SlideShare una empresa de Scribd logo

Key elements of security threat

Araf Karsh Hamid
Araf Karsh Hamid

This document describes the evolution of Security Monitoring Solutions and the next stage in the SIEM evolution

Tecnología
1 de 5
Descargar para leer sin conexión
The Art of Digital War The objective of this section is to identify the issues around a digital intrusion. The following diagram shows the picture of a digital intrusion time line (by an internal or external Intruder or an automated Intruder – virus / worm / bots etc) along with the Vulnerability time line and security monitoring tools with current features and future building blocks. The focus is on the fundamental problems, and it will not go into analyzing different digital attack patterns or any vulnerability analysis. Latest CERT reports a total of 59901 vulnerabilities for the year 2005 an increase of 58.5% from the year 2004 and a 3402% increase from the year 1995. Usually vulnerability in an application is due to un-identified bug in the code. However there are times when backdoors written explicitly in some application to get into a users machine. An intentional backdoor into any system is more dangerous than an accidental bug due to an oversight or bad coding practices. Huge debate gone over the recent WMF2 1 2005 Vulnerability List http://www.cert.org/stats/cert_stats.html 2 WMF Vulnerability – MS Advisory 912840 - http://www.microsoft.com/technet/security/advisory/912840.mspx Security Focus - Zero-day WMF flaw underscores patch problems by Robert Lemos – January 12, 2006 http://www.securityfocus.com/news/11368
(Windows Meta File) Vulnerability – Microsoft Security Advisory (912840) whether it’s an intentional backdoor or not. “Speeding up the patch process is never going to solve the problem; it is never going to be fast enough. We need to be investing very heavily in zero-day defenses, because another zero-day will happen. There is a lot of talk about whether (the software vendor has) gotten the patch out in time, but the real conversation should be about risk removal, not risk mitigation.” Richard Ford, associate professor of computer science, Florida Institute of Technology “Application vulnerabilities propagate so rapidly today that the old methods of dealing with them no longer suffice. New standards like AVDL offer one of the best hopes of breaking this cycle by dramatically reducing the time between the discovery of a new vulnerability and the effective response at enterprise sites” John Pescatore - Vice President of Security Research, Gartner Security Threat Modeling Security Threat Modeling is an essential process to protect the Assets (or applications). It helps the organizations to determine the correct controls and produce effective counter measures within the budget. Effective management and understanding of the vulnerabilities is required to efficiently defend attacks against those (vulnerabilities). As the number vulnerabilities increases year by year the customer needs a mechanism to identify the most critical vulnerabilities in his enterprise. The Core of Digital Security The three key things in digital security for the enterprise are identifying and classifying the Intruder and their attacks on the Assets and the Damage it can cause on the enterprise or the potential damage on the similar attacks in the future. Regulatory compliance and other government regulations revolve around the core or rather monitoring the health of the core. The above image shows the Intruder attack sophistication and the incident time line which starts when the intruder finds the vulnerability in the enterprise and the actual break-in and the damage he causes by information leakage, denial of service on critical systems, and attack on other systems etc. The Defense sections shows the 3 phases which is as follows; the Monitoring phase, Attack discovery on the assets and the Containment and the Remediation process. The key will be how efficiently we can correlate and provide relevant information back to the end user at the right time so that he/she (the analyst) can stop the attack (while in progress) before it wrecks havoc in the enterprise. The three core areas (Intruder, Assets and Damage) will remain same today (2006) or even after 15 or 20 or 2000 years. What matters is how good we are at identifying these three key elements and build a robust Security Threat Model around it. Intruders and their Attacks
Classification of an Intruder is critical in understanding the Threat the intruder posses. A good Security Threat Model needs to understand the strengths, weakness and the attack methodologies of any Intruder. The Intruders are classified into 3 – Internal, External and Automated (Robotic) Intruder. Classification of Intruders helps us to prioritize the incidents and focus on the relevant incident. Assets Security revolves around protecting the Assets (Behind every Asset there will be some applications). Asset oriented Security Monitoring will be the key in this evolution. Application infrastructure of the future will be heavily distributed in nature with SOA (Service Oriented Architecture). Protecting the business services will be the most important aspect in the service oriented world. Asset Oriented Security Monitoring will eventually move towards applications and in the future will lead to protecting the collection of web services3 which the applications published. Security will go down to the fabric of the distributed applications. According to Forrester the ERP4 Market will be $24 Billion by the end of 2008. SAP5 the leading ERP Application provider will be moving to Service Oriented architecture by the end of 2008. Classification of assets is important to protect the assets efficiently. Asset value will not yield this classification. For example an asset which contains blog and user forum data will be classified differently compared to assets with financial transaction databases. There will be assets which require protection while data at rest6 as well as protection of data on the wire. Damage caused by Incidents and its impact The above chart and depicts the damage impact if a break in happens. Today the users do the impact manually and lot of different software applications will be used in the complete process. Streamlining this business process and using this data to further improve process will help in quick remediation and containment. Tracking the cost of Incidents, resources required for containment and remediation, and the time spent will help in predicting the actual cost involved if the similar attacks happens in the future. This information can be used in the Security Threat Model to narrow down the attacks and vulnerabilities where the potential damage will very high. Digital Security - Building Blocks 3 Forrester – Large Enterprises Pursue Strategic SOA by Randy Heffner - April 5, 2005 http://www.forrester.com/Research/Document/0,7211,36580,00.html 4 ERP Apps – Technology and Industry Battle heats up by Paul Hamerman, R Wang – June 9, 2005 Site: http://www.forrester.com/Research/Document/0,7211,37058,00.html 5 SAPs Big Bet To Revolutionize App by Erin Kinikin – August 3, 2004 http://www.forrester.com/Research/Document/0,7211,34739,00.html 6 Forrester Wave – Data Encryption Solutions Q3, 2005 http://www.forrester.com/Research/Document/0,7211,36486,00.html Application Security – http://www.appsecinc.com Encryption of Data at Rest - http://www.appsecinc.com/presentations/Encryption_of_Data_at_Rest.pdf DMReview – Information Management: Encryption at Rest http://www.dmreview.com/article_sub.cfm?articleId=1033567
The first generation of security management tools processed data from security devices like firewalls, intrusion detection systems, vulnerability scanners apart from network devices like routers and switches. Correlation technologies correlated the events across the systems. However, these systems focused more on handling the events. This model is an extension of log management systems which started of the Digital Security Management space. The second generation Security Management tools focuses more on entities like Assets and its relevance, Network and its importance, Attacker (with classification) and threat levels, Vulnerability Severity relevant to the network. This model deviates from the first generation event based management as the focus is on the entity rather than the events. Entity model in the second generation simplifies the process of building a Security Threat Model compared to first generation event model based Risk or Threat Scores. The CSO7 / CISO are focused more on protecting their assets instead of worrying about how many events passed through the network. The third generation of Security Management will move closer to where the real action in the enterprise digital world – ‘The Applications’. As per the Forrester and Gartner8 most of the enterprise applications will move towards SOA9 (Service Oriented Architecture) by the end of 2008-2009. Cisco already announced the Cisco AON (Application Oriented Network) Architecture where the focus is on routing the application specific traffic. End of the day security is all about protecting the data (information or knowledge) created by the applications (Assets in the enterprise) and the applications runs 24/7. The Fourth generation of Security Management will see the convergence of physical security with information security. As per Forrester forecast10 Security Convergence spending for Europe and North America combined will be $11 Billion dollars in 2008 compare to $506 million in 2004. Conclusion The objective of this document is to highlight the core of digital security and the expectations around the core. Around 30-40 years ago we knew that the fundamentals 7 CSO Online - http://www.csoonline.com/research/leadership/cso_role.html 8 Gartner – http://www.gartner.com Future of Enterprise Security – September 15, 2004 http://www.gartner.com/DisplayDocument?ref=g_search&id=454567 Cool Vendors in Security and Privacy – March 28, 2005 http://www.gartner.com/DisplayDocument?ref=g_search&id=475999 9 Forrester – Your Strategic SOA Platform Vision By Randy Heffner – March 29, 2005 Site: http://www.forrester.com/Research/Document/0,7211,35951,00.html Development Roles In The World Of Service-Oriented Architecture – January, 13, 2005 http://www.forrester.com/Research/Document/0,7211,35822,00.html SOAP Vs REST – A Comparison – By Randy Heffner, September 13, 2004 http://www.forrester.com/Research/Document/0,7211,35361,00.html Forrester Wave – Enterprise Service Bus Q4 2005 http://www.forrester.com/Research/Document/0,7211,36162,00.html 10 Forrester - Trends 2005: Security Convergence Gets Real By Steve Hunt – January 11, 2005 http://www.forrester.com/Research/Document/0,7211,36137,00.html Converged IT And Physical Security: Small But Real – By Laura Koetzle April 15, 2005 http://www.forrester.com/Research/Document/0,7211,36680,00.html
of Atom11 are electron, proton and neutron. As the science progressed we realized that protons and neutrons were made up of quarks12 and discovered hundreds of sub atomic particles13 and then finally to ‘Strings’ and the String theory14, However, electrons, protons and neutrons still remains as fundamental particles (at atomic level). So, let me re-instate the core again. Do we think the above three elements will change in the year 213115. The answer is a big ‘NO’. There will never be a silver bullet which will solve all the problems. What you can do is to improve the probability of successfully defending any attack. After so much of advances in medical sciences the common cold still exists! If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle. The Art of War - Sun Tzu. Lived: 500-320 BC 11 CERN – The worlds largest particle physics lab - http://public.web.cern.ch/Public/Welcome.html 12 Stanford University – Quarks Theory http://www2.slac.stanford.edu/vvc/theory/quarks.html 13 Getting closer to the God Particle - http://arafkarsh.blogspot.com/2005_02_01_arafkarsh_archive.html 14 String Theory - http://www.superstringtheory.com/index.html 15 What is so peculiar about this year?

