SlideShare ist ein Scribd-Unternehmen logo

Collaborative Defence

‱
‱
L
Lilian Schaffer
TechnologieNews & Politik
1 von 8
Downloaden Sie, um offline zu lesen
Business white paper Collaborative defense
Business white paper | Collaborative defense Table of contents 3 Our adversaries are collaborating 3 The five stages of a cyber attack 4 There is no longer a single enemy 4 A bigger picture 5 Protecting your data through collaboration 5 Experience to build upon 6 Challenges to collaboration 6 Example: What to share and how? 7 Enabling the solution 7 Conclusion 8 A Security Research foundation
Discovery Cyber attack life cycle Research Our enterprise Their ecosystem Capture Exfiltration Infiltration 3 Our adversaries are collaborating Today’s dynamic threat landscape requires that enterprises be more vigilant than ever when it comes to protecting sensitive data and information resources. The evolving nature of threats is a top security challenge that organizations face, and targeted attacks are on the rise. Cyber attacks are increasingly more sophisticated and organized. Adversaries specialize in different aspects of an attack and collaborate to achieve their objectives. In light of these advancements, current detection and response capabilities are inadequate and regular headlines about successful attacks demonstrate the impact on businesses. A notable example is the $45M ATM heist that spanned 2012-2013. USA Today reported on May 10, 2013 that an international gang of cyber thieves stole $45 million from thousands of ATMs with a carefully coordinated operation conducted in a matter of hours. There were two separate attacks on two different Indian credit card companies and two different Middle Eastern banks. In December, attackers stole $5M and in February, they snatched $40M in 10 hours using thousands of transactions. If the first bank had informed their peers, perhaps the second, larger theft could have been prevented. To combat collaborative attackers, enterprises must also collaborate to create a united defense. To understand how, let’s first look at the stages of a cyber attack. The five stages of a cyber attack There are distinct phases of a cyber attack. It’s important to understand that these stages may not always happen in a linear flow—some stages may occur at the same time or even repeat multiple times. The attack life cycle represents how far along an adversary has progressed in the attack and gauges the damage that has occurred. Business white paper | Collaborative defense
4 Business white paper | Collaborative defense 1. Research: Research drives the identification and selection of targets. The goal is to gather the necessary information to penetrate network and perimeter defenses in an undetected manner. 2. Infiltration: Infiltration is the act of placing a malicious payload into a delivery vehicle and delivering the weaponized bundle to the target environment. Adversaries often target vulnerable software systems at this phase and will attempt to clear any evidence of malicious activity. 3. Discovery: Once inside the enterprise, adversaries probe to identify intellectual property, sensitive data, or other targeted assets. When found, the adversary plans the necessary steps to take control of, or capture, the assets. 4. Capture: Until this phase, adversaries may have gained access to a broad range of systems and identified assets to target for exfiltration. In the capture phase, adversaries capture the assets and prepare the asset for exfiltration. 5. Exfiltration: The exfiltration phase involves shuttling the captured assets outside of the victim organization and typically marks the successful completion of a breach. There is no longer a single enemy Today, many actors specialize in narrow abilities related to different phases of the attack. Threat actors planning large operations combine the abilities of multiple specialized groups to achieve their goals, which effectively creates an ecosystem governed by market forces. This ecosystem is efficient at creating, sharing, and acting upon its security intelligence—utilizing sophisticated exploits and malware in long-term, multi-stage attack campaigns that target specific organizations. By combining a multitude of technical capabilities from different specialists, adversaries lead advanced attacks that are difficult, if not nearly impossible to detect. These adversaries pose more than a singular threat—they have developed into a marketplace. A bigger picture The marketplace adversary demonstrates persistence—with a larger strategic goal than any individual. The marketplace adversary is not deterred by early failures and there is a high probability that they will attack the same target repeatedly, utilizing diverse techniques, until they succeed. If the adversary is discovered, they will regroup and try again. A study conducted by Sathya Chandran Sundaramurthy and Sandeep Bhatt of HP Labs in Princeton, NJ, together with Marc Eisenbarth of HP TippingPoint, analyzed data from over 35 billion alerts recorded over a 5 year period by HP TippingPoint Intrusion Prevention System (IPS) devices located in over 1,000 customer networks worldwide. The collective data provides a rich view into the nature of attacks, both external and internal, across diverse networks. It reveals that the majority of customers were initial targets of less than 10 attacks, while three customers were early targets of over 100 attacks. These repeated, persistent attacks, suggest that is useful to share information useful to share information about early attack sightings with other organizations so they can determine their risk and any potential mitigations. (ACM Badgers 2012, Examining intrusion prevention system events from worldwide networks) An adversary may attempt to use a common exploit to compromise a target system making it possible to connect past attacks conducted by the same adversary. For instance, different proxies might be used to launch an attack, but with the same weaponized exploit payload. These seldom-changing properties of attacks help define the adversary’s behavioral profile. It’s recognizing and detecting these techniques that expedites the discovery of additional attacks.
5 Business white paper | Collaborative defense Protecting your data through collaboration In order to counter attacks from marketplace adversaries, government agencies and private organizations must learn from the adversaries and collaborate by sharing security intelligence. Organizations must be able to respond quickly and effectively in order to beat the adversaries at their own game. For this to be feasible at scale, the industry needs a system that allows organizations to collaborate and share threat intelligence information in a secure, confidential, and timely manner. Open collaboration can help organizations in a community avoid falling victim to attacks other community members have already experienced. In addition to details of an attack, a platform for sharing intelligence can be used to distribute the effort of analyzing evidence and sharing mitigations once they are developed. In some cases, better security intelligence can also be gleaned by combining data from various organizations that cannot be derived from any individual organization. However, it is not enough to simply share information. The key to effective collaboration is increased focus on risk management and incident response. Organizations who participate in the community must be clear about the expected outcomes and create a culture that promotes rapid, comprehensive information sharing. Doing so requires that organizations establish a climate where victims of cyber attack are confident to share details of the attacks against them. Sharing information and collaborating between organizations is possible—and has been shown to be highly effective. Experience to build upon Two examples of organizations that have been successful at facilitating defensive collaboration include the Financial Services Information Sharing and Analysis Center (FS-ISAC) and the Information Technology-Information Sharing and Analysis Center (IT-ISAC). There are several ISAC organizations, aligned by industries to help defend against threats. Members must be vetted to participate. The ISAC organizations understand that when an attack occurs, an early warning can be the difference between business continuity and catastrophe. In the case of a threat, members of these groups are given information that is specifically designed to help protect critical systems and assets from physical and cyber security threats. In addition, these groups have specialized forums dedicated to risk management for participating firms. Members participate in collaboration efforts to strengthen the IT infrastructure through cyber information sharing and analysis. Collaboration helps their members improve incident response. These groups demonstrate some of the most recent examples of successful collaboration yet they still do not solve the problem. Much of the information exchange remains a manual effort. HP’s Zero Day Initiative, or ZDI, is another example of information sharing with a goal of helping companies identify threats early in order to block malicious traffic that may take advantage of new vulnerabilities. Launched in 2005, ZDI’s purpose is to augment HP DVLabs research with the additional zero day research from external researchers by offering financial rewards for submitting novel, verifiable vulnerabilities. While the ZDI team works with the impacted vendor to develop a patch, customers are protected by filters that, when possible, protect against the vulnerability. The manner in which the ZDI filters are developed minimizes the chance that adversaries will discover the details of the vulnerability before a patch is released while maximizing the protection provided to the community. While highly effective, ZDI filters only benefit HP TippingPoint customers.
6 Business white paper | Collaborative defense The benefits of sharing intelligence are widely recognized, but the practice has been ad hoc in terms of both the content shared (‘focused narrowly on a few security indicators) and the means by which the content is shared (generated and consumed manually via email and web forums). Because of this, follow-on actions for the recipients of new intelligence are often unclear as are guidelines for what can be shared with whom and when. These concerns often make organizations unwilling to participate in information sharing. Threat feeds can be difficult to interpret and digest and the volume can be overwhelming. As security standards evolve and concerns grow about the instability of critical infrastructures, there is a strong push to develop a trusted framework for exchanging security intelligence. Challenges to collaboration Sharing security intelligence raises a number of important questions - for instance: What type of data will be shared and what will remain outside the scope of the exchange? Where and how will information be generated and consumed by participating organizations? How will the data be represented, stored, searched, and analyzed? How trustworthy are the results? Example: What to share and how? Consider the case of a spear phishing email. In a classic spear-phishing attack, the victim might receive an seemingly legitimate email that includes a malicious attachment or that directs the victim to a malicious webpage in a guise to learn logon credentials or to utilize a browser exploit to download malware to the victim’s computer. Spear-phishing webpages often resemble authentic pages on the victim’s corporate intranet or externally hosted sites intended for legitimate activities (reviewing health insurance, employee benefits, etc.). In these cases, it can be difficult to distinguish between legitimate links and malicious copies. With proper security awareness training, the recipient may find the email suspicious and forward the email to a security analyst to investigate. The analyst determines that this is a new phishing attempt and it would be useful for other organizations to be aware of this attack. What information should the analyst share and how? There are several subtleties involved in this example. Simply sharing the threatening email is not enough. An analyst examining the mail will perform several actions, such as: 1. Look at the source IP address and determine the owner to see if the address is the origin of any previous attacks. 2. Check to see if there are any hyperlinks in the message text and, if there are, see if the target of the link is a known bad or suspicious domain. 3. Examine all attachments to see if these contain any hidden malware or executables. 4. Consider the text of the email to see what information is being requested, and whether the name of the sender matches the sender’s legitimate email address. It is likely that the majority of the information gleaned by the analyst could be extremely valuable to share with other organizations.
7 Business white paper | Collaborative defense Enabling the solution Automation can speed the analysis, interpretation, and communication of threat information. Once analyzed, the results can be disseminated to allow for action to be taken in an automated manner. Policies can be applied, along with consistency in what is shared, and confidentiality of the source. As the spear phishing campaign spreads to additional organizations, all could be better prepared by participating in an automated threat information exchange. Conclusion Threats are not just increasing in frequency, they are more targeted and customized than ever before. The collaboration of marketplace adversaries makes the problems much more complex and provides a constant stream of new attack vectors. In the face of these threats, most enterprises are, understandably, overwhelmed. The IT industry can no longer block against specific adversaries; it’s now a marketplace of adversaries. Sharing actionable threat intelligence in a secure, confidential, and timely manner is key. The benefits of such a security clearinghouse are widely recognized, yet no practical technology to support bi-directional automated security data sharing has proven to be successful. Instead, organizations rely on emails, web forums, and other advisories that must be manually processed and acted upon. Manually tracking and processing this data creates a significant challenge for IT security departments and doesn’t scale well. Sharing information about the source and environment of attacks allows us, as a community, to quickly isolate malicious or compromised hosts. In addition, information related to adversary attack patterns helps identify new tools and methods that can assist research on new defense technology. Vendors like HP, with broad footprints in the security industry and leading security research, who can leverage vast amounts of real-time data, are best positioned to help solve this challenge.
Rate this documentShare with colleagues Sign up for updates hp.com/go/getupdated © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. 4AA4-6187ENW, September 2013 A Security Research foundation HP Security Research conducts innovative research and delivers intelligence to the full portfolio of HP Enterprise Security solutions, giving customers industry-leading protection against the latest threats. Security research publications and regular threat briefings complement the intelligence delivered through HP solutions and provide insight into the future of security and the most critical threats facing organizations today. Leading the company’s security research agenda, HP Security Research leverages existing HP research groups, including HP DVLabs, HP Fortify Software Security Research, and manages the Zero Day Initiative (ZDI). Research areas of focus include vulnerability, malware, threat actor, and software security with a focus on the technologies, industries, and geographies most relevant today. For the latest security research, visit hp.com/go/hpsr. Business white paper | Collaborative defense

