Connect & Inspire Cyber Security
•Als PPTX, PDF herunterladen•
0 gefällt mir•291 views
Cristian Pațachia-Sultănoiu in Bucharest, Romania on November 8-9th 2018 at DefCamp #9. The videos and other presentations can be found on https://def.camp/archive
Empfohlen
Weitere ähnliche Inhalte
Ähnlich wie Connect & Inspire Cyber Security
Ähnlich wie Connect & Inspire Cyber Security (20)
Mehr von DefCamp
Mehr von DefCamp (20)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
Connect & Inspire Cyber Security
- 1. 1 Connect & Inspire November 8th, 2018 Bucuresti Cristian Patachia Development & Innovation Manager
- 2. 2 +850 participants, 2015 +1,100 participants, 2016 +1,700 participants, 2018 +1,400 participants, 2017
- 3. 3 Browsing Communication / Messaging DL/UL/Gaming Mail Other Data Services Streaming Orange Romania: Video streaming share in total traffic grew by 14 percentage points in less than 3 years 2015 2018 58%44%
- 4. 4 Orange Romania Exponential growth in traffic
- 5. 5 Orange Romania Cell traffic evolution in 2017
- 6. 6 from the time spent by smartphones users is related to apps ~70%75% ~70% ~90% from smartphones users are looking for music video and funny clips from smartphones users are Instagram users from smartphones users are Facebook users
- 7. 7 The Internet of Things is going to change the world. For everyone.
- 8. 8 “Smart Territories” dashboards IoT midleware [Live Objects] storage security compute visualization flexible connectivity options 2G/3G/4G, Wi-Fi, Bluetooth, LoRaWAN, LTE-M actuator sensor actuator sensor public data sets sensor Open platform and IoT connectivity To support you in each step of your data journey
- 9. 9 LoRa Sigfox NB-IoT (+range) 2G, 3G, 4G LTE-M (+latency) Licensed networks Unlicensed High battery performance, very low throughput Medium battery performance, medium throughput Complex deployment (require hardware installation) Easy deployment (software upgrade in most of the cases) Low Power technologies use cases
- 10. 10 LTE-M National availability of LTE-M as the most appropriate technology for the widest range of current and future cases 3137localities
- 11. 11 Hacking at the ECSC day 1, 17:00 - 17:30, track#1 ‘unsecured’ Wi-Fi Using ML to detect complex threats day 1, 11:30 - 12:15, track#1 RESISTO masterclass for critical infra day 2, 11:00 - 13:30, Praga Threat Map Orange Fab for startups Who is Hiring? Orange stand
- 12. Threat Map Real time threat analytics from data gathered from Orange Business Internet Security Agents deployed across Romania https://bis-threatmap.orange.ro
- 13. Are you vulnerable? Find out if your website is vulnerable to cyber threats by using Threat Map’s advanced security scanning engines: Web Security Scanner CMS Specific Scanner (for Drupal, Joomla, WordPress) APT Watering Hole Malware Detection Engine RO Hacked Database Detailed Reports on found vulnerabilities, malware and remediation techniques https://bis-threatmap.orange.ro
- 14. Scan Results 100 Websites We gathered info from the non-intrusive scanning of 100 of the most visited Romanian websites. Previously Hacked: One of the 100 websites we scanned was reported as previously hacked by rohacked.ro database 289 Low Vulnerabilities 34 Critical / High Vulnerabilities Found server-side, across the websites we scanned such as CVE-2012-2376 80 Medium Vulnerabilities
- 15. APT Hunter, Watering Hole & Cryptojacking Detection Advanced Secure Remote Access and Website Isolation platform On-line security audit framework
- 16. day 2, 11:15 – 12:00, track #2 Cyber Sec Startups – Orange Fab
- 17. Appsulate Bug Bounty 3 major goals: – Break Appsulate Sandbox and compromise it’s security – Ability to exfiltrate information from given websites outside of Appsulate – Ability to bypass authentication and access a shielded application from an untrusted endpoint Scoring: https://bugcrowd.com/vulnerability-rating-taxonomy Details: Appsulate stand, alex@appsulate.com P1 - $300 - $500 P2 - $150 - $300 P3 - $100 P4 - T-Shirt, Mugs and Pens Prizes:
- 19. today, 17:00 – 17:30, track #1http://www.cybersecuritychallenge.ro