Recomendados

What Is Solution Architecture? The Black Art Of I/T Solution Architecture
What Is Solution Architecture? The Black Art Of I/T Solution ArchitectureWhat Is Solution Architecture? The Black Art Of I/T Solution Architecture
What Is Solution Architecture? The Black Art Of I/T Solution ArchitectureNick Noecker
 
Event Storming and Saga
Event Storming and SagaEvent Storming and Saga
Event Storming and SagaAraf Karsh Hamid
 
IBM INTEGRATION BUS (IIB V10)—DATA ROUTING AND TRANSFORMATION
IBM INTEGRATION BUS (IIB V10)—DATA ROUTING AND TRANSFORMATIONIBM INTEGRATION BUS (IIB V10)—DATA ROUTING AND TRANSFORMATION
IBM INTEGRATION BUS (IIB V10)—DATA ROUTING AND TRANSFORMATIONKellton Tech Solutions Ltd
 
Blockchain solution architecture deliverable
Blockchain solution architecture deliverableBlockchain solution architecture deliverable
Blockchain solution architecture deliverableSarmad Ibrahim
 
[WSO2Con EU 2017] Building Smart, Connected Products with WSO2 IoT Platform
[WSO2Con EU 2017] Building Smart, Connected Products with WSO2 IoT Platform[WSO2Con EU 2017] Building Smart, Connected Products with WSO2 IoT Platform
[WSO2Con EU 2017] Building Smart, Connected Products with WSO2 IoT PlatformWSO2
 
[Meetup] Building an Integration Agile Digital Enterprise
[Meetup] Building an Integration Agile Digital Enterprise[Meetup] Building an Integration Agile Digital Enterprise
[Meetup] Building an Integration Agile Digital EnterpriseWSO2
 
Interface characteristics - Kim Clark and Brian Petrini
Interface characteristics - Kim Clark and Brian PetriniInterface characteristics - Kim Clark and Brian Petrini
Interface characteristics - Kim Clark and Brian PetriniKim Clark
 