Empfohlen

Guide to high volume data sources for SIEM
Guide to high volume data sources for SIEMGuide to high volume data sources for SIEM
Guide to high volume data sources for SIEMJoseph DeFever
 
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, Doha
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, DohaGCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, Doha
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, DohaSyed Peer
 
Brochure - Jan 14
Brochure - Jan 14Brochure - Jan 14
Brochure - Jan 14Dominic Vogel
 
Transforming Expectations for Treat-Intelligence Sharing
Transforming Expectations for Treat-Intelligence SharingTransforming Expectations for Treat-Intelligence Sharing
Transforming Expectations for Treat-Intelligence SharingEMC
 
STIX2-TAXII2_Update
STIX2-TAXII2_UpdateSTIX2-TAXII2_Update
STIX2-TAXII2_UpdateCyber Threat Intelligence Network (CTIN)
 
Cisco Yıllık GĂŒvenlik Raporu 2015
Cisco Yıllık GĂŒvenlik Raporu 2015Cisco Yıllık GĂŒvenlik Raporu 2015
Cisco Yıllık GĂŒvenlik Raporu 2015Marketing TĂŒrkiye
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceSyed Peer
 
w-cyber-risk-modeling Owasp cyber risk quantification 2018
w-cyber-risk-modeling Owasp cyber risk quantification 2018w-cyber-risk-modeling Owasp cyber risk quantification 2018
w-cyber-risk-modeling Owasp cyber risk quantification 2018Open Security Summit
 

