Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
•Descargar como PPTX, PDF•
0 recomendaciones•530 vistas
It's no secret that cybercriminals and the dynamic methods they use to do their dirty work are evolving faster than companies, governments and individuals are able to deal with them. Dexterity, unmatched domain expertise and the element of surprise creates advantages that grow each day. But what if IT security practitioners could use that power against their enemies, Jujitsu style? Dr. Eric Cole says this is not only possible, but it’s time to go on the offensive against attackers by using their intelligence, desire for attention, financial motivations and attack tendencies against them to strengthen your own security posture. Dr. Cole, a celebrated author, cyber security consultant for governments and the Fortune 100, and a former CIA security analyst, highlights some of the biggest IT security threats and the critical weaknesses that unleash them on corporations and governments. Cole, president of enterprise and government cyber consultancy Secure Anchor Consulting, discusses: Two of the most widely talked about threats in 2010, the ZeuS botnet and the Stuxnet worm. How you can fortify your defenses using the principles of Jujitsu to quickly identify your foes and neutralize them. How these principles can help you turn the motivations of your foes against them to achieve better security. How an integrated security information and event management (SIEM) and file integrity monitoring (FIM) solution can detect threats faster, find an attacker's footprints before a breach and seal off discovered weaknesses in real time through on demand remediation.
Recomendados
Recomendados
Más contenido relacionado
La actualidad más candente
La actualidad más candente (20)
Destacado
Destacado (11)
Similar a Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Similar a Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address. (20)
Más de Tripwire
Más de Tripwire (20)
Último
Último (20)
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
- 1. Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
- 3. Today’s Speaker Dr. Eric Cole Founder/President Secure Anchor Consulting LLC
- 4. You Can’t Stop Stupid -- Revisited Dr. Eric Cole Secure Anchor Consulting, LLC © 2010 Secure Anchor Consulting. All rights reserved.
- 5. Why Is This Happening? – People Phone Script Cyber Cyber Cyber Outsiders Phreakers Kiddies Crime Terror Warfare Low Risk + High Reward = Opportunity © 2010 Secure Anchor Consulting. All rights reserved.
- 6. Why Is This Happening? – Technology © 2010 Secure Anchor Consulting. All rights reserved.
- 7. What Is the Outlook? © 2010 Secure Anchor Consulting. All rights reserved.
- 8. Threat Landscape • 500% increase • 80% for $$ • 20% > malicious • 25K sample/day Malware Attacks © 2010 Secure Anchor Consulting. All rights reserved.
- 9. Threat Landscape • 1.5M sites/month • DNS attacks • Cross Site Scripting • Defacing Malware Web Attacks Attacks © 2010 Secure Anchor Consulting. All rights reserved.
- 10. Threat Landscape • 400K zombies a day • Conficker / Korea • Critical Infrastructure Malware Web DDOS Attacks Attacks Attacks © 2010 Secure Anchor Consulting. All rights reserved.
- 11. Threat Landscape • $1 trillion/year • Autorun.exe • USB & phones • Compliance Malware Web DDOS Data Attacks Attacks Attacks Attacks © 2010 Secure Anchor Consulting. All rights reserved.
- 12. Threat Landscape • Spam = malware • Up 10% a year • Spear phishing • New protocols Malware Web DDOS Data Email Attacks Attacks Attacks Attacks Attacks © 2010 Secure Anchor Consulting. All rights reserved.
- 13. Data Driven Threats 1997 End of 2007 Mid 2010 Vulnerabilities 440 28,500 34,100 Password Stealers 400 80,000 380,000 (Main variants) Potentially 1 24,000 26,000 Unwanted Programs Malware (families) 17,000 358,000 484,000 (DAT related) Malware (main variants) 18,000 (?) 586,000 2,700,000 Malware Zoo 30,000 (?) 5,800,000 16,300,000 (Collection) © 2010 Secure Anchor Consulting. All rights reserved.
- 14. While it is a hard problem, many attackers make mistakes • Leaving a footprint on the system • Trying to target and find key information • Making an outbound connection for command and control • Sending out sensitive information • Utilizing encryption to hide • Cutting edge or not so cutting edge • Running standard tools and techniques © 2010 Secure Anchor Consulting. All rights reserved.