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...F5 Networks
 

Recomendados

What Is Solution Architecture? The Black Art Of I/T Solution Architecture
What Is Solution Architecture? The Black Art Of I/T Solution ArchitectureWhat Is Solution Architecture? The Black Art Of I/T Solution Architecture
What Is Solution Architecture? The Black Art Of I/T Solution ArchitectureNick Noecker
 
Event Storming and Saga
Event Storming and SagaEvent Storming and Saga
Event Storming and SagaAraf Karsh Hamid
 
IBM INTEGRATION BUS (IIB V10)—DATA ROUTING AND TRANSFORMATION
IBM INTEGRATION BUS (IIB V10)—DATA ROUTING AND TRANSFORMATIONIBM INTEGRATION BUS (IIB V10)—DATA ROUTING AND TRANSFORMATION
IBM INTEGRATION BUS (IIB V10)—DATA ROUTING AND TRANSFORMATIONKellton Tech Solutions Ltd
 
Blockchain solution architecture deliverable
Blockchain solution architecture deliverableBlockchain solution architecture deliverable
Blockchain solution architecture deliverableSarmad Ibrahim
 
[WSO2Con EU 2017] Building Smart, Connected Products with WSO2 IoT Platform
[WSO2Con EU 2017] Building Smart, Connected Products with WSO2 IoT Platform[WSO2Con EU 2017] Building Smart, Connected Products with WSO2 IoT Platform
[WSO2Con EU 2017] Building Smart, Connected Products with WSO2 IoT PlatformWSO2
 
[Meetup] Building an Integration Agile Digital Enterprise
[Meetup] Building an Integration Agile Digital Enterprise[Meetup] Building an Integration Agile Digital Enterprise
[Meetup] Building an Integration Agile Digital EnterpriseWSO2
 
Interface characteristics - Kim Clark and Brian Petrini
Interface characteristics - Kim Clark and Brian PetriniInterface characteristics - Kim Clark and Brian Petrini
Interface characteristics - Kim Clark and Brian PetriniKim Clark
 
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...F5 Networks
 
Sukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak
 
The Complete Guide to Service Mesh
The Complete Guide to Service MeshThe Complete Guide to Service Mesh
The Complete Guide to Service MeshAspen Mesh
 
MicroServices, yet another architectural style?
MicroServices, yet another architectural style?MicroServices, yet another architectural style?
MicroServices, yet another architectural style?ACA IT-Solutions
 
Using Docker container technology with F5 Networks products and services
Using Docker container technology with F5 Networks products and servicesUsing Docker container technology with F5 Networks products and services
Using Docker container technology with F5 Networks products and servicesF5 Networks
 
Best Practices Building Cloud Scale Apps with Microservices
Best Practices Building Cloud Scale Apps with MicroservicesBest Practices Building Cloud Scale Apps with Microservices
Best Practices Building Cloud Scale Apps with MicroservicesJim (张建军) Zhang
 
Bluemix IoT Cloud Foundry Meetup slides
Bluemix IoT Cloud Foundry Meetup slidesBluemix IoT Cloud Foundry Meetup slides
Bluemix IoT Cloud Foundry Meetup slidesValerie Lampkin
 
IBM Hybrid Integration Platform
IBM Hybrid Integration PlatformIBM Hybrid Integration Platform
IBM Hybrid Integration PlatformRobert Nicholson
 
The evolving story for Agile Integration Architecture in 2019
The evolving story for Agile Integration Architecture in 2019The evolving story for Agile Integration Architecture in 2019
The evolving story for Agile Integration Architecture in 2019Kim Clark
 
React js vs react native a comparative analysis
React js vs react native a comparative analysisReact js vs react native a comparative analysis
React js vs react native a comparative analysisShelly Megan
 
Enterprise Application Integration Technologies
Enterprise Application Integration TechnologiesEnterprise Application Integration Technologies
Enterprise Application Integration TechnologiesPeter R. Egli
 
Implementing zero trust in IBM Cloud Pak for Integration
Implementing zero trust in IBM Cloud Pak for IntegrationImplementing zero trust in IBM Cloud Pak for Integration
Implementing zero trust in IBM Cloud Pak for IntegrationKim Clark
 
ING microServices
ING microServicesING microServices
ING microServicesAndrei Rugina
 
Using Service Discovery and Service Proxy
Using Service Discovery and Service ProxyUsing Service Discovery and Service Proxy
Using Service Discovery and Service ProxyIBM
 
vinay-mittal-new
vinay-mittal-newvinay-mittal-new
vinay-mittal-newVinay Mittal
 
Cloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsCloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsDr. Sunil Kr. Pandey
 
The Significant role of event driven apps in software development
The Significant role of event driven apps in software development The Significant role of event driven apps in software development
The Significant role of event driven apps in software development Shelly Megan
 
Biznet Gio Presentation - Cloud Computing
Biznet Gio Presentation - Cloud ComputingBiznet Gio Presentation - Cloud Computing
Biznet Gio Presentation - Cloud ComputingYusuf Hadiwinata Sutandar
 
Deep-dive into Microservice Outer Architecture
Deep-dive into Microservice Outer ArchitectureDeep-dive into Microservice Outer Architecture
Deep-dive into Microservice Outer ArchitectureWSO2
 
Where can you use serverless?  How does it relate to APIs, integration and mi...
Where can you use serverless?  How does it relate to APIs, integration and mi...Where can you use serverless?  How does it relate to APIs, integration and mi...
Where can you use serverless?  How does it relate to APIs, integration and mi...Kim Clark
 
The design and implementation of trade finance application based on hyperledg...
The design and implementation of trade finance application based on hyperledg...The design and implementation of trade finance application based on hyperledg...
The design and implementation of trade finance application based on hyperledg...Conference Papers
 
Safeguarding the Enterprise
Safeguarding the EnterpriseSafeguarding the Enterprise
Safeguarding the EnterpriseADGP, Public Grivences, Bangalore
 
Research Article On Web Application Security
Research Article On Web Application SecurityResearch Article On Web Application Security
Research Article On Web Application SecuritySaadSaif6
 

