. ‘Owns’ servers and establishes backdoor, establishes tunnels, typically via Port 443 and 53 8. Take data, encrypt and compress and send it home 9. Dormancy until further orders 15 800.747.8585 | help@cbihome.com
Some APT Attack components •Blended weaponized STUXNET clones •Endpoint Compromise •CA Attacks 800.747.8585 | help@cbihome.com
6 recommendations MONITOR! Yes, this means SIM and it also means monitoring your monitor DAILY. If you have challenges in this area consider a MSS solution. MANAGE! access control systems. User management and passwords are not sexy but weak management of this important, basic operational task provides a HUGE attack vector. ENGINEER! your WHOLE network to be secure. The security architecture is not just routers and firewalls. Server, endpoint and application security are as important to a healthy, well-defended enterprise. PATCH! Don’t let the ‘I’ll wait for others to go first….’ mentality lead to inertia. Bad patch management has a direct role in most server and application exploits TEST! your security. Early and often. STOP! The leaks. 17 800.747.8585 | help@cbihome.com
Symantec DLP Overview Storage Endpoint Network Symantec™ Data Loss Prevention Symantec™ Symantec™ Network Discover Data Loss Prevention Data Loss Prevention Endpoint Discover Network Monitor Symantec™ Data Loss Prevention Data Insight Symantec™ Symantec™ Symantec™ Data Loss Prevention Data Loss Prevention Data Loss Prevention Endpoint Prevent Network Prevent Network Protect Management Platform Symantec™ Data Loss Prevention Enforce Platform 18 800.747.8585 | help@cbihome.com
DLP Progress Model Baseline Remediation Notification Prevention 1000 Establish Initial Policies 800 Identify Broken Employee and Business Incidents Per Week Business Unit Processes 600 Communication Fix Broken Enable EDM/IDM Business Processes 400 Sender Auto Notification 200 Business Unit Risk Scorecard 0 Risk Reduction Over Time Client Company 19 800.747.8585 | help@cbihome.com
EndPoint Progress Baseline Remediation Notification Prevention 1000 Establish Initial Policies 800 Identify Broken Employee and Business Incidents Per Week Business Unit Processes 600 Communication Fix Broken Enable EDM/IDM Business Processes 400 Sender Auto Notification 200 Business Unit Risk Scorecard 0 Risk Reduction Over Time Client Company 20 800.747.8585 | help@cbihome.com
Network Progress Baseline Remediation Notification Prevention 1000 Establish Initial Policies 800 Identify Broken Employee and Business Incidents Per Week Business Unit Processes 600 Communication Fix Broken Enable EDM/IDM Business Processes 400 Sender Auto Notification 200 Business Unit Risk Scorecard 0 Risk Reduction Over Time Client Company 21 800.747.8585 | help@cbihome.com
Storage Progress Baseline Remediation Notification Prevention 1000 Establish Initial Policies 800 Identify Broken Employee and Business Incidents Per Week Business Unit Processes 600 Communication Fix Broken Enable EDM/IDM Business Processes 400 Sender Auto Notification 200 Business Unit Risk Scorecard 0 Risk Reduction Over Time Client Company 22 800.747.8585 | help@cbihome.com
Desired State for Data Loss The primary goals of using Symantec’s DLP solution are to: 1. Protect confidential and regulated data from leaking or misuse based on corporate business practices 2. Meet or exceed all government regulatory data protection requirements 3. Protect the Client Company brand and image. 23 800.747.8585 | help@cbihome.com
Desired State for Data Loss The DLP solution should perform the following functions: 1. Identify data based on current government regulations and company policies 2. Tuned to minimize false positives 3. Educate Users on proper data handling policies. 4. Notify appropriate parties of data leakage or misuse. 5. Block data leakage or misuse 6. Find sensitive data in file shares and SharePoint 7. Determine who is using data 24 800.747.8585 | help@cbihome.com
Examples of Successful DLP Outcomes 1. Internet traffic is monitored and incidents are created when suspected or confidential data leaves via email or other web process. 2. Endpoint activity is monitored and incidents are created when suspected or confidential data is transferred to USB drives. 3. Manual searches on datastores can be performed if needed 4. General process for handling data breach incidents is established 25 800.747.8585 | help@cbihome.com
Recommendations 1. Upgrade to Symantec Data Loss Prevention version 11.1 2. Refine Existing Policies and Responses 3. Run Network Discover scans 4. Begin using notifications 5. Deploy Email Network Prevent with Symantec Messaging Gateway 6. Deploy Web Network Prevent with Symantec Web Gateway or other ICAP proxy server. 7. Deploy Data Insight 26 800.747.8585 | help@cbihome.com
Global Intelligence Network Identifies more threats, takes action faster & prevents impact Calgary, Alberta Dublin, Ireland Reading, England Tokyo, Japan San Francisco, CA Mountain View, CA Austin, TX Chengdu, China Alexandria, VA Culver City, CA Taipei, Taiwan Chennai, India Pune, India Chennai, India Sydney, Australia Worldwide Coverage Global Scope and Scale 24x7 Event Logging Rapid Detection Attack Activity Malware Intelligence Vulnerabilities Spam/Phishing • 240,000 sensors • 150M client, server, • 35,000+ vulnerabilities • 5M decoy accounts • 200+ countries and gateways monitored • 11,000 vendors • 8B+ email messages/day territories • Global coverage • 80,000 technologies • 1B+ web requests/day Preemptive Security Alerts Information Protection Threat Triggered Actions 800.747.8585 | help@cbihome.com
Next Steps Security and Advisory Assessments – In-depth, consultative engagements – Evaluate and improve your overall security program – Address specific concerns (e.g. PCI/ mobile security issues) 28 800.747.8585 | help@cbihome.com
THANK YOU jschorr@cbihome.com @JoeSchorr 800.747.8585 | help@cbihome.com