- 21. RESISTO MasterClassday 1, 11:00 – 13:30, Praga room Horizon 2020 Project Large Enterprises C.I. Operators Universities Research & Technology Organizations Consortium of 19 partners Holistic Approach to Situation Awareness Innovative Risk & Resilience & Improvement Process Mng Decision Support System Protection against cyber- physical threats Modeled on state-of-the art technologies (Machine Learning, IoT, Block chain, Airborne Threat Detection, Holistic A-V analytics) The RESISTO project has received funding from the European Union’s Horizon 2020 Research and Innovation Programme under Grant Agreement No786409. RESIlience enhancement and risk control platform for communication infraSTructure Operators http://www.resistoproject.eu/
- 22. An insightful presentation on using Machine Learning, Log Analysis and Correlation to complement our ‘traditional’ security technologies in order to detect and mitigate complex threats today, 11:30 – 12:15, track #1
- 23. Business Internet Security Report H1-2018 threats, trends by type, industry vertical ORO managed security service H1 of 2018, national level IoT impact key takeaways what’s coming next
- 24. 24 We are here to fuel your business innovation. Thank you.
Hinweis der Redaktion
- The conference focus is to connect & inspire. To create a highly interconnected community that supports the individual members driven by the passion of IT security and ensures the research development success in Europe. DefCamp built in time a global community, welcoming people from every culture who seek a deeper understanding of the information security mysteries and who seek other people with similar skillset.
- + 5050
- From one year to another we see exponential growth in our data traffic. For example, at European level it is expected to account for 80% of traffic by 2021. At Orange Romania only, video streaming share in total traffic grew by 14 percentage points in less than 3 years. This behavior will be prevalent not only on the move, but at home as well. In the years to come, the traffic will continue to rely on a strong, heavily densified 4G network. Traffic 3,84 milioane de clienţi 4G, +34% Q3 2018 vs Q3 2017. 80% consum de date mobile Q3 2018 vs Q3 2017. Acoperire 95.9% din populaţia ţării la final de septembrie 2018 În luna septembrie, reţeaua Orange a fost reconfirmată drept cea mai bună reţea de voce şi date din România conform studiului comparativ realizat la nivel naţional în perioada iunie-iulie 2018, de către Systemics PAB. Totodată, Orange a primit recunoașterea de „Cea mai rapidă reţea mobilă din România” prin rezultatele Speedtest by Ookla, ca urmare a testelor realizate chiar de către utilizatorii de reţele mobile din România.
- While 5G is the future, 4G is now the strong backbone in a world that gets increasingly connected. Ericsson Mobility report – traffic will increase 9 times by 2022. By 2025, a third of this increased traffic will be over 5G. In our network, demand for traffic is skyrocketing – in just 3 years it has grown 10 times, which shows, on one hand, the growing usage of devices per user and the data hungry content that is accessed. In 2018 we see the same trend - with traffic almost doubling YoY Moreover, thanks to a network upgrade back in March, Romanian customers can reach speeds up to 500MBps in 161 cities over the 4G+ network. (end of Q3 2018)
- Folosind noua modulație pentru tehnologia 4G+, crește eficiența celulei și vom putea deservi mai multe dispozitive compatibile. Studiile arată o creștere a capacității celulei cu ~30-40%. În condițiile în care numărul de utilizatori 4G crește spectaculos de la an la an, la fel ca și traficul de date mobile, este clar de ce este necesară o astfel de evoluție. Ca sa facem un zoom in pe ce vedem noi in retea, va putem da ex unui site unde, pe parcursulul anului 2017, traficul s-a dublat. Aceasta crestere de trafic se reflecta si la nivelul retelei. Ne dorim să aducem reţeaua mai aproape de oameni. De aceea vom continua să investim prioritar în extinderea rețelei pentru a facilita accesul cât mai multor clienți la beneficiile tehnologiei 4G. We notice here the 4G users evolution since 2016. It grows by more than a million yearly. These increases have been supported by the increased availability of compatible devices and by the expansion and densification of our network.