Más contenido relacionado

La actualidad más candente

Sukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak
 
The Complete Guide to Service Mesh
The Complete Guide to Service MeshThe Complete Guide to Service Mesh
The Complete Guide to Service MeshAspen Mesh
 
MicroServices, yet another architectural style?
MicroServices, yet another architectural style?MicroServices, yet another architectural style?
MicroServices, yet another architectural style?ACA IT-Solutions
 
Using Docker container technology with F5 Networks products and services
Using Docker container technology with F5 Networks products and servicesUsing Docker container technology with F5 Networks products and services
Using Docker container technology with F5 Networks products and servicesF5 Networks
 
Best Practices Building Cloud Scale Apps with Microservices
Best Practices Building Cloud Scale Apps with MicroservicesBest Practices Building Cloud Scale Apps with Microservices
Best Practices Building Cloud Scale Apps with MicroservicesJim (张建军) Zhang
 
Bluemix IoT Cloud Foundry Meetup slides
Bluemix IoT Cloud Foundry Meetup slidesBluemix IoT Cloud Foundry Meetup slides
Bluemix IoT Cloud Foundry Meetup slidesValerie Lampkin
 
IBM Hybrid Integration Platform
IBM Hybrid Integration PlatformIBM Hybrid Integration Platform
IBM Hybrid Integration PlatformRobert Nicholson
 
The evolving story for Agile Integration Architecture in 2019
The evolving story for Agile Integration Architecture in 2019The evolving story for Agile Integration Architecture in 2019
The evolving story for Agile Integration Architecture in 2019Kim Clark
 
React js vs react native a comparative analysis
React js vs react native a comparative analysisReact js vs react native a comparative analysis
React js vs react native a comparative analysisShelly Megan
 
Enterprise Application Integration Technologies
Enterprise Application Integration TechnologiesEnterprise Application Integration Technologies
Enterprise Application Integration TechnologiesPeter R. Egli
 
Implementing zero trust in IBM Cloud Pak for Integration
Implementing zero trust in IBM Cloud Pak for IntegrationImplementing zero trust in IBM Cloud Pak for Integration
Implementing zero trust in IBM Cloud Pak for IntegrationKim Clark
 
Using Service Discovery and Service Proxy
Using Service Discovery and Service ProxyUsing Service Discovery and Service Proxy
Using Service Discovery and Service ProxyIBM
 
Cloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsCloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsDr. Sunil Kr. Pandey
 
The Significant role of event driven apps in software development
The Significant role of event driven apps in software development The Significant role of event driven apps in software development
The Significant role of event driven apps in software development Shelly Megan
 
Deep-dive into Microservice Outer Architecture
Deep-dive into Microservice Outer ArchitectureDeep-dive into Microservice Outer Architecture
Deep-dive into Microservice Outer ArchitectureWSO2
 
Where can you use serverless?  How does it relate to APIs, integration and mi...
Where can you use serverless?  How does it relate to APIs, integration and mi...Where can you use serverless?  How does it relate to APIs, integration and mi...
Where can you use serverless?  How does it relate to APIs, integration and mi...Kim Clark
 
The design and implementation of trade finance application based on hyperledg...
The design and implementation of trade finance application based on hyperledg...The design and implementation of trade finance application based on hyperledg...
The design and implementation of trade finance application based on hyperledg...Conference Papers
 

La actualidad más candente (20)

Sukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud Management
 
The Complete Guide to Service Mesh
The Complete Guide to Service MeshThe Complete Guide to Service Mesh
The Complete Guide to Service Mesh
 
MicroServices, yet another architectural style?
MicroServices, yet another architectural style?MicroServices, yet another architectural style?
MicroServices, yet another architectural style?
 
Using Docker container technology with F5 Networks products and services
Using Docker container technology with F5 Networks products and servicesUsing Docker container technology with F5 Networks products and services
Using Docker container technology with F5 Networks products and services
 
Best Practices Building Cloud Scale Apps with Microservices
Best Practices Building Cloud Scale Apps with MicroservicesBest Practices Building Cloud Scale Apps with Microservices
Best Practices Building Cloud Scale Apps with Microservices
 
Bluemix IoT Cloud Foundry Meetup slides
Bluemix IoT Cloud Foundry Meetup slidesBluemix IoT Cloud Foundry Meetup slides
Bluemix IoT Cloud Foundry Meetup slides
 
IBM Hybrid Integration Platform
IBM Hybrid Integration PlatformIBM Hybrid Integration Platform
IBM Hybrid Integration Platform
 
The evolving story for Agile Integration Architecture in 2019
The evolving story for Agile Integration Architecture in 2019The evolving story for Agile Integration Architecture in 2019
The evolving story for Agile Integration Architecture in 2019
 
React js vs react native a comparative analysis
React js vs react native a comparative analysisReact js vs react native a comparative analysis
React js vs react native a comparative analysis
 
Enterprise Application Integration Technologies
Enterprise Application Integration TechnologiesEnterprise Application Integration Technologies
Enterprise Application Integration Technologies
 
Implementing zero trust in IBM Cloud Pak for Integration
Implementing zero trust in IBM Cloud Pak for IntegrationImplementing zero trust in IBM Cloud Pak for Integration
Implementing zero trust in IBM Cloud Pak for Integration
 
ING microServices
ING microServicesING microServices
ING microServices
 
Using Service Discovery and Service Proxy
Using Service Discovery and Service ProxyUsing Service Discovery and Service Proxy
Using Service Discovery and Service Proxy
 
vinay-mittal-new
vinay-mittal-newvinay-mittal-new
vinay-mittal-new
 
Cloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsCloud Security, Standards and Applications
Cloud Security, Standards and Applications
 
The Significant role of event driven apps in software development
The Significant role of event driven apps in software development The Significant role of event driven apps in software development
The Significant role of event driven apps in software development
 
Biznet Gio Presentation - Cloud Computing
Biznet Gio Presentation - Cloud ComputingBiznet Gio Presentation - Cloud Computing
Biznet Gio Presentation - Cloud Computing
 
Deep-dive into Microservice Outer Architecture
Deep-dive into Microservice Outer ArchitectureDeep-dive into Microservice Outer Architecture
Deep-dive into Microservice Outer Architecture
 
Where can you use serverless?  How does it relate to APIs, integration and mi...
Where can you use serverless?  How does it relate to APIs, integration and mi...Where can you use serverless?  How does it relate to APIs, integration and mi...
Where can you use serverless?  How does it relate to APIs, integration and mi...
 