Recommended

What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?btpsec
 
What is Penetration & Penetration test ?
What is Penetration & Penetration test ?What is Penetration & Penetration test ?
What is Penetration & Penetration test ?Bhavin Shah
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical HackingS.E. CTS CERT-GOV-MD
 
VAPT Services by prime
VAPT Services by primeVAPT Services by prime
VAPT Services by primePrime Infoserv
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingYvonne Marambanyika
 
Penetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability ScanningPenetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability ScanningSecurityMetrics
 

Recommended

What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?btpsec
 
What is Penetration & Penetration test ?
What is Penetration & Penetration test ?What is Penetration & Penetration test ?
What is Penetration & Penetration test ?Bhavin Shah
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical HackingS.E. CTS CERT-GOV-MD
 
VAPT Services by prime
VAPT Services by primeVAPT Services by prime
VAPT Services by primePrime Infoserv
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingYvonne Marambanyika
 
Penetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability ScanningPenetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability ScanningSecurityMetrics
 
How Ethical Hacking is Healthy for Business
How Ethical Hacking is Healthy for BusinessHow Ethical Hacking is Healthy for Business
How Ethical Hacking is Healthy for BusinessSecurityMetrics
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingANURAG CHAKRABORTY
 
Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testingMohit Belwal
 
Vapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) servicesVapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) servicesAkshay Kurhade
 
Securing the Internet from Cyber Criminals
Securing the Internet from Cyber CriminalsSecuring the Internet from Cyber Criminals
Securing the Internet from Cyber CriminalsNarudom Roongsiriwong, CISSP
 
Info Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentInfo Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentMarcelo Silva
 
What is Next-Generation Antivirus?
What is Next-Generation Antivirus?What is Next-Generation Antivirus?
What is Next-Generation Antivirus?Ryan G. Murphy
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Edureka!
 
