SlideShare una empresa de Scribd logo

New Horizons SCYBER Presentation

Descargar como PPTX, PDF
N
New Horizons Computer Learning Centers / 5PE

Overview of new SCYBER course

Educación
1 de 32
SCYBER Address an urgent need.
Today’s Agenda • State of Security Today • Solutions to the Problem • SCYBER • Key Differentiators • Course Details • Course Comparison
1994 2014 20 YEARS IN THE MAKING
AGENDA A GLOBAL CHALLENGE.
The global economy loses up to $1 trillion per year due to malicious cyber activity. COMPLEX PROBLEMS, REAL COSTS In 2013 alone, 552 million records were exposed due to data breaches. The annual cost to an individual business due to cyber crime can range from $1M to $52M, on average.
• Malicious traffic was visible on 100% of networks sampled • Nearly 70% of respondents have been identified as issuing DNS queries for DDNS • There is a need for visibility-driven, threat-focused, and platform-based security solutions • Before • During • After 2014 Cisco Midyear Security Report: Threat Intelligence & Industry Trends
THREAT INTELLIGENCE Method Threat Description Findings DDNS DDNS is used by adversaries since it allows botnets and other attack infrastructure to be resilient against detection. Nearly 70% of respondents issue DNS queries for DDNS. MiTB Palevo, SpyEye, and Zeus are malware families that incorporate MiTB functionality. DNS lookups for hosts compromised by them are considered a high threat. More than 90% of customer networks observed have traffic going to websites that host malware. Java Java’s extensive attack surface and high ROI make it a primary target for exploitation. Java exploits represented 93% of IOCs as of May 2014. Source(s): Cisco 2014 Midyear Security Report
MALWARE ENCOUNTERS BY VERTICAL Spending Priority Rank Media & Publishing 1 Pharmaceutical & Chemical 2 Aviation 3 Transportation & Shipping 4 Manufacturing 5 Insurance 6 Agriculture & Mining 7 Professional Services 8 Electronics 9 Food & Beverage 10 Retail & Wholesale 11 Utilities 12 Source(s): Cisco 2014 Midyear Security Report
• The business community is increasingly reliant on the use of data. • The need to secure critical data is paramount to day-to-day operations. • Regulations and penalties for security violations are increasing. THE CURRENT THREAT LANDSCAPE IS LIMITING BUSINESS GROWTH
• Security is becoming a bigger concern in the boardroom • Identifying the personal and professional liability in failing to secure networks • As cyber threats become part of the business landscape, more will put an emphasis on sound security practices • Organizations must align cyber security and business performance • Shift IT from facilitator to driver of business outcomes THE VIEW FROM THE TOP Source(s): EY, Beating Cybercrime (2013)
What measures are in place? SOLUTIONS TO THE PROBLEM Hardware Software People Process Hardware Software People Process Hardware Software People Process BEFORE DURING AFTER How are security events detected? What is the cleanup process?
• Nearly 1M unfilled jobs in the field • Critical in the SOC • Analyze network alerts and detect APTs • Characterize and analyze network traffic to identify anomalies and potential network resource threats • Perform event correlation analysis to determine the effectiveness of observed attacks • Key areas of competency • Ability to identify security incident as it happens • Experience in implementing appropriate plan of action quickly to minimize cost/damage HELP WANTED: SECURITY ANALYSTS
HOW TRAINING IS FALLING SHORT • Focused on building static defenses • No detection or response plan in place • Few paths to train IT personnel to recognize security risks and respond • Not enough hands-on practice to implement the theory being taught • No ability to practice responding to actual, real-life attacks on real-life equipment
SCYBER addresses this issue.
Designed to develop the skills necessary to proactively detect and combat cyber threats
4 Major Competencies 1. Monitor security events 2. Configure and tune security event detection and alarming 3. Analyze traffic for security threats 4. Respond appropriately to security incidents
5 Key Differentiators 1. System Agnostic 2. Lab-Heavy 3. Inside-Out vs. Outside-In 4. Ease of Entry 5. Understand the “Why?”
SYSTEM AGNOSTIC • Though training is provided by Cisco, course does not focus solely on Cisco products • Prepares students to operate a variety of systems • Can train security professionals to “guard the castle,” with no additional infrastructure investment
60% Of course time spent in a lab environment Monitor, analyze, and respond to actual cyber attacks
• Train your SOC staff • Cross-train your IT staff on how to recognize security incidents and how to work with the SOC team • Great starting point for IT staff looking to migrate to security Ease of Entry for Security Professionals
• Develops the skills necessary to effectively operate within an SOC • Process • Hardware • Software • Identify threats, but also understand why something is a threat Moving Beyond the “How”
SCYBER CCNA Sec. CCNP Sec. CCIE Sec. Security + CEH Pre-Req. N/A IINS/CCENT CCNA Sec./ CCIE N/A N/A N/A Experience 0-2 Years 0-2 Years 4-6 Years 7+ Years 2-3 Years 2+ Years Sample Job Security Analyst System Admin. Network Security Eng. Network Security Eng. System Admin. Ethical Hacker Focus Event Detection System Administration Building Infrastructure Management System Administration Penetration Testing Instruction 1 Week 2 Weeks 4 Weeks Varied 1 Week 1 Week Exam (s) 1 Exam 2 Exams 4 Exams 2 Exams 1 Exam 1 Exam DoD 8570 Pending Yes No No Yes Yes CERTIFICATION COMPARISON