The design and implementation of trade finance application based on hyperledg...
The design and implementation of trade finance application based on hyperledg...The design and implementation of trade finance application based on hyperledg...
The design and implementation of trade finance application based on hyperledg...
 

Similar a Key elements of security threat

Research Article On Web Application Security
Research Article On Web Application SecurityResearch Article On Web Application Security
Research Article On Web Application SecuritySaadSaif6
 
EXPLORING CRITICAL VULNERABILITIES IN SIEM IMPLEMENTATION AND SOC SERVICE PRO...
EXPLORING CRITICAL VULNERABILITIES IN SIEM IMPLEMENTATION AND SOC SERVICE PRO...EXPLORING CRITICAL VULNERABILITIES IN SIEM IMPLEMENTATION AND SOC SERVICE PRO...
EXPLORING CRITICAL VULNERABILITIES IN SIEM IMPLEMENTATION AND SOC SERVICE PRO...IJNSA Journal
 
REAL TIME ENDPOINT INSIGHTS
REAL TIME ENDPOINT INSIGHTS REAL TIME ENDPOINT INSIGHTS
REAL TIME ENDPOINT INSIGHTS Accelerite
 
Application security Best Practices Framework
Application security Best Practices FrameworkApplication security Best Practices Framework
Application security Best Practices FrameworkSujata Raskar
 
Strategic HRM Plan Grading GuideHRM498 Version 42.docx
Strategic HRM Plan Grading GuideHRM498 Version 42.docxStrategic HRM Plan Grading GuideHRM498 Version 42.docx
Strategic HRM Plan Grading GuideHRM498 Version 42.docxflorriezhamphrey3065
 
Weathering the Storm of IT Security Compliance
Weathering the Storm of IT Security ComplianceWeathering the Storm of IT Security Compliance
Weathering the Storm of IT Security ComplianceCondition Zebra (CONZebra)
 
The Security Challenge: What's Next?
The Security Challenge: What's Next?The Security Challenge: What's Next?
The Security Challenge: What's Next?Cognizant
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementDMIMarketing
 
application-security-fallacies-and-realities-veracode
application-security-fallacies-and-realities-veracodeapplication-security-fallacies-and-realities-veracode
application-security-fallacies-and-realities-veracodesciccone
 
Secure Software Development Life Cycle
Secure Software Development Life CycleSecure Software Development Life Cycle
Secure Software Development Life CycleMaurice Dawson
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - WebFahd Khan
 
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODEL
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODELSECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODEL
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODELIJCSEIT Journal
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk ManagementDMIMarketing
 
ultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeSean Varga
 
Ultimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecUltimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecJessica Lavery Pozerski
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateKashif Ali
 
2023 - IBM Cost of a Data Breach Report.pdf
2023 - IBM Cost of a Data Breach Report.pdf2023 - IBM Cost of a Data Breach Report.pdf
2023 - IBM Cost of a Data Breach Report.pdfErickaDiaz24
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsFrederic Roy-Gobeil, CPA, CGA, M.Tax.
 
Include at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inInclude at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inmaribethy2y
 

Similar a Key elements of security threat (20)

Safeguarding the Enterprise
Safeguarding the EnterpriseSafeguarding the Enterprise
Safeguarding the Enterprise
 
Research Article On Web Application Security
Research Article On Web Application SecurityResearch Article On Web Application Security
Research Article On Web Application Security
 
EXPLORING CRITICAL VULNERABILITIES IN SIEM IMPLEMENTATION AND SOC SERVICE PRO...
EXPLORING CRITICAL VULNERABILITIES IN SIEM IMPLEMENTATION AND SOC SERVICE PRO...EXPLORING CRITICAL VULNERABILITIES IN SIEM IMPLEMENTATION AND SOC SERVICE PRO...
EXPLORING CRITICAL VULNERABILITIES IN SIEM IMPLEMENTATION AND SOC SERVICE PRO...
 
REAL TIME ENDPOINT INSIGHTS
REAL TIME ENDPOINT INSIGHTS REAL TIME ENDPOINT INSIGHTS
REAL TIME ENDPOINT INSIGHTS
 
Application security Best Practices Framework
Application security Best Practices FrameworkApplication security Best Practices Framework
Application security Best Practices Framework
 
Strategic HRM Plan Grading GuideHRM498 Version 42.docx
Strategic HRM Plan Grading GuideHRM498 Version 42.docxStrategic HRM Plan Grading GuideHRM498 Version 42.docx
Strategic HRM Plan Grading GuideHRM498 Version 42.docx
 
Weathering the Storm of IT Security Compliance
Weathering the Storm of IT Security ComplianceWeathering the Storm of IT Security Compliance
Weathering the Storm of IT Security Compliance
 
The Security Challenge: What's Next?
The Security Challenge: What's Next?The Security Challenge: What's Next?
The Security Challenge: What's Next?
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
 
application-security-fallacies-and-realities-veracode
application-security-fallacies-and-realities-veracodeapplication-security-fallacies-and-realities-veracode
application-security-fallacies-and-realities-veracode
 
Secure Software Development Life Cycle
Secure Software Development Life CycleSecure Software Development Life Cycle
Secure Software Development Life Cycle
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - Web
 
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODEL
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODELSECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODEL
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODEL
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
 
ultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracode
 
Ultimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecUltimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSec
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrate
 
2023 - IBM Cost of a Data Breach Report.pdf
2023 - IBM Cost of a Data Breach Report.pdf2023 - IBM Cost of a Data Breach Report.pdf
2023 - IBM Cost of a Data Breach Report.pdf
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of Things
 