The road towards better automotive cybersecurity
The road towards better automotive cybersecurityThe road towards better automotive cybersecurity
The road towards better automotive cybersecurityRogue Wave Software
 
VAPT, Ethical Hacking and Laws in India by prashant mali
VAPT, Ethical Hacking and Laws in India by prashant maliVAPT, Ethical Hacking and Laws in India by prashant mali
VAPT, Ethical Hacking and Laws in India by prashant maliAdv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCPriyanka Aash
 
Btpro-Penetration Testing Service
Btpro-Penetration Testing ServiceBtpro-Penetration Testing Service
Btpro-Penetration Testing ServiceBtpro BilgiTeknolojileri
 
Penetration Testing Services
Penetration Testing ServicesPenetration Testing Services
Penetration Testing ServicesCyber 51 LLC
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationPriyanka Aash
 
Top 10 Bad Coding Practices Lead to Security Problems
Top 10 Bad Coding Practices Lead to Security ProblemsTop 10 Bad Coding Practices Lead to Security Problems
Top 10 Bad Coding Practices Lead to Security ProblemsNarudom Roongsiriwong, CISSP
 
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - HowardBirds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - HowardHITCON GIRLS
 
Leveraging red for defense
Leveraging red for defenseLeveraging red for defense
Leveraging red for defensePriyanka Aash
 
Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing Rishabh Upadhyay
 
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...AlienVault
 
Mapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Mapping the Enterprise Threat, Risk, and Security Control Landscape with SplunkMapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Mapping the Enterprise Threat, Risk, and Security Control Landscape with SplunkAndrew Gerber
 
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?festival ICT 2016
 
Modelo apt 1
Modelo apt 1Modelo apt 1
Modelo apt 1john yepes
 

More Related Content

What's hot

How Ethical Hacking is Healthy for Business
How Ethical Hacking is Healthy for BusinessHow Ethical Hacking is Healthy for Business
How Ethical Hacking is Healthy for BusinessSecurityMetrics
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingANURAG CHAKRABORTY
 
Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testingMohit Belwal
 
Vapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) servicesVapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) servicesAkshay Kurhade
 
Info Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentInfo Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentMarcelo Silva
 
What is Next-Generation Antivirus?
What is Next-Generation Antivirus?What is Next-Generation Antivirus?
What is Next-Generation Antivirus?Ryan G. Murphy
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Edureka!
 
The road towards better automotive cybersecurity
The road towards better automotive cybersecurityThe road towards better automotive cybersecurity
The road towards better automotive cybersecurityRogue Wave Software
 
SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCPriyanka Aash
 
Penetration Testing Services
Penetration Testing ServicesPenetration Testing Services
Penetration Testing ServicesCyber 51 LLC
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationPriyanka Aash
 
Top 10 Bad Coding Practices Lead to Security Problems
Top 10 Bad Coding Practices Lead to Security ProblemsTop 10 Bad Coding Practices Lead to Security Problems
Top 10 Bad Coding Practices Lead to Security ProblemsNarudom Roongsiriwong, CISSP
 
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - HowardBirds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - HowardHITCON GIRLS
 
Leveraging red for defense
Leveraging red for defenseLeveraging red for defense
Leveraging red for defensePriyanka Aash
 
Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing Rishabh Upadhyay
 
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...AlienVault
 
Mapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Mapping the Enterprise Threat, Risk, and Security Control Landscape with SplunkMapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Mapping the Enterprise Threat, Risk, and Security Control Landscape with SplunkAndrew Gerber
 

What's hot (20)

How Ethical Hacking is Healthy for Business
How Ethical Hacking is Healthy for BusinessHow Ethical Hacking is Healthy for Business
How Ethical Hacking is Healthy for Business
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration Testing
 
Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testing
 
Vapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) servicesVapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) services
 
Securing the Internet from Cyber Criminals
Securing the Internet from Cyber CriminalsSecuring the Internet from Cyber Criminals
Securing the Internet from Cyber Criminals
 
Info Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentInfo Security - Vulnerability Assessment
Info Security - Vulnerability Assessment
 
What is Next-Generation Antivirus?
What is Next-Generation Antivirus?What is Next-Generation Antivirus?
What is Next-Generation Antivirus?
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
 
The road towards better automotive cybersecurity
The road towards better automotive cybersecurityThe road towards better automotive cybersecurity
The road towards better automotive cybersecurity
 