- In 2010, 75% of time spent using smartphones involved using voice call and SMS features. Today, 75% of time spent using smartphones involves apps. (Orange Group data) According to Orange Romania studies: 7 out of 10 ORO smartphone users look for music video and funny clips. These are the most watched video content types. 9 out of 10 ORO smartphone users use Facebook and 7 out of 10 use Instagram. ORO smartphone users spend on average 166 minutes on Facebook and 103 on YouTube, daily Strategic steering of innovation internal Orange (03. Mastering digital life) Pictures, video and audio files are the most shared materials. Orange smartphone users usually search information about the weather, products and services, discounts and promotions. (Orange Ro data, according to study on customer base)
- IoT must be inclusive, smart and trusted. - It offers new opportunities to make progress - An inclusive, smart and trusted technology ORO is building an open ecosystem for the IoT - Partnerships - Starting the conversation Ecosystem’s stakeholders: - device manufacturers - service providers - Integrators - industrial corporates - standards organizations
- We bring together the necessary expertise to support you in each step of your data journey.
- Threatmap is a platform that offers real-time attack information, statistics and insights on latest threats. We anonimize and publicize data we gather from our sensors in our Business Internet Security MSSP. This data stems from the datasets we feed our ML machines with. Threatmap has one particular feature both users and us find very appealing: it uses 4 scanning engines to evaluate the security of yours (or any) websites out there. Most users will use this feature to check their own websites or the websites they usually visit. We’re constantly monitoring websites flagged as suspicious for APT delivery, watering hole attacks, phishing schemes etc. Threatmap uses 4 advanced scanning engines: -a OWASP –Top 10 web vulnerability scanner that will audit the webserver and services used to host the scanned websites; -a CMS-specific vulnerability scanner that searches for weaknesses found in platforms like Wordpress, Joomla etc.; -a APT-Watering Hole Malware scanner called Dekeneas that uses advanced Machine Learning to evaluate scripts running on target websites and runs them in fast spin-up sandboxes and evaluates their output; -a database of previously reported hacks.
- CVE-2012-2376 Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types, as exploited in the wild in May 2012.
- The first edition of this report highlights the threats, trends and the key takeaways collected at statistical level from our managed security service "Business Internet Security (BIS)", in the first half of 2018, on a national level. It also provides context on the evolving nature of cyber security, offering valuable insights on what’s coming next.
- The first edition of this report highlights the threats, trends and the key takeaways collected at statistical level from our managed security service "Business Internet Security (BIS)", in the first half of 2018, on a national level. It also provides context on the evolving nature of cyber security, offering valuable insights on what’s coming next.
- The first edition of this report highlights the threats, trends and the key takeaways collected at statistical level from our managed security service "Business Internet Security (BIS)", in the first half of 2018, on a national level. It also provides context on the evolving nature of cyber security, offering valuable insights on what’s coming next.
- The first edition of this report highlights the threats, trends and the key takeaways collected at statistical level from our managed security service "Business Internet Security (BIS)", in the first half of 2018, on a national level. It also provides context on the evolving nature of cyber security, offering valuable insights on what’s coming next.
- The first edition of this report highlights the threats, trends and the key takeaways collected at statistical level from our managed security service "Business Internet Security (BIS)", in the first half of 2018, on a national level. It also provides context on the evolving nature of cyber security, offering valuable insights on what’s coming next.
- The first edition of this report highlights the threats, trends and the key takeaways collected at statistical level from our managed security service "Business Internet Security (BIS)", in the first half of 2018, on a national level. It also provides context on the evolving nature of cyber security, offering valuable insights on what’s coming next.
- The first edition of this report highlights the threats, trends and the key takeaways collected at statistical level from our managed security service "Business Internet Security (BIS)", in the first half of 2018, on a national level. It also provides context on the evolving nature of cyber security, offering valuable insights on what’s coming next.