Include at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inInclude at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words in
 

Más de Araf Karsh Hamid

Service Mesh - Observability
Service Mesh - ObservabilityService Mesh - Observability
Service Mesh - ObservabilityAraf Karsh Hamid
 
Microservices, DevOps & SRE
Microservices, DevOps & SREMicroservices, DevOps & SRE
Microservices, DevOps & SREAraf Karsh Hamid
 
CI-CD Jenkins, GitHub Actions, Tekton
CI-CD Jenkins, GitHub Actions, Tekton CI-CD Jenkins, GitHub Actions, Tekton
CI-CD Jenkins, GitHub Actions, Tekton Araf Karsh Hamid
 
Cloud Architecture - Multi Cloud, Edge, On-Premise
Cloud Architecture - Multi Cloud, Edge, On-PremiseCloud Architecture - Multi Cloud, Edge, On-Premise
Cloud Architecture - Multi Cloud, Edge, On-PremiseAraf Karsh Hamid
 
Containers Docker Kind Kubernetes Istio
Containers Docker Kind Kubernetes IstioContainers Docker Kind Kubernetes Istio
Containers Docker Kind Kubernetes IstioAraf Karsh Hamid
 
Microservices Testing Strategies JUnit Cucumber Mockito Pact
Microservices Testing Strategies JUnit Cucumber Mockito PactMicroservices Testing Strategies JUnit Cucumber Mockito Pact
Microservices Testing Strategies JUnit Cucumber Mockito PactAraf Karsh Hamid
 
Microservices Architecture, Monolith Migration Patterns
Microservices Architecture, Monolith Migration PatternsMicroservices Architecture, Monolith Migration Patterns
Microservices Architecture, Monolith Migration PatternsAraf Karsh Hamid
 
Big Data Redis Mongodb Dynamodb Sharding
Big Data Redis Mongodb Dynamodb ShardingBig Data Redis Mongodb Dynamodb Sharding
Big Data Redis Mongodb Dynamodb ShardingAraf Karsh Hamid
 
Apache Flink, AWS Kinesis, Analytics
Apache Flink, AWS Kinesis, Analytics Apache Flink, AWS Kinesis, Analytics
Apache Flink, AWS Kinesis, Analytics Araf Karsh Hamid
 
Event Sourcing & CQRS, Kafka, Rabbit MQ
Event Sourcing & CQRS, Kafka, Rabbit MQEvent Sourcing & CQRS, Kafka, Rabbit MQ
Event Sourcing & CQRS, Kafka, Rabbit MQAraf Karsh Hamid
 
Agile, User Stories, Domain Driven Design
Agile, User Stories, Domain Driven DesignAgile, User Stories, Domain Driven Design
Agile, User Stories, Domain Driven DesignAraf Karsh Hamid
 
Microservices Architecture - Cloud Native Apps
Microservices Architecture - Cloud Native AppsMicroservices Architecture - Cloud Native Apps
Microservices Architecture - Cloud Native AppsAraf Karsh Hamid
 
Microservices Docker Kubernetes Istio Kanban DevOps SRE
Microservices Docker Kubernetes Istio Kanban DevOps SREMicroservices Docker Kubernetes Istio Kanban DevOps SRE
Microservices Docker Kubernetes Istio Kanban DevOps SREAraf Karsh Hamid
 
Microservices, Containers, Kubernetes, Kafka, Kanban
Microservices, Containers, Kubernetes, Kafka, KanbanMicroservices, Containers, Kubernetes, Kafka, Kanban
Microservices, Containers, Kubernetes, Kafka, KanbanAraf Karsh Hamid
 
Blockchain HyperLedger Fabric Internals - Clavent
Blockchain HyperLedger Fabric Internals - ClaventBlockchain HyperLedger Fabric Internals - Clavent
Blockchain HyperLedger Fabric Internals - ClaventAraf Karsh Hamid
 
Blockchain Intro to Hyperledger Fabric
Blockchain Intro to Hyperledger Fabric Blockchain Intro to Hyperledger Fabric
Blockchain Intro to Hyperledger Fabric Araf Karsh Hamid
 

Más de Araf Karsh Hamid (20)

Elastic-Engineering
Elastic-EngineeringElastic-Engineering
Elastic-Engineering
 
Zero-Trust SASE DevSecOps
Zero-Trust SASE DevSecOpsZero-Trust SASE DevSecOps
Zero-Trust SASE DevSecOps
 
Service Mesh - Observability
Service Mesh - ObservabilityService Mesh - Observability
Service Mesh - Observability
 
Microservices, DevOps & SRE
Microservices, DevOps & SREMicroservices, DevOps & SRE
Microservices, DevOps & SRE
 
CI-CD Jenkins, GitHub Actions, Tekton
CI-CD Jenkins, GitHub Actions, Tekton CI-CD Jenkins, GitHub Actions, Tekton
CI-CD Jenkins, GitHub Actions, Tekton
 
Cloud Architecture - Multi Cloud, Edge, On-Premise
Cloud Architecture - Multi Cloud, Edge, On-PremiseCloud Architecture - Multi Cloud, Edge, On-Premise
Cloud Architecture - Multi Cloud, Edge, On-Premise
 
Containers Docker Kind Kubernetes Istio
Containers Docker Kind Kubernetes IstioContainers Docker Kind Kubernetes Istio
Containers Docker Kind Kubernetes Istio
 
Microservices Testing Strategies JUnit Cucumber Mockito Pact
Microservices Testing Strategies JUnit Cucumber Mockito PactMicroservices Testing Strategies JUnit Cucumber Mockito Pact
Microservices Testing Strategies JUnit Cucumber Mockito Pact
 
Microservices Architecture, Monolith Migration Patterns
Microservices Architecture, Monolith Migration PatternsMicroservices Architecture, Monolith Migration Patterns
Microservices Architecture, Monolith Migration Patterns
 