VAPT, Ethical Hacking and Laws in India by prashant mali
VAPT, Ethical Hacking and Laws in India by prashant maliVAPT, Ethical Hacking and Laws in India by prashant mali
VAPT, Ethical Hacking and Laws in India by prashant mali
 
SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOC
 
Btpro-Penetration Testing Service
Btpro-Penetration Testing ServiceBtpro-Penetration Testing Service
Btpro-Penetration Testing Service
 
Penetration Testing Services
Penetration Testing ServicesPenetration Testing Services
Penetration Testing Services
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
 
Top 10 Bad Coding Practices Lead to Security Problems
Top 10 Bad Coding Practices Lead to Security ProblemsTop 10 Bad Coding Practices Lead to Security Problems
Top 10 Bad Coding Practices Lead to Security Problems
 
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - HowardBirds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
 
Leveraging red for defense
Leveraging red for defenseLeveraging red for defense
Leveraging red for defense
 
Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing
 
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...
 
Mapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Mapping the Enterprise Threat, Risk, and Security Control Landscape with SplunkMapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Mapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
 

Viewers also liked

Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?festival ICT 2016
 
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...North Texas Chapter of the ISSA
 
Ethical Hacking & Network Security
Ethical Hacking & Network Security Ethical Hacking & Network Security
Ethical Hacking & Network Security Lokender Yadav
 
APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?anupriti
 
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?ITpreneurs
 
Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersIntroduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersOllie Whitehouse
 
From Couch To Career In 80 Hours
From Couch To Career In 80 HoursFrom Couch To Career In 80 Hours
From Couch To Career In 80 HoursRob Fuller
 
Metasploit magic the dark coners of the framework
Metasploit magic the dark coners of the frameworkMetasploit magic the dark coners of the framework
Metasploit magic the dark coners of the frameworkRob Fuller
 
Writing malware while the blue team is staring at you
Writing malware while the blue team is staring at youWriting malware while the blue team is staring at you
Writing malware while the blue team is staring at youRob Fuller
 

Viewers also liked (12)

Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
 
Modelo apt 1
Modelo apt 1Modelo apt 1
Modelo apt 1
 
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
 
Pentesting with Metasploit
Pentesting with MetasploitPentesting with Metasploit
Pentesting with Metasploit
 
Ethical Hacking & Network Security
Ethical Hacking & Network Security Ethical Hacking & Network Security
Ethical Hacking & Network Security
 
APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?
 
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
 
CEHV9
CEHV9CEHV9
CEHV9
 
Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersIntroduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
 
From Couch To Career In 80 Hours
From Couch To Career In 80 HoursFrom Couch To Career In 80 Hours
From Couch To Career In 80 Hours
 
Metasploit magic the dark coners of the framework
Metasploit magic the dark coners of the frameworkMetasploit magic the dark coners of the framework
Metasploit magic the dark coners of the framework
 
Writing malware while the blue team is staring at you
Writing malware while the blue team is staring at youWriting malware while the blue team is staring at you
Writing malware while the blue team is staring at you
 

Similar to APT Webinar

CBI Threat Landscape Webinar
CBI Threat Landscape WebinarCBI Threat Landscape Webinar
CBI Threat Landscape WebinarJoseph Schorr
 
Spear Phishing Defense
Spear Phishing DefenseSpear Phishing Defense
Spear Phishing DefenseJoseph Schorr
 
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Emrah Alpa, CISSP CEH CCSK
 
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost AlertsHexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost AlertsHexis Cyber Solutions
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkJack Shaffer
 
Adaptive Defense - Understanding Cyber Attacks
Adaptive Defense - Understanding Cyber AttacksAdaptive Defense - Understanding Cyber Attacks
Adaptive Defense - Understanding Cyber AttacksJermund Ottermo
 
Understanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfUnderstanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfslametarrokhim1
 
Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary Intel IT Center
 
Data security in cloud
Data security in cloudData security in cloud
Data security in cloudInterop
 
MT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in CybersecurityMT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in CybersecurityDell EMC World
 