Empfohlen

Guide to high volume data sources for SIEM
Guide to high volume data sources for SIEMGuide to high volume data sources for SIEM
Guide to high volume data sources for SIEMJoseph DeFever
 
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, Doha
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, DohaGCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, Doha
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, DohaSyed Peer
 
Brochure - Jan 14
Brochure - Jan 14Brochure - Jan 14
Brochure - Jan 14Dominic Vogel
 
Transforming Expectations for Treat-Intelligence Sharing
Transforming Expectations for Treat-Intelligence SharingTransforming Expectations for Treat-Intelligence Sharing
Transforming Expectations for Treat-Intelligence SharingEMC
 
STIX2-TAXII2_Update
STIX2-TAXII2_UpdateSTIX2-TAXII2_Update
STIX2-TAXII2_UpdateCyber Threat Intelligence Network (CTIN)
 
Cisco Yıllık GĂŒvenlik Raporu 2015
Cisco Yıllık GĂŒvenlik Raporu 2015Cisco Yıllık GĂŒvenlik Raporu 2015
Cisco Yıllık GĂŒvenlik Raporu 2015Marketing TĂŒrkiye
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceSyed Peer
 
w-cyber-risk-modeling Owasp cyber risk quantification 2018
w-cyber-risk-modeling Owasp cyber risk quantification 2018w-cyber-risk-modeling Owasp cyber risk quantification 2018
w-cyber-risk-modeling Owasp cyber risk quantification 2018Open Security Summit
 
CTO-Cybersecurity Forum-Angela McKay
CTO-Cybersecurity Forum-Angela McKayCTO-Cybersecurity Forum-Angela McKay
CTO-Cybersecurity Forum-Angela McKaysegughana
 
VFAC REVIEW issue12_extract_2016
VFAC REVIEW issue12_extract_2016VFAC REVIEW issue12_extract_2016
VFAC REVIEW issue12_extract_2016Cameron Brown
 
Technologies and Policies for a Defensible Cyberspace
Technologies and Policies for a Defensible CyberspaceTechnologies and Policies for a Defensible Cyberspace
Technologies and Policies for a Defensible Cyberspacemark-smith
 
A Proposed Model for Datacenter in -Depth Defense to Enhance Continual Security
A Proposed Model for Datacenter in -Depth Defense to Enhance Continual SecurityA Proposed Model for Datacenter in -Depth Defense to Enhance Continual Security
A Proposed Model for Datacenter in -Depth Defense to Enhance Continual SecurityHossam Al-Ansary
 
Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Global Business Events
 
Russian and Worldwide Internet Security Trends 2015
Russian and Worldwide Internet Security Trends 2015Russian and Worldwide Internet Security Trends 2015
Russian and Worldwide Internet Security Trends 2015Qrator Labs
 
The impact of a security breach on MSP's and their clients
The impact of a security breach on MSP's and their clientsThe impact of a security breach on MSP's and their clients
The impact of a security breach on MSP's and their clientsJose Lopez
 
From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworksAndréanne Clarke
 
Mergers & Acquisitions security - (ISC)2 Secure Summit DACH
Mergers & Acquisitions security - (ISC)2 Secure Summit DACHMergers & Acquisitions security - (ISC)2 Secure Summit DACH
Mergers & Acquisitions security - (ISC)2 Secure Summit DACHEQS Group
 
Cyberthreat Defense Report 2017 by Impreva
Cyberthreat Defense Report 2017 by ImprevaCyberthreat Defense Report 2017 by Impreva
Cyberthreat Defense Report 2017 by ImprevaGhader Ahmadi
 
Threat Activity Groups - Dragos
Threat Activity Groups - Dragos Threat Activity Groups - Dragos
Threat Activity Groups - Dragos Dragos, Inc.
 
Responding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacksResponding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacksIBM
 
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Minh Le
 
2017 FS-ISAC Security Conference
2017 FS-ISAC Security Conference2017 FS-ISAC Security Conference
2017 FS-ISAC Security ConferenceDavid Sweigert
 
Renewed Context for the Defense and Security Sector
Renewed Context for the Defense and Security SectorRenewed Context for the Defense and Security Sector
Renewed Context for the Defense and Security SectorCloudMask inc.
 
Introduction to PolySwarm
Introduction to PolySwarmIntroduction to PolySwarm
Introduction to PolySwarmBlakeReyes
 
Vendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskVendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskSarah Clarke
 
Ci2 cyber insurance presentation
Ci2 cyber insurance presentationCi2 cyber insurance presentation
Ci2 cyber insurance presentationEthan S. Burger
 
Addressing the Top 3 Real-world Security Challenges for Your IBM i Systems
Addressing the Top 3 Real-world Security Challenges for Your IBM i SystemsAddressing the Top 3 Real-world Security Challenges for Your IBM i Systems
Addressing the Top 3 Real-world Security Challenges for Your IBM i SystemsPrecisely
 
Dev ops intro
Dev ops introDev ops intro
Dev ops introLilian Schaffer
 
1st day 2 - blueprint
1st day 2 - blueprint1st day 2 - blueprint
1st day 2 - blueprintLilian Schaffer
 
Day 1 p4 - application lifecycle management
Day 1 p4 - application lifecycle managementDay 1 p4 - application lifecycle management
Day 1 p4 - application lifecycle managementLilian Schaffer
 

Weitere Àhnliche Inhalte

Was ist angesagt?