SCYBER No Prerequisites Understanding of TCP/IP and a working knowledge of CCNA is highly recommendedTECHNICAL DETAILS Prepares students to take the Cyber Security Specialist Certification Exam 600-199 SCYBER ILT course covers 12 modules over 5 days
Day 1 Day 2 Day 3 Day 4 Day 5 Course Introduction Module 1: Attacker Methodology Module 3: Defender Tools Module 5: Network Log Analysis Module 7: Incidence Response & Preparation Module 8: Security Incident Detection Module 10: Mitigations & Best Practices Module 2: Defender Methodology Module 4: Packet Analysis Module 6: Baseline Network Operations Module 7: Incidence Response Preparation Module 8: Security Incident Detection Module 9: Investigations Module 11: Communication Module 12: Post-Event Activity Course Schedule AM PM
Cyber Attack Model OSI Model TCP/IP Model 7 6 5 4 3 2 1 Application Presentation Session Transport Network Data Link Physical Network Interface Application Transport Internet MITM (Intercept, Modify), DoS, RF (Jam, Replay) Session Hijacking and Spoofing (Intercept, Modify, Bypass Network Security), DoS Malware, OS, and Application level; Remote and Privilege Escalation exploits, Bots, Phishing RF, Fiber, Copper
IP Transport Cyber Attack Vectors Network and System Architecture - Centralized, Distributed, Redundant - Physical and Logical Transport Network - RF, Fiber, Copper Network Protocols - Routing, Switching, Redundancy - Apps, Client/Server Client/Server Architecture HW, SW, Apps, RDBMS - Open Source - Commercial Trust Relationships - Network Management and Network Devices - Billing, Middleware, Provisioning Common HW/SW configuration settings Transport Network Infrastructure Cyber Attack Tree Network Infrastructure Attack Vectors SNMP Community String Dictionary Attack with Spoofing to Download Router Switch Configuration Build New Router Configuration File to enable further privilege escation Upload New Configuration File Using Comprimised SNMP RW String UNIX NetMgt Server Running NIS v1 Ypcat -d <domain> <server IP> passwd Grab shadow file hashes Crack Passwords Access Server Directly Exploit ACL Trust Relationship Attack SNMPTelnetSSH Find NetMgt passwords and SNMP config files Discover Backup HW Configs Crack Passwords HP OpenView Server Enumerate Oracle TNS Listener to Identify Default SID’s Further Enumerate Oracle SID’s to Identify Default DBA System Level AcctsPasswords Login to Oracle DB with Discovered DBA Privilege Account Run Oracle SQL CMDs Execute OS CMDs Add New Privileged OS Account Crack Passwords Further Enumerate Oracle SID’s to Identify User Accts. Perform Dictionary Attack Execute OS CMDs from Oracle PL/SQL Attack Network from DB Run Oracle SQL CMDs Execute OS CMDs Find NetMgt Passwords, SNMP info, OS password files Network Mgt Application Attempt to Login Using Default LoginPassword Reconfigure Router or Switch MITM ARP Poisoning Sniffing Capture SNMP Community Strings and Unencrypted LoginPasswords, Protocol Passwords Configure Device for Further Privilege Escalation TelnetSSH Dictionary Attack RouterSwitches NetMgt Server Inject New Routes Or Bogus Protocol Packets Use New Privileged OS account to Escalate Privileged Access to Network Own Network Infrastructure Own Network Infrastructure Own Network Infrastructure Own Network Infrastructure Own Network Infrastructure Own Network Infrastructure Build New Router Configuration File to enable further privilege escation Attack Vectors - Deny, Disrupt, Delay, Intercept, Exploit Man in the Middle Attacks (MITM) Network Protocols IP Spoofing Apps/RDBMS/NetMgt Traffic Analysis
In-Band Network Management Network Management Protocols • SNMP • Telnet • HTTP/s - XML • TFTP • TL1 • SSH Users NOC Business and Network Management Traffic Uses Common Infrastructure Network Management Security • Access List • Firewalls • VPN • IDS/IPS • AAA • Trust levels Data Center Resources User VLANs VLAN Trunks Trust Model – Defines Security Posture - Network management features are vulnerabilities (provides configuration and access information) - Security policies define trust model - Users access - Customer access - Vendor/Mfg local/remote tech support access - NOC/Tech support staff - Secure visualization and instrumentation - Internal, Customer, Management operations in separate IP subnets/VLANs/PVCs, etc., over shared network infrastructure. - Log everything - 2-Factor authentication Management VLAN M M M M M M M M M Utilize MPLS VPNs and VRFs for Management Network
Prevalent Layer 2 Security Issues Routers Rogue Insider Crafted HSRP coup packet with higher priority • STP/BPDU • VTP • VLAN Hopping • ARP Poisoning • FHRP • Rogue DHCP Server • Horizontal and Vertical Pivoting Common Issues Suggested Remediation • BPDU and Root Guard • Secure VTP • Disable Dynamic Trunking • Dynamic ARP Inspection • Limit MACs per Port • Secure FHRP • DHCP Snooping, Disable DHCP Trust • PVLANs, VACLs, DHCP Option 82 • L2 NetFlow • Secure Information Flow Trust Relationships
Network Visualization and Instrumentation Whitelist the Network Trust Relationships Whitelist Trusted Information Flows in Monitoring
Q & A
THANK YOU