Addressing the Top 3 Real-world Security Challenges for Your IBM i Systems
Addressing the Top 3 Real-world Security Challenges for Your IBM i SystemsAddressing the Top 3 Real-world Security Challenges for Your IBM i Systems
Addressing the Top 3 Real-world Security Challenges for Your IBM i SystemsPrecisely
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security IntelligenceSplunk
 
20101012 isa larry_clinton
20101012 isa larry_clinton20101012 isa larry_clinton
20101012 isa larry_clintonCIONET
 
Responding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacksResponding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacksIBM
 
Security Lifecycle Management Process
Security Lifecycle Management ProcessSecurity Lifecycle Management Process
Security Lifecycle Management ProcessBill Ross
 
Cyber Security Management in a Highly Innovative World
Cyber Security Management in a Highly Innovative WorldCyber Security Management in a Highly Innovative World
Cyber Security Management in a Highly Innovative WorldSafeNet
 
Conf 2019 - Workshop: Liam Glanfield - know your threat actor
Conf 2019 - Workshop: Liam Glanfield - know your threat actorConf 2019 - Workshop: Liam Glanfield - know your threat actor
Conf 2019 - Workshop: Liam Glanfield - know your threat actorTechExeter
 
Introduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeIntroduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeMelbourne IT
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Top Application Security Trends of 2012
Top Application Security Trends of 2012Top Application Security Trends of 2012
Top Application Security Trends of 2012DaveEdwards12
 

Similar to APT Webinar (20)

CBI Threat Landscape Webinar
CBI Threat Landscape WebinarCBI Threat Landscape Webinar
CBI Threat Landscape Webinar
 
Spear Phishing Defense
Spear Phishing DefenseSpear Phishing Defense
Spear Phishing Defense
 
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
 
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost AlertsHexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
 
Adaptive Defense - Understanding Cyber Attacks
Adaptive Defense - Understanding Cyber AttacksAdaptive Defense - Understanding Cyber Attacks
Adaptive Defense - Understanding Cyber Attacks
 
Understanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfUnderstanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdf
 
Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary
 
Data security in cloud
Data security in cloudData security in cloud
Data security in cloud
 
MT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in CybersecurityMT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in Cybersecurity
 
Addressing the Top 3 Real-world Security Challenges for Your IBM i Systems
Addressing the Top 3 Real-world Security Challenges for Your IBM i SystemsAddressing the Top 3 Real-world Security Challenges for Your IBM i Systems
Addressing the Top 3 Real-world Security Challenges for Your IBM i Systems
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
 
20101012 isa larry_clinton
20101012 isa larry_clinton20101012 isa larry_clinton
20101012 isa larry_clinton
 
Responding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacksResponding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacks
 
Security Lifecycle Management Process
Security Lifecycle Management ProcessSecurity Lifecycle Management Process
Security Lifecycle Management Process
 
Cyber Security Management in a Highly Innovative World
Cyber Security Management in a Highly Innovative WorldCyber Security Management in a Highly Innovative World
Cyber Security Management in a Highly Innovative World
 
Conf 2019 - Workshop: Liam Glanfield - know your threat actor
Conf 2019 - Workshop: Liam Glanfield - know your threat actorConf 2019 - Workshop: Liam Glanfield - know your threat actor
Conf 2019 - Workshop: Liam Glanfield - know your threat actor
 
Introduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeIntroduction to the Current Threat Landscape
Introduction to the Current Threat Landscape
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
Top Application Security Trends of 2012
Top Application Security Trends of 2012Top Application Security Trends of 2012
Top Application Security Trends of 2012
 

More from Joseph Schorr

Retail security-services--client-presentation
Retail security-services--client-presentationRetail security-services--client-presentation
Retail security-services--client-presentationJoseph Schorr
 
Rule 1: Cardio (and some other rules to keep intruders out)
Rule 1: Cardio (and some other rules to keep intruders out)Rule 1: Cardio (and some other rules to keep intruders out)
Rule 1: Cardio (and some other rules to keep intruders out)Joseph Schorr
 