CTO-Cybersecurity Forum-Angela McKay
CTO-Cybersecurity Forum-Angela McKayCTO-Cybersecurity Forum-Angela McKay
CTO-Cybersecurity Forum-Angela McKaysegughana
 
VFAC REVIEW issue12_extract_2016
VFAC REVIEW issue12_extract_2016VFAC REVIEW issue12_extract_2016
VFAC REVIEW issue12_extract_2016Cameron Brown
 
Technologies and Policies for a Defensible Cyberspace
Technologies and Policies for a Defensible CyberspaceTechnologies and Policies for a Defensible Cyberspace
Technologies and Policies for a Defensible Cyberspacemark-smith
 
A Proposed Model for Datacenter in -Depth Defense to Enhance Continual Security
A Proposed Model for Datacenter in -Depth Defense to Enhance Continual SecurityA Proposed Model for Datacenter in -Depth Defense to Enhance Continual Security
A Proposed Model for Datacenter in -Depth Defense to Enhance Continual SecurityHossam Al-Ansary
 
Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Global Business Events
 
Russian and Worldwide Internet Security Trends 2015
Russian and Worldwide Internet Security Trends 2015Russian and Worldwide Internet Security Trends 2015
Russian and Worldwide Internet Security Trends 2015Qrator Labs
 
The impact of a security breach on MSP's and their clients
The impact of a security breach on MSP's and their clientsThe impact of a security breach on MSP's and their clients
The impact of a security breach on MSP's and their clientsJose Lopez
 
From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworksAndréanne Clarke
 
Mergers & Acquisitions security - (ISC)2 Secure Summit DACH
Mergers & Acquisitions security - (ISC)2 Secure Summit DACHMergers & Acquisitions security - (ISC)2 Secure Summit DACH
Mergers & Acquisitions security - (ISC)2 Secure Summit DACHEQS Group
 
Cyberthreat Defense Report 2017 by Impreva
Cyberthreat Defense Report 2017 by ImprevaCyberthreat Defense Report 2017 by Impreva
Cyberthreat Defense Report 2017 by ImprevaGhader Ahmadi
 
Threat Activity Groups - Dragos
Threat Activity Groups - Dragos Threat Activity Groups - Dragos
Threat Activity Groups - Dragos Dragos, Inc.
 
Responding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacksResponding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacksIBM
 
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Minh Le
 
2017 FS-ISAC Security Conference
2017 FS-ISAC Security Conference2017 FS-ISAC Security Conference
2017 FS-ISAC Security ConferenceDavid Sweigert
 
Renewed Context for the Defense and Security Sector
Renewed Context for the Defense and Security SectorRenewed Context for the Defense and Security Sector
Renewed Context for the Defense and Security SectorCloudMask inc.
 
Introduction to PolySwarm
Introduction to PolySwarmIntroduction to PolySwarm
Introduction to PolySwarmBlakeReyes
 
Vendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskVendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskSarah Clarke
 
Ci2 cyber insurance presentation
Ci2 cyber insurance presentationCi2 cyber insurance presentation
Ci2 cyber insurance presentationEthan S. Burger
 
Addressing the Top 3 Real-world Security Challenges for Your IBM i Systems
Addressing the Top 3 Real-world Security Challenges for Your IBM i SystemsAddressing the Top 3 Real-world Security Challenges for Your IBM i Systems
Addressing the Top 3 Real-world Security Challenges for Your IBM i SystemsPrecisely
 

Was ist angesagt? (19)

CTO-Cybersecurity Forum-Angela McKay
CTO-Cybersecurity Forum-Angela McKayCTO-Cybersecurity Forum-Angela McKay
CTO-Cybersecurity Forum-Angela McKay
 
VFAC REVIEW issue12_extract_2016
VFAC REVIEW issue12_extract_2016VFAC REVIEW issue12_extract_2016
VFAC REVIEW issue12_extract_2016
 
Technologies and Policies for a Defensible Cyberspace
Technologies and Policies for a Defensible CyberspaceTechnologies and Policies for a Defensible Cyberspace
Technologies and Policies for a Defensible Cyberspace
 
A Proposed Model for Datacenter in -Depth Defense to Enhance Continual Security
A Proposed Model for Datacenter in -Depth Defense to Enhance Continual SecurityA Proposed Model for Datacenter in -Depth Defense to Enhance Continual Security
A Proposed Model for Datacenter in -Depth Defense to Enhance Continual Security
 
Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?
 
Russian and Worldwide Internet Security Trends 2015
Russian and Worldwide Internet Security Trends 2015Russian and Worldwide Internet Security Trends 2015
Russian and Worldwide Internet Security Trends 2015
 
The impact of a security breach on MSP's and their clients
The impact of a security breach on MSP's and their clientsThe impact of a security breach on MSP's and their clients
The impact of a security breach on MSP's and their clients
 
From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworks
 
Mergers & Acquisitions security - (ISC)2 Secure Summit DACH
Mergers & Acquisitions security - (ISC)2 Secure Summit DACHMergers & Acquisitions security - (ISC)2 Secure Summit DACH
Mergers & Acquisitions security - (ISC)2 Secure Summit DACH
 
Cyberthreat Defense Report 2017 by Impreva
Cyberthreat Defense Report 2017 by ImprevaCyberthreat Defense Report 2017 by Impreva
Cyberthreat Defense Report 2017 by Impreva
 
Threat Activity Groups - Dragos
Threat Activity Groups - Dragos Threat Activity Groups - Dragos
Threat Activity Groups - Dragos
 
Responding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacksResponding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacks
 
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
 
2017 FS-ISAC Security Conference
2017 FS-ISAC Security Conference2017 FS-ISAC Security Conference
2017 FS-ISAC Security Conference
 
Renewed Context for the Defense and Security Sector
Renewed Context for the Defense and Security SectorRenewed Context for the Defense and Security Sector
Renewed Context for the Defense and Security Sector
 
Introduction to PolySwarm
Introduction to PolySwarmIntroduction to PolySwarm
Introduction to PolySwarm
 
Vendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskVendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the risk
 
Ci2 cyber insurance presentation
Ci2 cyber insurance presentationCi2 cyber insurance presentation
Ci2 cyber insurance presentation
 
Addressing the Top 3 Real-world Security Challenges for Your IBM i Systems
Addressing the Top 3 Real-world Security Challenges for Your IBM i SystemsAddressing the Top 3 Real-world Security Challenges for Your IBM i Systems
Addressing the Top 3 Real-world Security Challenges for Your IBM i Systems
 

Andere mochten auch

1st day 2 - blueprint
1st day 2 - blueprint1st day 2 - blueprint
1st day 2 - blueprintLilian Schaffer
 
Day 1 p4 - application lifecycle management
Day 1 p4 - application lifecycle managementDay 1 p4 - application lifecycle management
Day 1 p4 - application lifecycle managementLilian Schaffer
 
Product Owner Team - Agile Day Atlanta 2015
Product Owner Team - Agile Day Atlanta 2015Product Owner Team - Agile Day Atlanta 2015
Product Owner Team - Agile Day Atlanta 2015LeadingAgile
 
The Essential Product Owner - Partnering with the team
The Essential Product Owner - Partnering with the teamThe Essential Product Owner - Partnering with the team
The Essential Product Owner - Partnering with the teamCprime
 
Scaling Atlassian for the Enterprise
Scaling Atlassian for the EnterpriseScaling Atlassian for the Enterprise
Scaling Atlassian for the EnterpriseCprime
 