Recomendados

CISSP introduction 2016 Udemy Course
CISSP introduction 2016 Udemy CourseCISSP introduction 2016 Udemy Course
CISSP introduction 2016 Udemy CourseAdrian Mikeliunas
 
The Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsThe Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsDemetrio Milea
 
DTS Solution - Penetration Testing Services v1.0
DTS Solution - Penetration Testing Services v1.0DTS Solution - Penetration Testing Services v1.0
DTS Solution - Penetration Testing Services v1.0Shah Sheikh
 
The Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup StoryThe Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup StoryQuest
 
RSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APTRSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APTLee Wei Yeong
 
Talos threat-intelligence
Talos threat-intelligenceTalos threat-intelligence
Talos threat-intelligencexband
 
Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurAnticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurSkybox Security
 
How to Pass the CISSP Exam For the First Time
How to Pass the CISSP Exam For the First TimeHow to Pass the CISSP Exam For the First Time
How to Pass the CISSP Exam For the First TimeMercury Solutions Limited
 

Recomendados

CISSP introduction 2016 Udemy Course
CISSP introduction 2016 Udemy CourseCISSP introduction 2016 Udemy Course
CISSP introduction 2016 Udemy CourseAdrian Mikeliunas
 
The Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsThe Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsDemetrio Milea
 
DTS Solution - Penetration Testing Services v1.0
DTS Solution - Penetration Testing Services v1.0DTS Solution - Penetration Testing Services v1.0
DTS Solution - Penetration Testing Services v1.0Shah Sheikh
 
The Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup StoryThe Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup StoryQuest
 
RSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APTRSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APTLee Wei Yeong
 
Talos threat-intelligence
Talos threat-intelligenceTalos threat-intelligence
Talos threat-intelligencexband
 
Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurAnticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurSkybox Security
 
How to Pass the CISSP Exam For the First Time
How to Pass the CISSP Exam For the First TimeHow to Pass the CISSP Exam For the First Time
How to Pass the CISSP Exam For the First TimeMercury Solutions Limited
 
Ironport Data Loss Prevention
Ironport Data Loss PreventionIronport Data Loss Prevention
Ironport Data Loss Preventiondkaya
 
Slide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor ProgramSlide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor ProgramFRSecure
 
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Core Security
 
Slide Deck CISSP Class Session 5
Slide Deck CISSP Class Session 5Slide Deck CISSP Class Session 5
Slide Deck CISSP Class Session 5FRSecure
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionGISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionShah Sheikh
 
Data Center Server security
Data Center Server securityData Center Server security
Data Center Server securityxband
 
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk AdvisoryHow COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk AdvisoryCR Group
 
How to Prepare for the CISSP Exam
How to Prepare for the CISSP ExamHow to Prepare for the CISSP Exam
How to Prepare for the CISSP Examkoidis
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromPROIDEA
 
Solving ICS Cybersecurity Challenges in the Electric Industry
Solving ICS Cybersecurity Challenges in the Electric IndustrySolving ICS Cybersecurity Challenges in the Electric Industry
Solving ICS Cybersecurity Challenges in the Electric IndustryDragos, Inc.
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalMahmoud Yassin
 
Vulnerability Management – Opportunities and Challenges!
Vulnerability Management – Opportunities and Challenges!Vulnerability Management – Opportunities and Challenges!
Vulnerability Management – Opportunities and Challenges!Outpost24
 
Issa jason dablow
Issa jason dablowIssa jason dablow
Issa jason dablowISSA LA
 
Trisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS DefendersTrisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS DefendersDragos, Inc.
 
Cissp cbk final_exam-answers_v5.5
Cissp cbk final_exam-answers_v5.5Cissp cbk final_exam-answers_v5.5
Cissp cbk final_exam-answers_v5.5madunix
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementMayur Nanotkar
 
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...SaraPia5
 
Securing Electric Utility Infrastructure
Securing Electric Utility InfrastructureSecuring Electric Utility Infrastructure
Securing Electric Utility InfrastructureDragos, Inc.
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyVeriato
 
ICT and Cybersecurity for Lawyers August 2021
ICT and Cybersecurity for Lawyers August 2021ICT and Cybersecurity for Lawyers August 2021
ICT and Cybersecurity for Lawyers August 2021Doug Newdick
 
Starting your Career in Information Security
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information SecurityAhmed Sayed-
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 

Más contenido relacionado

La actualidad más candente

Ironport Data Loss Prevention
Ironport Data Loss PreventionIronport Data Loss Prevention
Ironport Data Loss Preventiondkaya
 
Slide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor ProgramSlide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor ProgramFRSecure
 
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Core Security
 
Slide Deck CISSP Class Session 5
Slide Deck CISSP Class Session 5Slide Deck CISSP Class Session 5
Slide Deck CISSP Class Session 5FRSecure
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionGISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionShah Sheikh
 
Data Center Server security
Data Center Server securityData Center Server security
Data Center Server securityxband
 
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk AdvisoryHow COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk AdvisoryCR Group
 