- 15. Sophisticated – Yes and No Attackers have completed access to User receives email/IM internal systems with malicious link Back door is set up and connects to C&C servers User clicks on link Browser Binary disguised downloads/executes as an image is malicious javascript downloaded and executes
- 16. Cyber Jujitsu 101 • Know thy system by base lining your environment • Rapid base lining and continuous monitoring • It is 10pm, do you know where your data is? • Focus on outbound traffic • Firewall filtering • Dropped packets • Clipping levels • Understand the entry point for attack • It has and will always be about the user • While you cannot stop stupid, you can contain it © 2010 Secure Anchor Consulting. All rights reserved.
- 17. Trend 1: More focus on Data Correlation © 2010 Secure Anchor Consulting. All rights reserved.
- 18. Trend 2: Threat intelligence analysis will become more important © 2010 Secure Anchor Consulting. All rights reserved.
- 19. Trend 3: Endpoint security becomes foundation
- 20. Trend 4: Focusing in on proactive forensics instead of being reactive © 2010 Secure Anchor Consulting. All rights reserved.
- 21. Trend 5: Moving beyond signature detection © 2010 Secure Anchor Consulting. All rights reserved.
- 22. Must Make Better Use Of Existing Data “We consistently find that nearly 90% of the time logs are available but discovery [of breaches] via log analysis remains under 5% ” 2010
- 23. Raw Log Data Am I Secure? Is Policy Impacted? change event log event Events of Interest!
- 24. Example: Correlating Log & Change Events 5 failed logins Login successful Windows event log cleared Logging turned off Host not generating events Policy test fails
- 25. Tripwire VIA VISIBILITY INTELLIGENCE AUTOMATION Across the entire Enable better, Reduce manual, IT infrastructure faster decisions repetitive tasks 25
- 26. Tripwire VIA: IT Security & Compliance Automation Event Database Correlate to Correlate to Bad Changes Suspicious Events
- 27. THANK YOU! Dr. Eric Cole President Secure Anchor Consulting, LLC www.tripwire.com E-mail : drcole@secure- anchor.com
Notas del editor
- The War on Stupid – Dr. Eric ColeTee up your You Can’t Stop Stupid…presentation
- Call out some of the alarming data in that presentation that showed a growth in Malware, the misconception about Apple being impervious to attack, your Trends info + Cloud vulnerability/inevitabilityCommon mistakes and how to create a process for erasing them to achieve security (continuous configuration monitoring and remediation, Finding threats in log files, maintaining a militant patch management program, a layered security approach, etc.)
- The Dumbing Down of Cyber crime – Speak to the common believe that attackers are of a superior mind, discipline and technical acumen than those seeking to stop them; and that they’re all part of a Russian crime syndicate.Shine some light on the percentages of truly sophisticated attackers vs. sophisticated attacks by less skilled attackers (script kiddies using Zeus, etc.). a rapidly evolving cyber crime landscape that has the same behavior as an Enterprise/SMBHow can I cut costs and find the quickest way to revenue with the least amount of effort?What can I reuse/repurpose to achieve that goal?What weaknesses can companies/organizations leverage in this new model that we can exploit against attackers?
- CYBER JUJITSU 101 – What is it? A disciplined IT Security process and practice to defend yourself against and respond to cyber threats. (KNOW YOUR OPONENT>IDENTIFY WEAKNESSES>EXPLOIT THEM>NEUTRALIZE ATTACK>GROW REPUTATION AS A TOUGHER TARGET) Common attacker behavior, persona, motivationCyber Jujitsu 101 – Counter Moves to Even the Match UpCyber Jujitsu 101 – How to spot a precursor to an attack and an attack in progressCyber Jujitsu 101 – 5 Things Attackers are Doing that they don’t want you to know aboutCyber Jujitsu 101 – 5 Things you should do right after this webcast to be ready for a cyber criminal
- Over the last several years many organizations have put collection systems in place to meet PCI requirements. They put in log management and FIM along with other security tools. And they have been collecting a ton of data ever since. So they have plenty of data to meet compliance requirements. But the problem is they have too much data for it to be useful. And it is almost impossible to quickly know if any of the data is indicating a security issue. It’s like trying to find a single land-mine in a massive land-fill before it goes off and causes damage.
- This is really what you want to know. 5 failed logins on its own followed by a successful login is probably a medium to low alert. In fact, this is so common it’s contributing to SIEM overload. But, getting an unrelated alert for each one of these every step along the way won’t help. We think you need this context to see all of these happening in concert so you can quickly see these complicated patterns that impact security.