Security awarenesspreso draft-v-11
Security awarenesspreso draft-v-11Security awarenesspreso draft-v-11
Security awarenesspreso draft-v-11Joseph Schorr
 
FETC - A Laptop in Every Classroom: Lessons Learned
FETC - A Laptop in Every Classroom: Lessons LearnedFETC - A Laptop in Every Classroom: Lessons Learned
FETC - A Laptop in Every Classroom: Lessons LearnedJoseph Schorr
 
Information Security - The Basics
Information Security - The BasicsInformation Security - The Basics
Information Security - The BasicsJoseph Schorr
 

More from Joseph Schorr (6)

Retail security-services--client-presentation
Retail security-services--client-presentationRetail security-services--client-presentation
Retail security-services--client-presentation
 
Rule 1: Cardio (and some other rules to keep intruders out)
Rule 1: Cardio (and some other rules to keep intruders out)Rule 1: Cardio (and some other rules to keep intruders out)
Rule 1: Cardio (and some other rules to keep intruders out)
 
Security awarenesspreso draft-v-11
Security awarenesspreso draft-v-11Security awarenesspreso draft-v-11
Security awarenesspreso draft-v-11
 
FETC - A Laptop in Every Classroom: Lessons Learned
FETC - A Laptop in Every Classroom: Lessons LearnedFETC - A Laptop in Every Classroom: Lessons Learned
FETC - A Laptop in Every Classroom: Lessons Learned
 
HIPAA Preso
HIPAA PresoHIPAA Preso
HIPAA Preso
 
Information Security - The Basics
Information Security - The BasicsInformation Security - The Basics
Information Security - The Basics
 

Recently uploaded

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 

Recently uploaded (20)