How to Prepare for the CISSP Exam
How to Prepare for the CISSP ExamHow to Prepare for the CISSP Exam
How to Prepare for the CISSP Examkoidis
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromPROIDEA
 
Solving ICS Cybersecurity Challenges in the Electric Industry
Solving ICS Cybersecurity Challenges in the Electric IndustrySolving ICS Cybersecurity Challenges in the Electric Industry
Solving ICS Cybersecurity Challenges in the Electric IndustryDragos, Inc.
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalMahmoud Yassin
 
Vulnerability Management – Opportunities and Challenges!
Vulnerability Management – Opportunities and Challenges!Vulnerability Management – Opportunities and Challenges!
Vulnerability Management – Opportunities and Challenges!Outpost24
 
Issa jason dablow
Issa jason dablowIssa jason dablow
Issa jason dablowISSA LA
 
Trisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS DefendersTrisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS DefendersDragos, Inc.
 
Cissp cbk final_exam-answers_v5.5
Cissp cbk final_exam-answers_v5.5Cissp cbk final_exam-answers_v5.5
Cissp cbk final_exam-answers_v5.5madunix
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementMayur Nanotkar
 
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...SaraPia5
 
Securing Electric Utility Infrastructure
Securing Electric Utility InfrastructureSecuring Electric Utility Infrastructure
Securing Electric Utility InfrastructureDragos, Inc.
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyVeriato
 
ICT and Cybersecurity for Lawyers August 2021
ICT and Cybersecurity for Lawyers August 2021ICT and Cybersecurity for Lawyers August 2021
ICT and Cybersecurity for Lawyers August 2021Doug Newdick
 

La actualidad más candente (20)

Ironport Data Loss Prevention
Ironport Data Loss PreventionIronport Data Loss Prevention
Ironport Data Loss Prevention
 
Slide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor ProgramSlide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor Program
 
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
 
Slide Deck CISSP Class Session 5
Slide Deck CISSP Class Session 5Slide Deck CISSP Class Session 5
Slide Deck CISSP Class Session 5
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionGISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
 
Data Center Server security
Data Center Server securityData Center Server security
Data Center Server security
 
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk AdvisoryHow COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
 
How to Prepare for the CISSP Exam
How to Prepare for the CISSP ExamHow to Prepare for the CISSP Exam
How to Prepare for the CISSP Exam
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin Nystrom
 
Solving ICS Cybersecurity Challenges in the Electric Industry
Solving ICS Cybersecurity Challenges in the Electric IndustrySolving ICS Cybersecurity Challenges in the Electric Industry
Solving ICS Cybersecurity Challenges in the Electric Industry
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat Landscapefinal
 
Vulnerability Management – Opportunities and Challenges!
Vulnerability Management – Opportunities and Challenges!Vulnerability Management – Opportunities and Challenges!
Vulnerability Management – Opportunities and Challenges!
 
Issa jason dablow
Issa jason dablowIssa jason dablow
Issa jason dablow
 
Trisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS DefendersTrisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS Defenders
 
Cissp cbk final_exam-answers_v5.5
Cissp cbk final_exam-answers_v5.5Cissp cbk final_exam-answers_v5.5
Cissp cbk final_exam-answers_v5.5
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security Management
 
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
 
Securing Electric Utility Infrastructure
Securing Electric Utility InfrastructureSecuring Electric Utility Infrastructure
Securing Electric Utility Infrastructure
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your Company
 
ICT and Cybersecurity for Lawyers August 2021
ICT and Cybersecurity for Lawyers August 2021ICT and Cybersecurity for Lawyers August 2021
ICT and Cybersecurity for Lawyers August 2021
 

Similar a New Horizons SCYBER Presentation

Starting your Career in Information Security
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information SecurityAhmed Sayed-
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032PECB
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksAngeloluca Barba
 
Securing Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsSecuring Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsAdrian Sanabria
 
00. introduction to app sec v3
00. introduction to app sec v300. introduction to app sec v3
00. introduction to app sec v3Eoin Keary
 
Lucideus Certified Cyber Security Analyst
Lucideus Certified Cyber Security Analyst Lucideus Certified Cyber Security Analyst
Lucideus Certified Cyber Security Analyst Lucideus Tech
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataPrecisely
 
Modern vs. Traditional SIEM
Modern vs. Traditional SIEM Modern vs. Traditional SIEM
Modern vs. Traditional SIEM Alert Logic
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security IntelligenceSplunk
 
CSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the CloudCSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the CloudAlert Logic
 
Cyber security event
Cyber security eventCyber security event
Cyber security eventTryzens
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the CloudAlert Logic
 
Managed security services
Managed security servicesManaged security services
Managed security servicesmanoharparakh
 
CSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the CloudCSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the CloudAlert Logic
 
Future-proofing Supply Chain against emerging Cyber-physical Threats
Future-proofing Supply Chain against emerging Cyber-physical ThreatsFuture-proofing Supply Chain against emerging Cyber-physical Threats
Future-proofing Supply Chain against emerging Cyber-physical ThreatsSteven SIM Kok Leong
 

Similar a New Horizons SCYBER Presentation (20)

Starting your Career in Information Security
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information Security
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032
 
Cybersecurity update 12
Cybersecurity update 12Cybersecurity update 12
Cybersecurity update 12
 
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SCCyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
 