Ugly Truths About Scaling Agile
Ugly Truths About Scaling AgileUgly Truths About Scaling Agile
Ugly Truths About Scaling AgileCprime
 
10 Safe Essential Elements to Achieve the Benefits of SAFe
10 Safe Essential Elements to Achieve the Benefits of SAFe10 Safe Essential Elements to Achieve the Benefits of SAFe
10 Safe Essential Elements to Achieve the Benefits of SAFeCprime
 
Two-Speed IT: Making It Work!
Two-Speed IT: Making It Work!Two-Speed IT: Making It Work!
Two-Speed IT: Making It Work!North Highland
 
INNOVATION BLUEPRINTS FOR BIMODAL IT
INNOVATION BLUEPRINTS FOR BIMODAL ITINNOVATION BLUEPRINTS FOR BIMODAL IT
INNOVATION BLUEPRINTS FOR BIMODAL ITNVISIA
 
Why agile is failing in large enterprises
Why agile is failing in large enterprisesWhy agile is failing in large enterprises
Why agile is failing in large enterprisesLeadingAgile
 
Business Driving Agile Development at Scale - Teradata Partners Conference - ...
Business Driving Agile Development at Scale - Teradata Partners Conference - ...Business Driving Agile Development at Scale - Teradata Partners Conference - ...
Business Driving Agile Development at Scale - Teradata Partners Conference - ...Em Campbell-Pretty
 
Adopting the Scaled Agile Framework: The Theory and the Practice - Dallas ALN...
Adopting the Scaled Agile Framework: The Theory and the Practice - Dallas ALN...Adopting the Scaled Agile Framework: The Theory and the Practice - Dallas ALN...
Adopting the Scaled Agile Framework: The Theory and the Practice - Dallas ALN...Em Campbell-Pretty
 

Andere mochten auch (13)

Dev ops intro
Dev ops introDev ops intro
Dev ops intro
 
1st day 2 - blueprint
1st day 2 - blueprint1st day 2 - blueprint
1st day 2 - blueprint
 
Day 1 p4 - application lifecycle management
Day 1 p4 - application lifecycle managementDay 1 p4 - application lifecycle management
Day 1 p4 - application lifecycle management
 
Product Owner Team - Agile Day Atlanta 2015
Product Owner Team - Agile Day Atlanta 2015Product Owner Team - Agile Day Atlanta 2015
Product Owner Team - Agile Day Atlanta 2015
 
The Essential Product Owner - Partnering with the team
The Essential Product Owner - Partnering with the teamThe Essential Product Owner - Partnering with the team
The Essential Product Owner - Partnering with the team
 
Scaling Atlassian for the Enterprise
Scaling Atlassian for the EnterpriseScaling Atlassian for the Enterprise
Scaling Atlassian for the Enterprise
 
Ugly Truths About Scaling Agile
Ugly Truths About Scaling AgileUgly Truths About Scaling Agile
Ugly Truths About Scaling Agile
 
10 Safe Essential Elements to Achieve the Benefits of SAFe
10 Safe Essential Elements to Achieve the Benefits of SAFe10 Safe Essential Elements to Achieve the Benefits of SAFe
10 Safe Essential Elements to Achieve the Benefits of SAFe
 
Two-Speed IT: Making It Work!
Two-Speed IT: Making It Work!Two-Speed IT: Making It Work!
Two-Speed IT: Making It Work!
 
INNOVATION BLUEPRINTS FOR BIMODAL IT
INNOVATION BLUEPRINTS FOR BIMODAL ITINNOVATION BLUEPRINTS FOR BIMODAL IT
INNOVATION BLUEPRINTS FOR BIMODAL IT
 
Why agile is failing in large enterprises
Why agile is failing in large enterprisesWhy agile is failing in large enterprises
Why agile is failing in large enterprises
 
Business Driving Agile Development at Scale - Teradata Partners Conference - ...
Business Driving Agile Development at Scale - Teradata Partners Conference - ...Business Driving Agile Development at Scale - Teradata Partners Conference - ...
Business Driving Agile Development at Scale - Teradata Partners Conference - ...
 
Adopting the Scaled Agile Framework: The Theory and the Practice - Dallas ALN...
Adopting the Scaled Agile Framework: The Theory and the Practice - Dallas ALN...Adopting the Scaled Agile Framework: The Theory and the Practice - Dallas ALN...
Adopting the Scaled Agile Framework: The Theory and the Practice - Dallas ALN...
 

Ähnlich wie Collaborative Defence

Intelligence Sharing - The Silver Shield For Prevention Of Cybercrime.pdf
Intelligence Sharing - The Silver Shield For Prevention Of Cybercrime.pdfIntelligence Sharing - The Silver Shield For Prevention Of Cybercrime.pdf
Intelligence Sharing - The Silver Shield For Prevention Of Cybercrime.pdfDataSpace Academy
 
Outsmarting the Attackers A Deep Dive into Threat Intelligence.docx
Outsmarting the Attackers A Deep Dive into Threat Intelligence.docxOutsmarting the Attackers A Deep Dive into Threat Intelligence.docx
Outsmarting the Attackers A Deep Dive into Threat Intelligence.docxmanas23pgdm157
 
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018Panda Security
 
Internal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackInternal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackMekhi Da ‘Quay Daniels
 
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...itnewsafrica
 
CROs must be part of the cybersecurity solution by david x martin
CROs must be part of the cybersecurity solution by david x martinCROs must be part of the cybersecurity solution by david x martin
CROs must be part of the cybersecurity solution by david x martinDavid X Martin
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperCMR WORLD TECH
 
The Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksThe Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksTrend Micro
 
Symantec cyber-resilience
Symantec cyber-resilienceSymantec cyber-resilience
Symantec cyber-resilienceSymantec
 
Assess risks to IT security.pptx
Assess risks to IT security.pptxAssess risks to IT security.pptx
Assess risks to IT security.pptxlochanrajdahal
 
threat-lifecycle-management-whitepaper
threat-lifecycle-management-whitepaperthreat-lifecycle-management-whitepaper
threat-lifecycle-management-whitepaperRudy Piekarski
 
Threat Lifecycle Management_Whitepaper
Threat Lifecycle Management_WhitepaperThreat Lifecycle Management_Whitepaper
Threat Lifecycle Management_WhitepaperDuncan Hart
 
Analysis of personal information security behavior and awareness.docx
Analysis of personal information security behavior and awareness.docxAnalysis of personal information security behavior and awareness.docx
Analysis of personal information security behavior and awareness.docxdaniahendric
 