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 

APT Webinar

  • 1. ADVANCED PERSISTENT THREAT BREAKING THE ATTACK CYCLE Presented By: Joe Schorr Enterprise Security Practice Manager 800.747.8585 | help@cbihome.com
  • 2. CBI Introduction Information Technology and Security Solutions Provider • Symantec Partner of the Year, Finalist • Symantec Platinum Partner • Globally capable, superior technical service Experienced Professionals • Operating for 20 years serving more than 500 clients world wide. • Broad customer base ranging from mid-size to Fortune 100 Experienced in Variety of Industries • Healthcare • Government • Banking & Financial Services • Legal • Manufacturing • Retail • Education 2 800.747.8585 | help@cbihome.com
  • 3. Enterprise Security Practice Joe Schorr: Enterprise Security Practice Manager Managing Consultant for the BT Ethical Hacking Center of Excellence CIO for a large non-profit Global Program Manager – International Network Services Endpoint Enterprise Server Datacenter IT GRC Managemen Security Management Management t 3 800.747.8585 | help@cbihome.com
  • 4. APT Defined APT is a group of sophisticated, determined and coordinated attacks and attackers that have been systematically targeting, exploiting and compromising U.S. Government and private networks. 4 800.747.8585 | help@cbihome.com
  • 5. “APT” Advanced means the adversary can operate in the full spectrum of computer intrusion. They can use the most pedestrian publicly available exploit against a well-known vulnerability, or they can elevate their game to research new vulnerabilities and develop custom exploits, depending on the target’s posture. Persistent means the adversary is formally tasked to accomplish a mission. They are not opportunistic intruders. Like an intelligence unit they receive directives and work to satisfy their masters. Persistent does not necessarily mean they need to constantly execute malicious code on victim computers. Rather, they maintain the level of interaction needed to execute their objectives. Threat means the adversary is not a piece of mindless code. This point is crucial. Some people throw around the term “threat” with reference to malware. If malware had no human attached to it (someone to control the victim, read the stolen data, etc.), then most malware would be of little worry (as long as it didn’t degrade or deny data). Rather, the adversary here is a threat because it is organized and funded and motivated. Some people speak of multiple “groups” consisting of dedicated “crews” with various missions. 5 800.747.8585 | help@cbihome.com
  • 6. Security Trends CHALLENGING THREAT LANDSCAPE MALICIOUS INSIDERS TARGETED ATTACKS INCREASING EVOLVING COMPLEXITY INCREASING FINANCIAL INFRASTRUCTURE AND BRAND RISK DATA GROWTH COMPLIANCE REQUIREMENTS MOBILE VIRTUALIZATION VENDOR COMPLEXITY CLOUD 6 800.747.8585 | help@cbihome.com
  • 7. Recent Events & Evidence A picture of the hacking software shown during the Chinese military program. The large writing at the top says "Select Attack Target." Next, the user choose an IP address to attack from (it belongs to an American university). The drop-down box is a list of Falun Gong websites, while the button on the left says "Attack." 7 800.747.8585 | help@cbihome.com
  • 8. RSA and .gov Contractors 8 800.747.8585 | help@cbihome.com
  • 9. Ever wonder? 9 800.747.8585 | help@cbihome.com
  • 10. RSA wasn’t alone. http://krebsonsecurity.com/ 10 800.747.8585 | help@cbihome.com
  • 11. Smoking gun http://krebsonsecurity.com/ 11 800.747.8585 | help@cbihome.com
  • 12. STUXNET + = 12 800.747.8585 | help@cbihome.com
  • 13. ‘Duqu’ the Son of STUXNET 13 800.747.8585 | help@cbihome.com
  • 14. Attack Cycle Step 4 • Obtain User Credentials • Install Tools • Escalate privs Step 6 Step 2 •Persistence Step 5 • Delivery of •Residency Expoit • Data Theft and • Enter target Exfltration Step 3 • Create Backdoor • Contact Command & Control (C&C) Step 1 servers • Reconnaissance 14 800.747.8585 | help@cbihome.com
  • 15. What does this look like? 1. Target selected from shopping list 2. Passive searching – ‘Google-Fu’ 3. Cyber-stalking via Facebook and Linked In 4. Select individuals for Spear-phishing attack 5. Social Engineer custom mail to targets 6. Payload deploys, begins harvest of credentials 7. ‘Owns’ servers and establishes backdoor, establishes tunnels, typically via Port 443 and 53 8. Take data, encrypt and compress and send it home 9. Dormancy until further orders 15 800.747.8585 | help@cbihome.com
  • 16. Some APT Attack components •Blended weaponized STUXNET clones •Endpoint Compromise •CA Attacks 800.747.8585 | help@cbihome.com
  • 17. 6 recommendations MONITOR! Yes, this means SIM and it also means monitoring your monitor DAILY. If you have challenges in this area consider a MSS solution. MANAGE! access control systems. User management and passwords are not sexy but weak management of this important, basic operational task provides a HUGE attack vector. ENGINEER! your WHOLE network to be secure. The security architecture is not just routers and firewalls. Server, endpoint and application security are as important to a healthy, well-defended enterprise. PATCH! Don’t let the ‘I’ll wait for others to go first….’ mentality lead to inertia. Bad patch management has a direct role in most server and application exploits TEST! your security. Early and often. STOP! The leaks. 17 800.747.8585 | help@cbihome.com