MID_SIEM_Boubker_EN
MID_SIEM_Boubker_ENMID_SIEM_Boubker_EN
MID_SIEM_Boubker_EN
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
 
Securing Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsSecuring Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These Years
 
00. introduction to app sec v3
00. introduction to app sec v300. introduction to app sec v3
00. introduction to app sec v3
 
Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterprise
 
Lucideus Certified Cyber Security Analyst
Lucideus Certified Cyber Security Analyst Lucideus Certified Cyber Security Analyst
Lucideus Certified Cyber Security Analyst
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
 
Modern vs. Traditional SIEM
Modern vs. Traditional SIEM Modern vs. Traditional SIEM
Modern vs. Traditional SIEM
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
 
CSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the CloudCSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the Cloud
 
Cyber security event
Cyber security eventCyber security event
Cyber security event
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 
Managed security services
Managed security servicesManaged security services
Managed security services
 
CSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the CloudCSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the Cloud
 
Future-proofing Supply Chain against emerging Cyber-physical Threats
Future-proofing Supply Chain against emerging Cyber-physical ThreatsFuture-proofing Supply Chain against emerging Cyber-physical Threats
Future-proofing Supply Chain against emerging Cyber-physical Threats
 

Último

Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024Janet Corral
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...PsychoTech Services
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...fonyou31
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingTeacherCyreneCayanan
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 

Último (20)

Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 

New Horizons SCYBER Presentation

  • 2. Today’s Agenda • State of Security Today • Solutions to the Problem • SCYBER • Key Differentiators • Course Details • Course Comparison
  • 5. The global economy loses up to $1 trillion per year due to malicious cyber activity. COMPLEX PROBLEMS, REAL COSTS In 2013 alone, 552 million records were exposed due to data breaches. The annual cost to an individual business due to cyber crime can range from $1M to $52M, on average.
  • 6. • Malicious traffic was visible on 100% of networks sampled • Nearly 70% of respondents have been identified as issuing DNS queries for DDNS • There is a need for visibility-driven, threat-focused, and platform-based security solutions • Before • During • After 2014 Cisco Midyear Security Report: Threat Intelligence & Industry Trends
  • 7. THREAT INTELLIGENCE Method Threat Description Findings DDNS DDNS is used by adversaries since it allows botnets and other attack infrastructure to be resilient against detection. Nearly 70% of respondents issue DNS queries for DDNS. MiTB Palevo, SpyEye, and Zeus are malware families that incorporate MiTB functionality. DNS lookups for hosts compromised by them are considered a high threat. More than 90% of customer networks observed have traffic going to websites that host malware. Java Java’s extensive attack surface and high ROI make it a primary target for exploitation. Java exploits represented 93% of IOCs as of May 2014. Source(s): Cisco 2014 Midyear Security Report
  • 8. MALWARE ENCOUNTERS BY VERTICAL Spending Priority Rank Media & Publishing 1 Pharmaceutical & Chemical 2 Aviation 3 Transportation & Shipping 4 Manufacturing 5 Insurance 6 Agriculture & Mining 7 Professional Services 8 Electronics 9 Food & Beverage 10 Retail & Wholesale 11 Utilities 12 Source(s): Cisco 2014 Midyear Security Report
  • 9. • The business community is increasingly reliant on the use of data. • The need to secure critical data is paramount to day-to-day operations. • Regulations and penalties for security violations are increasing. THE CURRENT THREAT LANDSCAPE IS LIMITING BUSINESS GROWTH
  • 10. • Security is becoming a bigger concern in the boardroom • Identifying the personal and professional liability in failing to secure networks • As cyber threats become part of the business landscape, more will put an emphasis on sound security practices • Organizations must align cyber security and business performance • Shift IT from facilitator to driver of business outcomes THE VIEW FROM THE TOP Source(s): EY, Beating Cybercrime (2013)
  • 11. What measures are in place? SOLUTIONS TO THE PROBLEM Hardware Software People Process Hardware Software People Process Hardware Software People Process BEFORE DURING AFTER How are security events detected? What is the cleanup process?
  • 12. • Nearly 1M unfilled jobs in the field • Critical in the SOC • Analyze network alerts and detect APTs • Characterize and analyze network traffic to identify anomalies and potential network resource threats • Perform event correlation analysis to determine the effectiveness of observed attacks • Key areas of competency • Ability to identify security incident as it happens • Experience in implementing appropriate plan of action quickly to minimize cost/damage HELP WANTED: SECURITY ANALYSTS
  • 13. HOW TRAINING IS FALLING SHORT • Focused on building static defenses • No detection or response plan in place • Few paths to train IT personnel to recognize security risks and respond • Not enough hands-on practice to implement the theory being taught • No ability to practice responding to actual, real-life attacks on real-life equipment
  • 15. Designed to develop the skills necessary to proactively detect and combat cyber threats
  • 16. 4 Major Competencies 1. Monitor security events 2. Configure and tune security event detection and alarming 3. Analyze traffic for security threats 4. Respond appropriately to security incidents
  • 17. 5 Key Differentiators 1. System Agnostic 2. Lab-Heavy 3. Inside-Out vs. Outside-In 4. Ease of Entry 5. Understand the “Why?”
  • 18. SYSTEM AGNOSTIC • Though training is provided by Cisco, course does not focus solely on Cisco products • Prepares students to operate a variety of systems • Can train security professionals to “guard the castle,” with no additional infrastructure investment
  • 19. 60% Of course time spent in a lab environment Monitor, analyze, and respond to actual cyber attacks
  • 20.
  • 21. • Train your SOC staff • Cross-train your IT staff on how to recognize security incidents and how to work with the SOC team • Great starting point for IT staff looking to migrate to security Ease of Entry for Security Professionals
  • 22. • Develops the skills necessary to effectively operate within an SOC • Process • Hardware • Software • Identify threats, but also understand why something is a threat Moving Beyond the “How”
  • 23. SCYBER CCNA Sec. CCNP Sec. CCIE Sec. Security + CEH Pre-Req. N/A IINS/CCENT CCNA Sec./ CCIE N/A N/A N/A Experience 0-2 Years 0-2 Years 4-6 Years 7+ Years 2-3 Years 2+ Years Sample Job Security Analyst System Admin. Network Security Eng. Network Security Eng. System Admin. Ethical Hacker Focus Event Detection System Administration Building Infrastructure Management System Administration Penetration Testing Instruction 1 Week 2 Weeks 4 Weeks Varied 1 Week 1 Week Exam (s) 1 Exam 2 Exams 4 Exams 2 Exams 1 Exam 1 Exam DoD 8570 Pending Yes No No Yes Yes CERTIFICATION COMPARISON