Big Data Redis Mongodb Dynamodb Sharding
Big Data Redis Mongodb Dynamodb ShardingBig Data Redis Mongodb Dynamodb Sharding
Big Data Redis Mongodb Dynamodb Sharding
 
Apache Flink, AWS Kinesis, Analytics
Apache Flink, AWS Kinesis, Analytics Apache Flink, AWS Kinesis, Analytics
Apache Flink, AWS Kinesis, Analytics
 
Event Sourcing & CQRS, Kafka, Rabbit MQ
Event Sourcing & CQRS, Kafka, Rabbit MQEvent Sourcing & CQRS, Kafka, Rabbit MQ
Event Sourcing & CQRS, Kafka, Rabbit MQ
 
Agile, User Stories, Domain Driven Design
Agile, User Stories, Domain Driven DesignAgile, User Stories, Domain Driven Design
Agile, User Stories, Domain Driven Design
 
Microservices Architecture - Cloud Native Apps
Microservices Architecture - Cloud Native AppsMicroservices Architecture - Cloud Native Apps
Microservices Architecture - Cloud Native Apps
 
Domain Driven Design
Domain Driven Design Domain Driven Design
Domain Driven Design
 
Docker Kubernetes Istio
Docker Kubernetes IstioDocker Kubernetes Istio
Docker Kubernetes Istio
 
Microservices Docker Kubernetes Istio Kanban DevOps SRE
Microservices Docker Kubernetes Istio Kanban DevOps SREMicroservices Docker Kubernetes Istio Kanban DevOps SRE
Microservices Docker Kubernetes Istio Kanban DevOps SRE
 
Microservices, Containers, Kubernetes, Kafka, Kanban
Microservices, Containers, Kubernetes, Kafka, KanbanMicroservices, Containers, Kubernetes, Kafka, Kanban
Microservices, Containers, Kubernetes, Kafka, Kanban
 
Blockchain HyperLedger Fabric Internals - Clavent
Blockchain HyperLedger Fabric Internals - ClaventBlockchain HyperLedger Fabric Internals - Clavent
Blockchain HyperLedger Fabric Internals - Clavent
 
Blockchain Intro to Hyperledger Fabric
Blockchain Intro to Hyperledger Fabric Blockchain Intro to Hyperledger Fabric
Blockchain Intro to Hyperledger Fabric
 

Último

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 

Último (20)