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINALDefending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINALMichael Bunn
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligenceseadeloitte
 
Understanding the black hat hacker eco system
Understanding the black hat hacker eco systemUnderstanding the black hat hacker eco system
Understanding the black hat hacker eco systemDavid Sweigert
 
2013 Incident Response Survey
2013 Incident Response Survey2013 Incident Response Survey
2013 Incident Response SurveyFireEye, Inc.
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyStephanie McVitty
 

Ähnlich wie Collaborative Defence (20)

Intelligence Sharing - The Silver Shield For Prevention Of Cybercrime.pdf
Intelligence Sharing - The Silver Shield For Prevention Of Cybercrime.pdfIntelligence Sharing - The Silver Shield For Prevention Of Cybercrime.pdf
Intelligence Sharing - The Silver Shield For Prevention Of Cybercrime.pdf
 
Outsmarting the Attackers A Deep Dive into Threat Intelligence.docx
Outsmarting the Attackers A Deep Dive into Threat Intelligence.docxOutsmarting the Attackers A Deep Dive into Threat Intelligence.docx
Outsmarting the Attackers A Deep Dive into Threat Intelligence.docx
 
Incident Response
Incident ResponseIncident Response
Incident Response
 
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
 
Internal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackInternal Threats: The New Sources of Attack
Internal Threats: The New Sources of Attack
 
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
 
CROs must be part of the cybersecurity solution by david x martin
CROs must be part of the cybersecurity solution by david x martinCROs must be part of the cybersecurity solution by david x martin
CROs must be part of the cybersecurity solution by david x martin
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaper
 
The Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksThe Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted Attacks
 
Symantec cyber-resilience
Symantec cyber-resilienceSymantec cyber-resilience
Symantec cyber-resilience
 
Assess risks to IT security.pptx
Assess risks to IT security.pptxAssess risks to IT security.pptx
Assess risks to IT security.pptx
 
threat-lifecycle-management-whitepaper
threat-lifecycle-management-whitepaperthreat-lifecycle-management-whitepaper
threat-lifecycle-management-whitepaper
 
Threat Lifecycle Management_Whitepaper
Threat Lifecycle Management_WhitepaperThreat Lifecycle Management_Whitepaper
Threat Lifecycle Management_Whitepaper
 
Analysis of personal information security behavior and awareness.docx
Analysis of personal information security behavior and awareness.docxAnalysis of personal information security behavior and awareness.docx
Analysis of personal information security behavior and awareness.docx
 
Avoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITAvoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of IT
 
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINALDefending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Understanding the black hat hacker eco system
Understanding the black hat hacker eco systemUnderstanding the black hat hacker eco system
Understanding the black hat hacker eco system
 
2013 Incident Response Survey
2013 Incident Response Survey2013 Incident Response Survey
2013 Incident Response Survey
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
 

Mehr von Lilian Schaffer

1st day 1 - hp and hp s oftware overview
1st day 1 - hp and hp s oftware overview1st day 1 - hp and hp s oftware overview
1st day 1 - hp and hp s oftware overviewLilian Schaffer
 
1st day 3 - agility vs risk
1st day 3 - agility vs risk1st day 3 - agility vs risk
1st day 3 - agility vs riskLilian Schaffer
 
1st day 4 - financial services & insurance technology trends and challenges
1st day 4 - financial services & insurance technology trends and challenges1st day 4 - financial services & insurance technology trends and challenges
1st day 4 - financial services & insurance technology trends and challengesLilian Schaffer
 
2nd day 1 - alm overview
2nd day 1 - alm overview 2nd day 1 - alm overview
2nd day 1 - alm overview Lilian Schaffer
 
2nd day 2 - bsm overview
2nd day 2 - bsm overview 2nd day 2 - bsm overview
2nd day 2 - bsm overview Lilian Schaffer
 
Project and portfolio management
Project and portfolio managementProject and portfolio management
Project and portfolio managementLilian Schaffer
 
It performance suite_overview_ebc_11062012
It performance suite_overview_ebc_11062012It performance suite_overview_ebc_11062012
It performance suite_overview_ebc_11062012Lilian Schaffer
 
Hp software strategy
Hp software strategyHp software strategy
Hp software strategyLilian Schaffer
 
Day 1 p1 time of remarkable change
Day 1 p1 time of remarkable changeDay 1 p1 time of remarkable change
Day 1 p1 time of remarkable changeLilian Schaffer
 
Day 1 p3 - project and portfolio management
Day 1 p3 - project and portfolio managementDay 1 p3 - project and portfolio management
Day 1 p3 - project and portfolio managementLilian Schaffer
 
Day 2 p1 - operate simply
Day 2 p1 - operate simplyDay 2 p1 - operate simply
Day 2 p1 - operate simplyLilian Schaffer
 
Day 2 p2 - business services management
Day 2 p2 - business services managementDay 2 p2 - business services management
Day 2 p2 - business services managementLilian Schaffer
 
Day 3 p2 - security
Day 3 p2 - securityDay 3 p2 - security
Day 3 p2 - securityLilian Schaffer
 

Mehr von Lilian Schaffer (20)

3rd day hp it
3rd day hp it3rd day hp it
3rd day hp it
 
3rd day big data
3rd day big data3rd day big data
3rd day big data
 
3rd day itsm
3rd day itsm3rd day itsm
3rd day itsm
 
1st day 1 - hp and hp s oftware overview
1st day 1 - hp and hp s oftware overview1st day 1 - hp and hp s oftware overview
1st day 1 - hp and hp s oftware overview
 
1st day 3 - agility vs risk
1st day 3 - agility vs risk1st day 3 - agility vs risk
1st day 3 - agility vs risk
 
1st day 4 - financial services & insurance technology trends and challenges
1st day 4 - financial services & insurance technology trends and challenges1st day 4 - financial services & insurance technology trends and challenges
1st day 4 - financial services & insurance technology trends and challenges
 
2nd day 1 - alm overview
2nd day 1 - alm overview 2nd day 1 - alm overview
2nd day 1 - alm overview
 
2nd day 2 - bsm overview
2nd day 2 - bsm overview 2nd day 2 - bsm overview
2nd day 2 - bsm overview
 
Hplabs overviewnn
Hplabs overviewnnHplabs overviewnn
Hplabs overviewnn
 
Project and portfolio management
Project and portfolio managementProject and portfolio management
Project and portfolio management
 
It performance suite_overview_ebc_11062012
It performance suite_overview_ebc_11062012It performance suite_overview_ebc_11062012
It performance suite_overview_ebc_11062012
 
Hp software strategy
Hp software strategyHp software strategy
Hp software strategy
 