  • 24. SCYBER No Prerequisites Understanding of TCP/IP and a working knowledge of CCNA is highly recommendedTECHNICAL DETAILS Prepares students to take the Cyber Security Specialist Certification Exam 600-199 SCYBER ILT course covers 12 modules over 5 days
  • 25. Day 1 Day 2 Day 3 Day 4 Day 5 Course Introduction Module 1: Attacker Methodology Module 3: Defender Tools Module 5: Network Log Analysis Module 7: Incidence Response & Preparation Module 8: Security Incident Detection Module 10: Mitigations & Best Practices Module 2: Defender Methodology Module 4: Packet Analysis Module 6: Baseline Network Operations Module 7: Incidence Response Preparation Module 8: Security Incident Detection Module 9: Investigations Module 11: Communication Module 12: Post-Event Activity Course Schedule AM PM
  • 26. Cyber Attack Model OSI Model TCP/IP Model 7 6 5 4 3 2 1 Application Presentation Session Transport Network Data Link Physical Network Interface Application Transport Internet MITM (Intercept, Modify), DoS, RF (Jam, Replay) Session Hijacking and Spoofing (Intercept, Modify, Bypass Network Security), DoS Malware, OS, and Application level; Remote and Privilege Escalation exploits, Bots, Phishing RF, Fiber, Copper
  • 27. IP Transport Cyber Attack Vectors Network and System Architecture - Centralized, Distributed, Redundant - Physical and Logical Transport Network - RF, Fiber, Copper Network Protocols - Routing, Switching, Redundancy - Apps, Client/Server Client/Server Architecture HW, SW, Apps, RDBMS - Open Source - Commercial Trust Relationships - Network Management and Network Devices - Billing, Middleware, Provisioning Common HW/SW configuration settings Transport Network Infrastructure Cyber Attack Tree Network Infrastructure Attack Vectors SNMP Community String Dictionary Attack with Spoofing to Download Router Switch Configuration Build New Router Configuration File to enable further privilege escation Upload New Configuration File Using Comprimised SNMP RW String UNIX NetMgt Server Running NIS v1 Ypcat -d <domain> <server IP> passwd Grab shadow file hashes Crack Passwords Access Server Directly Exploit ACL Trust Relationship Attack SNMPTelnetSSH Find NetMgt passwords and SNMP config files Discover Backup HW Configs Crack Passwords HP OpenView Server Enumerate Oracle TNS Listener to Identify Default SID’s Further Enumerate Oracle SID’s to Identify Default DBA System Level AcctsPasswords Login to Oracle DB with Discovered DBA Privilege Account Run Oracle SQL CMDs Execute OS CMDs Add New Privileged OS Account Crack Passwords Further Enumerate Oracle SID’s to Identify User Accts. Perform Dictionary Attack Execute OS CMDs from Oracle PL/SQL Attack Network from DB Run Oracle SQL CMDs Execute OS CMDs Find NetMgt Passwords, SNMP info, OS password files Network Mgt Application Attempt to Login Using Default LoginPassword Reconfigure Router or Switch MITM ARP Poisoning Sniffing Capture SNMP Community Strings and Unencrypted LoginPasswords, Protocol Passwords Configure Device for Further Privilege Escalation TelnetSSH Dictionary Attack RouterSwitches NetMgt Server Inject New Routes Or Bogus Protocol Packets Use New Privileged OS account to Escalate Privileged Access to Network Own Network Infrastructure Own Network Infrastructure Own Network Infrastructure Own Network Infrastructure Own Network Infrastructure Own Network Infrastructure Build New Router Configuration File to enable further privilege escation Attack Vectors - Deny, Disrupt, Delay, Intercept, Exploit Man in the Middle Attacks (MITM) Network Protocols IP Spoofing Apps/RDBMS/NetMgt Traffic Analysis
  • 28. In-Band Network Management Network Management Protocols • SNMP • Telnet • HTTP/s - XML • TFTP • TL1 • SSH Users NOC Business and Network Management Traffic Uses Common Infrastructure Network Management Security • Access List • Firewalls • VPN • IDS/IPS • AAA • Trust levels Data Center Resources User VLANs VLAN Trunks Trust Model – Defines Security Posture - Network management features are vulnerabilities (provides configuration and access information) - Security policies define trust model - Users access - Customer access - Vendor/Mfg local/remote tech support access - NOC/Tech support staff - Secure visualization and instrumentation - Internal, Customer, Management operations in separate IP subnets/VLANs/PVCs, etc., over shared network infrastructure. - Log everything - 2-Factor authentication Management VLAN M M M M M M M M M Utilize MPLS VPNs and VRFs for Management Network
  • 29. Prevalent Layer 2 Security Issues Routers Rogue Insider Crafted HSRP coup packet with higher priority • STP/BPDU • VTP • VLAN Hopping • ARP Poisoning • FHRP • Rogue DHCP Server • Horizontal and Vertical Pivoting Common Issues Suggested Remediation • BPDU and Root Guard • Secure VTP • Disable Dynamic Trunking • Dynamic ARP Inspection • Limit MACs per Port • Secure FHRP • DHCP Snooping, Disable DHCP Trust • PVLANs, VACLs, DHCP Option 82 • L2 NetFlow • Secure Information Flow Trust Relationships
  • 30. Network Visualization and Instrumentation Whitelist the Network Trust Relationships Whitelist Trusted Information Flows in Monitoring
  • 31. Q & A