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 

Key elements of security threat

  • 1. The Art of Digital War The objective of this section is to identify the issues around a digital intrusion. The following diagram shows the picture of a digital intrusion time line (by an internal or external Intruder or an automated Intruder – virus / worm / bots etc) along with the Vulnerability time line and security monitoring tools with current features and future building blocks. The focus is on the fundamental problems, and it will not go into analyzing different digital attack patterns or any vulnerability analysis. Latest CERT reports a total of 59901 vulnerabilities for the year 2005 an increase of 58.5% from the year 2004 and a 3402% increase from the year 1995. Usually vulnerability in an application is due to un-identified bug in the code. However there are times when backdoors written explicitly in some application to get into a users machine. An intentional backdoor into any system is more dangerous than an accidental bug due to an oversight or bad coding practices. Huge debate gone over the recent WMF2 1 2005 Vulnerability List http://www.cert.org/stats/cert_stats.html 2 WMF Vulnerability – MS Advisory 912840 - http://www.microsoft.com/technet/security/advisory/912840.mspx Security Focus - Zero-day WMF flaw underscores patch problems by Robert Lemos – January 12, 2006 http://www.securityfocus.com/news/11368
  • 2. (Windows Meta File) Vulnerability – Microsoft Security Advisory (912840) whether it’s an intentional backdoor or not. “Speeding up the patch process is never going to solve the problem; it is never going to be fast enough. We need to be investing very heavily in zero-day defenses, because another zero-day will happen. There is a lot of talk about whether (the software vendor has) gotten the patch out in time, but the real conversation should be about risk removal, not risk mitigation.” Richard Ford, associate professor of computer science, Florida Institute of Technology “Application vulnerabilities propagate so rapidly today that the old methods of dealing with them no longer suffice. New standards like AVDL offer one of the best hopes of breaking this cycle by dramatically reducing the time between the discovery of a new vulnerability and the effective response at enterprise sites” John Pescatore - Vice President of Security Research, Gartner Security Threat Modeling Security Threat Modeling is an essential process to protect the Assets (or applications). It helps the organizations to determine the correct controls and produce effective counter measures within the budget. Effective management and understanding of the vulnerabilities is required to efficiently defend attacks against those (vulnerabilities). As the number vulnerabilities increases year by year the customer needs a mechanism to identify the most critical vulnerabilities in his enterprise. The Core of Digital Security The three key things in digital security for the enterprise are identifying and classifying the Intruder and their attacks on the Assets and the Damage it can cause on the enterprise or the potential damage on the similar attacks in the future. Regulatory compliance and other government regulations revolve around the core or rather monitoring the health of the core. The above image shows the Intruder attack sophistication and the incident time line which starts when the intruder finds the vulnerability in the enterprise and the actual break-in and the damage he causes by information leakage, denial of service on critical systems, and attack on other systems etc. The Defense sections shows the 3 phases which is as follows; the Monitoring phase, Attack discovery on the assets and the Containment and the Remediation process. The key will be how efficiently we can correlate and provide relevant information back to the end user at the right time so that he/she (the analyst) can stop the attack (while in progress) before it wrecks havoc in the enterprise. The three core areas (Intruder, Assets and Damage) will remain same today (2006) or even after 15 or 20 or 2000 years. What matters is how good we are at identifying these three key elements and build a robust Security Threat Model around it. Intruders and their Attacks
  • 3. Classification of an Intruder is critical in understanding the Threat the intruder posses. A good Security Threat Model needs to understand the strengths, weakness and the attack methodologies of any Intruder. The Intruders are classified into 3 – Internal, External and Automated (Robotic) Intruder. Classification of Intruders helps us to prioritize the incidents and focus on the relevant incident. Assets Security revolves around protecting the Assets (Behind every Asset there will be some applications). Asset oriented Security Monitoring will be the key in this evolution. Application infrastructure of the future will be heavily distributed in nature with SOA (Service Oriented Architecture). Protecting the business services will be the most important aspect in the service oriented world. Asset Oriented Security Monitoring will eventually move towards applications and in the future will lead to protecting the collection of web services3 which the applications published. Security will go down to the fabric of the distributed applications. According to Forrester the ERP4 Market will be $24 Billion by the end of 2008. SAP5 the leading ERP Application provider will be moving to Service Oriented architecture by the end of 2008. Classification of assets is important to protect the assets efficiently. Asset value will not yield this classification. For example an asset which contains blog and user forum data will be classified differently compared to assets with financial transaction databases. There will be assets which require protection while data at rest6 as well as protection of data on the wire. Damage caused by Incidents and its impact The above chart and depicts the damage impact if a break in happens. Today the users do the impact manually and lot of different software applications will be used in the complete process. Streamlining this business process and using this data to further improve process will help in quick remediation and containment. Tracking the cost of Incidents, resources required for containment and remediation, and the time spent will help in predicting the actual cost involved if the similar attacks happens in the future. This information can be used in the Security Threat Model to narrow down the attacks and vulnerabilities where the potential damage will very high. Digital Security - Building Blocks 3 Forrester – Large Enterprises Pursue Strategic SOA by Randy Heffner - April 5, 2005 http://www.forrester.com/Research/Document/0,7211,36580,00.html 4 ERP Apps – Technology and Industry Battle heats up by Paul Hamerman, R Wang – June 9, 2005 Site: http://www.forrester.com/Research/Document/0,7211,37058,00.html 5 SAPs Big Bet To Revolutionize App by Erin Kinikin – August 3, 2004 http://www.forrester.com/Research/Document/0,7211,34739,00.html 6 Forrester Wave – Data Encryption Solutions Q3, 2005 http://www.forrester.com/Research/Document/0,7211,36486,00.html Application Security – http://www.appsecinc.com Encryption of Data at Rest - http://www.appsecinc.com/presentations/Encryption_of_Data_at_Rest.pdf DMReview – Information Management: Encryption at Rest http://www.dmreview.com/article_sub.cfm?articleId=1033567
  • 4. The first generation of security management tools processed data from security devices like firewalls, intrusion detection systems, vulnerability scanners apart from network devices like routers and switches. Correlation technologies correlated the events across the systems. However, these systems focused more on handling the events. This model is an extension of log management systems which started of the Digital Security Management space. The second generation Security Management tools focuses more on entities like Assets and its relevance, Network and its importance, Attacker (with classification) and threat levels, Vulnerability Severity relevant to the network. This model deviates from the first generation event based management as the focus is on the entity rather than the events. Entity model in the second generation simplifies the process of building a Security Threat Model compared to first generation event model based Risk or Threat Scores. The CSO7 / CISO are focused more on protecting their assets instead of worrying about how many events passed through the network. The third generation of Security Management will move closer to where the real action in the enterprise digital world – ‘The Applications’. As per the Forrester and Gartner8 most of the enterprise applications will move towards SOA9 (Service Oriented Architecture) by the end of 2008-2009. Cisco already announced the Cisco AON (Application Oriented Network) Architecture where the focus is on routing the application specific traffic. End of the day security is all about protecting the data (information or knowledge) created by the applications (Assets in the enterprise) and the applications runs 24/7. The Fourth generation of Security Management will see the convergence of physical security with information security. As per Forrester forecast10 Security Convergence spending for Europe and North America combined will be $11 Billion dollars in 2008 compare to $506 million in 2004. Conclusion The objective of this document is to highlight the core of digital security and the expectations around the core. Around 30-40 years ago we knew that the fundamentals 7 CSO Online - http://www.csoonline.com/research/leadership/cso_role.html 8 Gartner – http://www.gartner.com Future of Enterprise Security – September 15, 2004 http://www.gartner.com/DisplayDocument?ref=g_search&id=454567 Cool Vendors in Security and Privacy – March 28, 2005 http://www.gartner.com/DisplayDocument?ref=g_search&id=475999 9 Forrester – Your Strategic SOA Platform Vision By Randy Heffner – March 29, 2005 Site: http://www.forrester.com/Research/Document/0,7211,35951,00.html Development Roles In The World Of Service-Oriented Architecture – January, 13, 2005 http://www.forrester.com/Research/Document/0,7211,35822,00.html SOAP Vs REST – A Comparison – By Randy Heffner, September 13, 2004 http://www.forrester.com/Research/Document/0,7211,35361,00.html Forrester Wave – Enterprise Service Bus Q4 2005 http://www.forrester.com/Research/Document/0,7211,36162,00.html 10 Forrester - Trends 2005: Security Convergence Gets Real By Steve Hunt – January 11, 2005 http://www.forrester.com/Research/Document/0,7211,36137,00.html Converged IT And Physical Security: Small But Real – By Laura Koetzle April 15, 2005 http://www.forrester.com/Research/Document/0,7211,36680,00.html
  • 5. of Atom11 are electron, proton and neutron. As the science progressed we realized that protons and neutrons were made up of quarks12 and discovered hundreds of sub atomic particles13 and then finally to ‘Strings’ and the String theory14, However, electrons, protons and neutrons still remains as fundamental particles (at atomic level). So, let me re-instate the core again. Do we think the above three elements will change in the year 213115. The answer is a big ‘NO’. There will never be a silver bullet which will solve all the problems. What you can do is to improve the probability of successfully defending any attack. After so much of advances in medical sciences the common cold still exists! If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle. The Art of War - Sun Tzu. Lived: 500-320 BC 11 CERN – The worlds largest particle physics lab - http://public.web.cern.ch/Public/Welcome.html 12 Stanford University – Quarks Theory http://www2.slac.stanford.edu/vvc/theory/quarks.html 13 Getting closer to the God Particle - http://arafkarsh.blogspot.com/2005_02_01_arafkarsh_archive.html 14 String Theory - http://www.superstringtheory.com/index.html 15 What is so peculiar about this year?