Day 3 P5 Hp Art
Day 3 P5 Hp ArtDay 3 P5 Hp Art
Day 3 P5 Hp Art
 
Day 3 p5 - hp art
Day 3 p5 - hp artDay 3 p5 - hp art
Day 3 p5 - hp art
 
Day 1 p1 time of remarkable change
Day 1 p1 time of remarkable changeDay 1 p1 time of remarkable change
Day 1 p1 time of remarkable change
 
Day 1 p3 - project and portfolio management
Day 1 p3 - project and portfolio managementDay 1 p3 - project and portfolio management
Day 1 p3 - project and portfolio management
 
Day 2 p1 - operate simply
Day 2 p1 - operate simplyDay 2 p1 - operate simply
Day 2 p1 - operate simply
 
Day 2 p2 - business services management
Day 2 p2 - business services managementDay 2 p2 - business services management
Day 2 p2 - business services management
 
Day 3 p1 - itsm
Day 3 p1 - itsmDay 3 p1 - itsm
Day 3 p1 - itsm
 
Day 3 p2 - security
Day 3 p2 - securityDay 3 p2 - security
Day 3 p2 - security
 

KĂŒrzlich hochgeladen

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel AraĂșjo
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 

KĂŒrzlich hochgeladen (20)

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 

Collaborative Defence

  • 2. Business white paper | Collaborative defense Table of contents 3 Our adversaries are collaborating 3 The five stages of a cyber attack 4 There is no longer a single enemy 4 A bigger picture 5 Protecting your data through collaboration 5 Experience to build upon 6 Challenges to collaboration 6 Example: What to share and how? 7 Enabling the solution 7 Conclusion 8 A Security Research foundation
  • 3. Discovery Cyber attack life cycle Research Our enterprise Their ecosystem Capture Exfiltration Infiltration 3 Our adversaries are collaborating Today’s dynamic threat landscape requires that enterprises be more vigilant than ever when it comes to protecting sensitive data and information resources. The evolving nature of threats is a top security challenge that organizations face, and targeted attacks are on the rise. Cyber attacks are increasingly more sophisticated and organized. Adversaries specialize in different aspects of an attack and collaborate to achieve their objectives. In light of these advancements, current detection and response capabilities are inadequate and regular headlines about successful attacks demonstrate the impact on businesses. A notable example is the $45M ATM heist that spanned 2012-2013. USA Today reported on May 10, 2013 that an international gang of cyber thieves stole $45 million from thousands of ATMs with a carefully coordinated operation conducted in a matter of hours. There were two separate attacks on two different Indian credit card companies and two different Middle Eastern banks. In December, attackers stole $5M and in February, they snatched $40M in 10 hours using thousands of transactions. If the first bank had informed their peers, perhaps the second, larger theft could have been prevented. To combat collaborative attackers, enterprises must also collaborate to create a united defense. To understand how, let’s first look at the stages of a cyber attack. The five stages of a cyber attack There are distinct phases of a cyber attack. It’s important to understand that these stages may not always happen in a linear flow—some stages may occur at the same time or even repeat multiple times. The attack life cycle represents how far along an adversary has progressed in the attack and gauges the damage that has occurred. Business white paper | Collaborative defense
  • 4. 4 Business white paper | Collaborative defense 1. Research: Research drives the identification and selection of targets. The goal is to gather the necessary information to penetrate network and perimeter defenses in an undetected manner. 2. Infiltration: Infiltration is the act of placing a malicious payload into a delivery vehicle and delivering the weaponized bundle to the target environment. Adversaries often target vulnerable software systems at this phase and will attempt to clear any evidence of malicious activity. 3. Discovery: Once inside the enterprise, adversaries probe to identify intellectual property, sensitive data, or other targeted assets. When found, the adversary plans the necessary steps to take control of, or capture, the assets. 4. Capture: Until this phase, adversaries may have gained access to a broad range of systems and identified assets to target for exfiltration. In the capture phase, adversaries capture the assets and prepare the asset for exfiltration. 5. Exfiltration: The exfiltration phase involves shuttling the captured assets outside of the victim organization and typically marks the successful completion of a breach. There is no longer a single enemy Today, many actors specialize in narrow abilities related to different phases of the attack. Threat actors planning large operations combine the abilities of multiple specialized groups to achieve their goals, which effectively creates an ecosystem governed by market forces. This ecosystem is efficient at creating, sharing, and acting upon its security intelligence—utilizing sophisticated exploits and malware in long-term, multi-stage attack campaigns that target specific organizations. By combining a multitude of technical capabilities from different specialists, adversaries lead advanced attacks that are difficult, if not nearly impossible to detect. These adversaries pose more than a singular threat—they have developed into a marketplace. A bigger picture The marketplace adversary demonstrates persistence—with a larger strategic goal than any individual. The marketplace adversary is not deterred by early failures and there is a high probability that they will attack the same target repeatedly, utilizing diverse techniques, until they succeed. If the adversary is discovered, they will regroup and try again. A study conducted by Sathya Chandran Sundaramurthy and Sandeep Bhatt of HP Labs in Princeton, NJ, together with Marc Eisenbarth of HP TippingPoint, analyzed data from over 35 billion alerts recorded over a 5 year period by HP TippingPoint Intrusion Prevention System (IPS) devices located in over 1,000 customer networks worldwide. The collective data provides a rich view into the nature of attacks, both external and internal, across diverse networks. It reveals that the majority of customers were initial targets of less than 10 attacks, while three customers were early targets of over 100 attacks. These repeated, persistent attacks, suggest that is useful to share information useful to share information about early attack sightings with other organizations so they can determine their risk and any potential mitigations. (ACM Badgers 2012, Examining intrusion prevention system events from worldwide networks) An adversary may attempt to use a common exploit to compromise a target system making it possible to connect past attacks conducted by the same adversary. For instance, different proxies might be used to launch an attack, but with the same weaponized exploit payload. These seldom-changing properties of attacks help define the adversary’s behavioral profile. It’s recognizing and detecting these techniques that expedites the discovery of additional attacks.
  • 5. 5 Business white paper | Collaborative defense Protecting your data through collaboration In order to counter attacks from marketplace adversaries, government agencies and private organizations must learn from the adversaries and collaborate by sharing security intelligence. Organizations must be able to respond quickly and effectively in order to beat the adversaries at their own game. For this to be feasible at scale, the industry needs a system that allows organizations to collaborate and share threat intelligence information in a secure, confidential, and timely manner. Open collaboration can help organizations in a community avoid falling victim to attacks other community members have already experienced. In addition to details of an attack, a platform for sharing intelligence can be used to distribute the effort of analyzing evidence and sharing mitigations once they are developed. In some cases, better security intelligence can also be gleaned by combining data from various organizations that cannot be derived from any individual organization. However, it is not enough to simply share information. The key to effective collaboration is increased focus on risk management and incident response. Organizations who participate in the community must be clear about the expected outcomes and create a culture that promotes rapid, comprehensive information