Notas del editor

  1. Though this problem has been present, in one form or another, since the early 1900s, modern hacking methods have exploited holes in our IT infrastructure over the last 20 years or so Since the dawn of the computer age, cyber criminals have sought disrupt business Early on this was a singular problem Connectivity between systems was limited, and data was not shared between systems the way we see today With the introduction of the WWW, a shift in the strategies utilized by cyber criminals began to take hold Singular issues had the potential to become systematic, and governments programs, businesses and individuals were increasingly exposed to the threat of cyber crime This issue has only gotten worse since the dawn of mobile technology and cloud computing Today, no matter who you are or where you reside, there is a high chance of being effected by cyber crime These activities have a real cost to the institutions we really on on a daily basis, and pose one of the most serious threats to national security and the economy we see today
  2. HSBC: On 11/1/2013 an employee with authorization to access account information stole an undisclosed number of records with the intent of misusing the data Facebook: Facebook has been the victim of numerous attacks. Most recently 2 million usernames and passwords from a number of sites (the most effected being FB) were stolen as a result of malware. Japan Airlines: Up to 750,000 records were stolen as a result of a computer security breach. European Central Bank: The ECB fell victim to a blackmail scheme in which around 20,000 email addresses were stolen. The ECB refused to comply with the hacker’s demands. Verizon: Verizon has been the victim of a number of security breaches, both from individual actors and government entities. The most shocking of these was the revelation that the use of a femtocell ($250). This device allows third-parties to track voicemails and text messages of users within 40 feet of a unit. Verizon has since patched the vulnerability. Adobe: 150 million records were accessed as a result of a breach of Adobe’s customer database. The data included usernames, passwords, emails and financial info (of both active and inactive accounts). Sony: Sony has fell victim to a number of breaches. The largest, the 2011 PlayStation Network breach, exposed over 100 million user accounts. There have been a number since then. Sony has been seen as a target by hacking groups since they pressed charges against George Hotz, a 20-year old hacker who reversed engineered Sony’s PS3 so it could run third party apps. Fuji: The arrest of an alleged hacker led to the discovery that a breach had occurred at Fuji-Xerox Singapore. The incident exposed the bank statements of 647 of Standard Chartered’s richest clients. DLR: A foreign intelligence service was able to access the computers of scientists and system administrators at the German Aerospace Center via a APT (advanced persistent threat) attack.
  3. These crimes have serious consequences to both businesses and individuals In 2013 alone, 552 million individual records were exposed due to data breaches That nearly a quarter of all internet users The global economy is adversely effected by malicious cyber activity to the tune of $1 Trillion per year The median cyber security incident costs individual businesses anywhere from $1 Million to $52 Million dollars Imagine what a business could do with those resources
  4. There is projected to be approximately 1,000,000 unfilled cyber security jobs worldwide This skills gap poses a serious risk to businesses Something the business community recognizes, as nearly 70% of US business execs fear cyber crime will hamper the growth of their business Cyber crime has a real affect on businesses The average cyber attack costs an organization over $17,000 per day On average, an attack persists for 42 days before it is identified
  5. Cyber crime is a severe problem in EMEA Advanced Persistent Threats (APTs) are one the more prevalent methods used by hackers to access information Allows access to a network over a long period of time Intention to steal data (vs. cause damage) Often target “high value” industries (government, banking, etc.) The UK, Germany and Saudi Arabia tend to be the most heavily effected by these costly breaches
  6. Security has traditionally not been a focus of corporate executives Much more concerned with driving sales and revenues, and creating efficiencies within the IT system This is shifting, though security still lags behind emerging technologies in terms of the investment consideration at the CIO level These separate initiatives need to go hand-in-hand Emerging technologies (IoT, cloud computing, etc.) should reinforce the need for further investment in cyber security spending
  7. The business community is becoming increasingly reliant on the use of data analytics IT shifting to a driver of business outcomes The need to secure critical data is paramount to day-to-day operations Potential vulnerabilities increasing as a result of new technology (i.e. IoT) BYOD device increases complexity of securing networks Regulations and penalties for security violations are increasing Rapidly evolving privacy regulations, banking/finance regulations, etc. Cost of stolen services and intellectual property Cost of sabotage
  8. APT attacks increased 50% in EMEA for the first half of 2014 Primary industries targeted: Governemnt Finance Telecom Energy Firms in the UK tend to lag behind the rest of EMEA, and the world, in their ability to identify cyber attacks quickly
  9. There are no “easy fixes” to secure your network It’s a combination of HW/SW, people and process Organizations must have a strong plan in place What measures are in place? How are security events detected? What is the cleanup process after an attack? Training can play an important role in securing networks Target attack, where human error led to significant data/financial loss No matter how much you invest in HW/SW, no matter how good your process is, under skilled security teams are a liability
  10. There is projected to be approximately 1,000,000 unfilled cyber security jobs worldwide This problem is multifaceted, but has been accelerated by the movement of IT jobs overseas throughout the 1990s and early 2000s Many countries do not have the knowledge base to deal with this issue Cyber security analysts are critical to the operation of the SOC “Guarding the Castle” to protect against outside threats Analyze network traffic to identify anomalies
  11. There is a disconnect between the way we approach training IT professionals and they way they’ll be required to effectively function in the field Traditional cyber security courseware has focused on the theory of how systems function and communicate, and focuses on how hackers infiltrate systems Brand name training programs have typically been tied to specific systems and IT platforms The need for specialize, brand name training across a variety of systems As was mentioned earlier, cyber security professionals are generally equipped with a skill set bent towards preventing attacks One of the most critical components of an effective cyber security strategy is detection, so this is a general blind spot in the industry The Target breach, for example, could have been prevented had analysts recognized the threats alerts generated by the malware detection system put in place IT security SYSTEMS tend to work well, it’s individual analysts that often drop the ball
  12. Speak to the reasoning behind SCYBER’s development Tie back to “current state” slides from earlier
  13. Speak to the competencies SCYBER looks to validate Tie into the job role of a cyber security analyst
  14. One of the key differentiators of the SCYBER program is that it is system agnostic SCYBER delivers the benefits of a system agnostic course paired with the Cisco brand name Easily recognizable by CIOs and end users Students are exposed to a variety of threats across platforms and focus on general practices as opposed to those only pertaining to Cisco systems Allows students more flexibility in their career path, something that will drive demand for training versus other products Whether Juniper, HP, IBM or any number of any Cisco competitors, this course will equip students with the skills necessary to effectively manage cyber attacks in real time
  15. Where many courses are primarily based in theory, SCYBER immerses students in the world of a Cyber Security Analyst The course itself is 60% lab based, with instructors launching actual cyber attacks, in real time Students who complete the training will have developed the skills necessary to monitor, analyze, and respond to actual cyber attacks in the private and public sectors In particular, labs focus on event monitoring, security event and alarm tuning, traffic analysis, and incidence response
  16. When an IT system is infiltrated, time is of the essence Looking from the “Outside-In” doesn’t prepare professionals to act quickly to identify attacks Rather focus on preventing them in the first place We’ve discussed that it is no longer a question of if, but when malicious cyber activity will occur This increases the emphasis on the timely identification of a system breach Under such a scenario, each day that goes by could cost a business millions in losses, not to mention the corruption of valuable data, and lost customers SCYER puts the focus on “Guarding the Castle” to ensure that when a system is breached, the damage, both to the business itself and consumers, is minimized
  17. Many cyber security training courses require years of experience in order to sit for an exam SCYBER has recommended that students possess a minimum of two years IT experience in order to take the course This breaks a barrier for entry often seen in the cyber security filed, where qualified individuals are left out due to barriers to entry in the marketplace This goes back to the job shortage we discussed earlier, and provides a solution both businesses seeking qualified cyber security professionals
  18. Many cyber security training courses require years of experience in order to sit for an exam SCYBER has recommended that students possess a minimum of two years IT experience in order to take the course This breaks a barrier for entry often seen in the cyber security filed, where qualified individuals are left out due to barriers to entry in the marketplace This goes back to the job shortage we discussed earlier, and provides a solution both businesses seeking qualified cyber security professionals
  19. Now on to some technical details regarding SCYBER As was mentioned, there are no set prerequisite for the course, though it is recommended that potential students have at minimum two years experience in the field Students need to possess a basic understanding of Transmission Control and Internet Protocol Additionally, it’s recommended students have a working knowledge of CCNA Security SCYBER is a classroom based course, with 11 modules covered in the span of 5 days Module 1: Course Introduction: Overview of Network Security and Operations Module 2: Network and Security Operations Data Analysis Module 3: Packet Analysis Module 4: Network Log Analysis Module 5: Baseline Network Operations Module 6: Preparing for Security Incidents Module 7: Detecting Security Incidents Module 8: Investigating Security Incidents Module 9: Reacting to an Incident Module 10: Communicating Incidents Effectively Module 11: Postevent Activity This course prepares students to take the Cyber Security Specialist Certification Exam There are semi-annual recertification requirements, the details of which can be made available