  • 18. Symantec DLP Overview Storage Endpoint Network Symantec™ Data Loss Prevention Symantec™ Symantec™ Network Discover Data Loss Prevention Data Loss Prevention Endpoint Discover Network Monitor Symantec™ Data Loss Prevention Data Insight Symantec™ Symantec™ Symantec™ Data Loss Prevention Data Loss Prevention Data Loss Prevention Endpoint Prevent Network Prevent Network Protect Management Platform Symantec™ Data Loss Prevention Enforce Platform 18 800.747.8585 | help@cbihome.com
  • 19. DLP Progress Model Baseline Remediation Notification Prevention 1000 Establish Initial Policies 800 Identify Broken Employee and Business Incidents Per Week Business Unit Processes 600 Communication Fix Broken Enable EDM/IDM Business Processes 400 Sender Auto Notification 200 Business Unit Risk Scorecard 0 Risk Reduction Over Time Client Company 19 800.747.8585 | help@cbihome.com
  • 20. EndPoint Progress Baseline Remediation Notification Prevention 1000 Establish Initial Policies 800 Identify Broken Employee and Business Incidents Per Week Business Unit Processes 600 Communication Fix Broken Enable EDM/IDM Business Processes 400 Sender Auto Notification 200 Business Unit Risk Scorecard 0 Risk Reduction Over Time Client Company 20 800.747.8585 | help@cbihome.com
  • 21. Network Progress Baseline Remediation Notification Prevention 1000 Establish Initial Policies 800 Identify Broken Employee and Business Incidents Per Week Business Unit Processes 600 Communication Fix Broken Enable EDM/IDM Business Processes 400 Sender Auto Notification 200 Business Unit Risk Scorecard 0 Risk Reduction Over Time Client Company 21 800.747.8585 | help@cbihome.com
  • 22. Storage Progress Baseline Remediation Notification Prevention 1000 Establish Initial Policies 800 Identify Broken Employee and Business Incidents Per Week Business Unit Processes 600 Communication Fix Broken Enable EDM/IDM Business Processes 400 Sender Auto Notification 200 Business Unit Risk Scorecard 0 Risk Reduction Over Time Client Company 22 800.747.8585 | help@cbihome.com
  • 23. Desired State for Data Loss The primary goals of using Symantec’s DLP solution are to: 1. Protect confidential and regulated data from leaking or misuse based on corporate business practices 2. Meet or exceed all government regulatory data protection requirements 3. Protect the Client Company brand and image. 23 800.747.8585 | help@cbihome.com
  • 24. Desired State for Data Loss The DLP solution should perform the following functions: 1. Identify data based on current government regulations and company policies 2. Tuned to minimize false positives 3. Educate Users on proper data handling policies. 4. Notify appropriate parties of data leakage or misuse. 5. Block data leakage or misuse 6. Find sensitive data in file shares and SharePoint 7. Determine who is using data 24 800.747.8585 | help@cbihome.com
  • 25. Examples of Successful DLP Outcomes 1. Internet traffic is monitored and incidents are created when suspected or confidential data leaves via email or other web process. 2. Endpoint activity is monitored and incidents are created when suspected or confidential data is transferred to USB drives. 3. Manual searches on datastores can be performed if needed 4. General process for handling data breach incidents is established 25 800.747.8585 | help@cbihome.com
  • 26. Recommendations 1. Upgrade to Symantec Data Loss Prevention version 11.1 2. Refine Existing Policies and Responses 3. Run Network Discover scans 4. Begin using notifications 5. Deploy Email Network Prevent with Symantec Messaging Gateway 6. Deploy Web Network Prevent with Symantec Web Gateway or other ICAP proxy server. 7. Deploy Data Insight 26 800.747.8585 | help@cbihome.com
  • 27. Global Intelligence Network Identifies more threats, takes action faster & prevents impact Calgary, Alberta Dublin, Ireland Reading, England Tokyo, Japan San Francisco, CA Mountain View, CA Austin, TX Chengdu, China Alexandria, VA Culver City, CA Taipei, Taiwan Chennai, India Pune, India Chennai, India Sydney, Australia Worldwide Coverage Global Scope and Scale 24x7 Event Logging Rapid Detection Attack Activity Malware Intelligence Vulnerabilities Spam/Phishing • 240,000 sensors • 150M client, server, • 35,000+ vulnerabilities • 5M decoy accounts • 200+ countries and gateways monitored • 11,000 vendors • 8B+ email messages/day territories • Global coverage • 80,000 technologies • 1B+ web requests/day Preemptive Security Alerts Information Protection Threat Triggered Actions 800.747.8585 | help@cbihome.com
  • 28. Next Steps Security and Advisory Assessments – In-depth, consultative engagements – Evaluate and improve your overall security program – Address specific concerns (e.g. PCI/ mobile security issues) 28 800.747.8585 | help@cbihome.com
  • 29. THANK YOU jschorr@cbihome.com @JoeSchorr 800.747.8585 | help@cbihome.com