sharing. Doing so requires that organizations establish a climate where victims of cyber attack are confident to share details of the attacks against them. Sharing information and collaborating between organizations is possible—and has been shown to be highly effective. Experience to build upon Two examples of organizations that have been successful at facilitating defensive collaboration include the Financial Services Information Sharing and Analysis Center (FS-ISAC) and the Information Technology-Information Sharing and Analysis Center (IT-ISAC). There are several ISAC organizations, aligned by industries to help defend against threats. Members must be vetted to participate. The ISAC organizations understand that when an attack occurs, an early warning can be the difference between business continuity and catastrophe. In the case of a threat, members of these groups are given information that is specifically designed to help protect critical systems and assets from physical and cyber security threats. In addition, these groups have specialized forums dedicated to risk management for participating firms. Members participate in collaboration efforts to strengthen the IT infrastructure through cyber information sharing and analysis. Collaboration helps their members improve incident response. These groups demonstrate some of the most recent examples of successful collaboration yet they still do not solve the problem. Much of the information exchange remains a manual effort. HP’s Zero Day Initiative, or ZDI, is another example of information sharing with a goal of helping companies identify threats early in order to block malicious traffic that may take advantage of new vulnerabilities. Launched in 2005, ZDI’s purpose is to augment HP DVLabs research with the additional zero day research from external researchers by offering financial rewards for submitting novel, verifiable vulnerabilities. While the ZDI team works with the impacted vendor to develop a patch, customers are protected by filters that, when possible, protect against the vulnerability. The manner in which the ZDI filters are developed minimizes the chance that adversaries will discover the details of the vulnerability before a patch is released while maximizing the protection provided to the community. While highly effective, ZDI filters only benefit HP TippingPoint customers.
  • 6. 6 Business white paper | Collaborative defense The benefits of sharing intelligence are widely recognized, but the practice has been ad hoc in terms of both the content shared (‘focused narrowly on a few security indicators) and the means by which the content is shared (generated and consumed manually via email and web forums). Because of this, follow-on actions for the recipients of new intelligence are often unclear as are guidelines for what can be shared with whom and when. These concerns often make organizations unwilling to participate in information sharing. Threat feeds can be difficult to interpret and digest and the volume can be overwhelming. As security standards evolve and concerns grow about the instability of critical infrastructures, there is a strong push to develop a trusted framework for exchanging security intelligence. Challenges to collaboration Sharing security intelligence raises a number of important questions - for instance: What type of data will be shared and what will remain outside the scope of the exchange? Where and how will information be generated and consumed by participating organizations? How will the data be represented, stored, searched, and analyzed? How trustworthy are the results? Example: What to share and how? Consider the case of a spear phishing email. In a classic spear-phishing attack, the victim might receive an seemingly legitimate email that includes a malicious attachment or that directs the victim to a malicious webpage in a guise to learn logon credentials or to utilize a browser exploit to download malware to the victim’s computer. Spear-phishing webpages often resemble authentic pages on the victim’s corporate intranet or externally hosted sites intended for legitimate activities (reviewing health insurance, employee benefits, etc.). In these cases, it can be difficult to distinguish between legitimate links and malicious copies. With proper security awareness training, the recipient may find the email suspicious and forward the email to a security analyst to investigate. The analyst determines that this is a new phishing attempt and it would be useful for other organizations to be aware of this attack. What information should the analyst share and how? There are several subtleties involved in this example. Simply sharing the threatening email is not enough. An analyst examining the mail will perform several actions, such as: 1. Look at the source IP address and determine the owner to see if the address is the origin of any previous attacks. 2. Check to see if there are any hyperlinks in the message text and, if there are, see if the target of the link is a known bad or suspicious domain. 3. Examine all attachments to see if these contain any hidden malware or executables. 4. Consider the text of the email to see what information is being requested, and whether the name of the sender matches the sender’s legitimate email address. It is likely that the majority of the information gleaned by the analyst could be extremely valuable to share with other organizations.
  • 7. 7 Business white paper | Collaborative defense Enabling the solution Automation can speed the analysis, interpretation, and communication of threat information. Once analyzed, the results can be disseminated to allow for action to be taken in an automated manner. Policies can be applied, along with consistency in what is shared, and confidentiality of the source. As the spear phishing campaign spreads to additional organizations, all could be better prepared by participating in an automated threat information exchange. Conclusion Threats are not just increasing in frequency, they are more targeted and customized than ever before. The collaboration of marketplace adversaries makes the problems much more complex and provides a constant stream of new attack vectors. In the face of these threats, most enterprises are, understandably, overwhelmed. The IT industry can no longer block against specific adversaries; it’s now a marketplace of adversaries. Sharing actionable threat intelligence in a secure, confidential, and timely manner is key. The benefits of such a security clearinghouse are widely recognized, yet no practical technology to support bi-directional automated security data sharing has proven to be successful. Instead, organizations rely on emails, web forums, and other advisories that must be manually processed and acted upon. Manually tracking and processing this data creates a significant challenge for IT security departments and doesn’t scale well. Sharing information about the source and environment of attacks allows us, as a community, to quickly isolate malicious or compromised hosts. In addition, information related to adversary attack patterns helps identify new tools and methods that can assist research on new defense technology. Vendors like HP, with broad footprints in the security industry and leading security research, who can leverage vast amounts of real-time data, are best positioned to help solve this challenge.
  • 8. Rate this documentShare with colleagues Sign up for updates hp.com/go/getupdated © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. 4AA4-6187ENW, September 2013 A Security Research foundation HP Security Research conducts innovative research and delivers intelligence to the full portfolio of HP Enterprise Security solutions, giving customers industry-leading protection against the latest threats. Security research publications and regular threat briefings complement the intelligence delivered through HP solutions and provide insight into the future of security and the most critical threats facing organizations today. Leading the company’s security research agenda, HP Security Research leverages existing HP research groups, including HP DVLabs, HP Fortify Software Security Research, and manages the Zero Day Initiative (ZDI). Research areas of focus include vulnerability, malware, threat actor, and software security with a focus on the technologies, industries, and geographies most relevant today. For the latest security research, visit hp.com/go/hpsr. Business white paper | Collaborative defense